[UPDATED] Fedora Legacy Test Update Notification: kernel (fc1)

Marc Deslauriers marcdeslauriers at videotron.ca
Sun Mar 5 19:21:28 UTC 2006


These packages were updated to fix an incorrect patch that caused
instability under heavy load.

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2006-157459-2
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=157459
2006-03-05
---------------------------------------------------------------------

Name        : kernel
Versions    : fc1: kernel-2.4.22-1.2199.8.legacy.nptl
Summary     : The Linux kernel (the core of the Linux operating system).
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of
the Red Hat Linux operating system. The kernel handles the basic
functions of the operating system: memory allocation, process
allocation, device input and output, etc.

---------------------------------------------------------------------
Update Information:

Updated kernel packages that fix several security issues are now
available.

The Linux kernel handles the basic functions of the operating system.

These new kernel packages contain fixes for the security issues
described below:

- a flaw in network IGMP processing that a allowed a remote user on the
local network to cause a denial of service (disabling of multicast
reports) if the system is running multicast applications (CVE-2002-2185)

- a recent Internet Draft by Fernando Gont recommended that ICMP Source
Quench messages be ignored by hosts. A patch to ignore these messages is
included. (CVE-2004-0791)

- flaws in ptrace() syscall handling on AMD64 and Intel EM64T systems
that allowed a local user to cause a denial of service (crash)
(CAN-2005-0756, CAN-2005-1762, CAN-2005-2553)

- a flaw between execve() syscall handling and core dumping of
ELF-format executables allowed local unprivileged users to cause a
denial of service (system crash) or possibly gain privileges
(CVE-2005-1263)

- a flaw in gzip/zlib handling internal to the kernel that may allow a
local user to cause a denial of service (crash) (CVE-2005-2458)

- a flaw in sendmsg() syscall handling on 64-bit systems that allowed
a local user to cause a denial of service or potentially gain
privileges (CAN-2005-2490)

- a flaw in exec() handling on some 64-bit architectures that allowed
a local user to cause a denial of service (crash) (CVE-2005-2708)

- a flaw in procfs handling during unloading of modules that allowed a
local user to cause a denial of service or potentially gain privileges
(CVE-2005-2709)

- a flaw in IPv6 network UDP port hash table lookups that allowed a
local user to cause a denial of service (hang) (CVE-2005-2973)

- a flaw in 32-bit-compat handling of the TIOCGDEV ioctl that allowed
a local user to cause a denial of service (crash) (CVE-2005-3044)

- a network buffer info leak using the orinoco driver that allowed
a remote user to possibly view uninitialized data (CVE-2005-3180)

- a flaw in IPv4 network TCP and UDP netfilter handling that allowed
a local user to cause a denial of service (crash) (CVE-2005-3275)

- a minor info leak with the get_thread_area() syscall that allowed
a local user to view uninitialized kernel stack data (CVE-2005-3276)

- a flaw in the IPv6 flowlabel code that allowed a local user to cause a
denial of service (crash) (CVE-2005-3806)

- a flaw in file lease time-out handling that allowed a local user to
cause a denial of service (log file overflow) (CVE-2005-3857)

All users are advised to upgrade their kernels to the packages
associated with their machine architectures and configurations as listed
in this erratum.

---------------------------------------------------------------------
Changelogs

fc1:
* Fri Mar 03 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.4.22-1.2199.8.legacy.nptl
- Fixed the broken CVE-2005-0749 patch that was causing unstability

* Fri Feb 17 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.4.22-1.2199.7.legacy.nptl
- Added patch for CVE-2002-2185 (potential IGMP DoS)

* Thu Feb 02 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.4.22-1.2199.6.legacy.nptl
- Added patches for:
  CVE-2004-0791 (source quench DoS)
  CVE-2005-0756 (ptrace-check-segment x86_64 crash)
  CVE-2005-1263 (ELF core dump privilege elevation)
  CVE-2005-1762 (ptrace can induce double-fault on x86_64)
  CVE-2005-2458 (gzip/zlib flaws)
  CVE-2005-2490 (compat layer sendmsg() races)
  CVE-2005-2553 (32-bit ptrace find_target() oops)
  CVE-2005-2708 (user code panics kernel in exec.c)
  CVE-2005-2709 (sysctl races)
  CVE-2005-2973 (ipv6 infinite loop)
  CVE-2005-3044 (lost fput and sockfd_put could lead to DoS)
  CVE-2005-3180 (orinoco driver information leakage)
  CVE-2005-3275 (NAT DoS)
  CVE-2005-3276 (sys_get_thread_area minor info leak)
  CVE-2005-3806 (ipv6 flowlabel DOS)
  CVE-2005-3857 (lease printk DoS)

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

fc1:
5ec641496db89906ce3e587bda826b38f0e2b2b4
fedora/1/updates-testing/i386/kernel-2.4.22-1.2199.8.legacy.nptl.athlon.rpm
70e345e1ff5427a4aa41fb4b72155e6ba73fcc38
fedora/1/updates-testing/i386/kernel-2.4.22-1.2199.8.legacy.nptl.i586.rpm
a8b7fe13256306a237f7bbbcbabd9f20223d4ed9
fedora/1/updates-testing/i386/kernel-2.4.22-1.2199.8.legacy.nptl.i686.rpm
3917adb45e830432e875092aca7c7447eb2c8363
fedora/1/updates-testing/i386/kernel-BOOT-2.4.22-1.2199.8.legacy.nptl.i386.rpm
337feb3c89f824fe1191cdf9332497e84effe122
fedora/1/updates-testing/i386/kernel-doc-2.4.22-1.2199.8.legacy.nptl.i386.rpm
e015d687b7cb7ce56396d0199686e9ea182adb1e
fedora/1/updates-testing/i386/kernel-smp-2.4.22-1.2199.8.legacy.nptl.athlon.rpm
157b2e6c26d187f9706d201e60ee1ea025cbec1c
fedora/1/updates-testing/i386/kernel-smp-2.4.22-1.2199.8.legacy.nptl.i586.rpm
987d9826216bdeadfdc364aaa1a8272a11a5c478
fedora/1/updates-testing/i386/kernel-smp-2.4.22-1.2199.8.legacy.nptl.i686.rpm
4d4b7eae72326f73abb03a6833b767ab1170e3e9
fedora/1/updates-testing/i386/kernel-source-2.4.22-1.2199.8.legacy.nptl.i386.rpm
973e0e5c1916951e9fac3dcf02999969e6da102d
fedora/1/updates-testing/SRPMS/kernel-2.4.22-1.2199.8.legacy.nptl.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20060305/f42bae4b/attachment.sig>


More information about the fedora-legacy-list mailing list