--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2006-157459-1 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=157459 2006-02-20 --------------------------------------------------------------------- Name : kernel Versions : rh7.3: kernel-2.4.20-45.7.legacy Versions : rh9: kernel-2.4.20-45.9.legacy Summary : The Linux kernel (the core of the Linux operating system). Description : The kernel package contains the Linux kernel (vmlinuz), the core of the Red Hat Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. --------------------------------------------------------------------- Update Information: Updated kernel packages that fix several security issues are now available. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below: - a flaw in network IGMP processing that a allowed a remote user on the local network to cause a denial of service (disabling of multicast reports) if the system is running multicast applications (CVE-2002-2185) - a recent Internet Draft by Fernando Gont recommended that ICMP Source Quench messages be ignored by hosts. A patch to ignore these messages is included. (CVE-2004-0791) - flaws in the coda module that allowed denial-of-service attacks (crashes) or local privilege escalations (CVE-2005-0124) - a flaw between execve() syscall handling and core dumping of ELF-format executables allowed local unprivileged users to cause a denial of service (system crash) or possibly gain privileges (CVE-2005-1263) - a flaw in gzip/zlib handling internal to the kernel that may allow a local user to cause a denial of service (crash) (CVE-2005-2458) - a flaw in sendmsg() syscall handling on 64-bit systems that allowed a local user to cause a denial of service or potentially gain privileges (CAN-2005-2490) - a flaw in exec() handling on some 64-bit architectures that allowed a local user to cause a denial of service (crash) (CVE-2005-2708) - a flaw in procfs handling during unloading of modules that allowed a local user to cause a denial of service or potentially gain privileges (CVE-2005-2709) - a flaw in IPv6 network UDP port hash table lookups that allowed a local user to cause a denial of service (hang) (CVE-2005-2973) - a network buffer info leak using the orinoco driver that allowed a remote user to possibly view uninitialized data (CVE-2005-3180) - a flaw in the packet radio ROSE protocol that allowed a user to trigger out-of-bounds errors. (CVE-2005-3273) - a flaw in IPv4 network TCP and UDP netfilter handling that allowed a local user to cause a denial of service (crash) (CVE-2005-3275) - a minor info leak with the get_thread_area() syscall that allowed a local user to view uninitialized kernel stack data (CVE-2005-3276) - a flaw in the IPv6 flowlabel code that allowed a local user to cause a denial of service (crash) (CVE-2005-3806) - a flaw in file lease time-out handling that allowed a local user to cause a denial of service (log file overflow) (CVE-2005-3857) All users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. --------------------------------------------------------------------- Changelogs rh73: * Sat Feb 04 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 2.4.20-45.9.legacy - Removed CVE-2005-3044 patch (it was 64-bit only) - Fixed CVE-2005-2709 patch - Added patch for CVE-2002-2185 (potential IGMP DoS) * Fri Feb 03 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 2.4.20-44.9.legacy - Added patches for: CVE-2004-0791 (source quench DoS) CVE-2005-0124 (coda fs flaw) CVE-2005-1263 (ELF core dump privilege elevation) CVE-2005-2458 (gzip/zlib flaws) CVE-2005-2490 (compat layer sendmsg() races) CVE-2005-2708 (user code panics kernel in exec.c) CVE-2005-2709 (sysctl races) CVE-2005-2973 (ipv6 infinite loop) CVE-2005-3044 (lost fput and sockfd_put could lead to DoS) CVE-2005-3180 (orinoco driver information leakage) CVE-2005-3273 (ROSE ndigis verification) CVE-2005-3275 (NAT DoS) CVE-2005-3276 (sys_get_thread_area minor info leak) CVE-2005-3806 (ipv6 flowlabel DOS) CVE-2005-3857 (lease printk DoS) rh9: * Sat Feb 04 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 2.4.20-45.9.legacy - Removed CVE-2005-3044 patch (it was 64-bit only) - Fixed CVE-2005-2709 patch - Added patch for CVE-2002-2185 (potential IGMP DoS) * Fri Feb 03 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 2.4.20-44.9.legacy - Added patches for: CVE-2004-0791 (source quench DoS) CVE-2005-0124 (coda fs flaw) CVE-2005-1263 (ELF core dump privilege elevation) CVE-2005-2458 (gzip/zlib flaws) CVE-2005-2490 (compat layer sendmsg() races) CVE-2005-2708 (user code panics kernel in exec.c) CVE-2005-2709 (sysctl races) CVE-2005-2973 (ipv6 infinite loop) CVE-2005-3044 (lost fput and sockfd_put could lead to DoS) CVE-2005-3180 (orinoco driver information leakage) CVE-2005-3273 (ROSE ndigis verification) CVE-2005-3275 (NAT DoS) CVE-2005-3276 (sys_get_thread_area minor info leak) CVE-2005-3806 (ipv6 flowlabel DOS) CVE-2005-3857 (lease printk DoS) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh7.3: 95b69624330b0f8e68f49abf74ecc23c570ae4b5 redhat/7.3/updates-testing/i386/kernel-2.4.20-45.7.legacy.athlon.rpm 3d3077374f86a53920a3a0c69cbbb06e831f24d3 redhat/7.3/updates-testing/i386/kernel-2.4.20-45.7.legacy.i386.rpm 778142537201606c53c3d019236c2760429dbe3d redhat/7.3/updates-testing/i386/kernel-2.4.20-45.7.legacy.i586.rpm 488df87ec8914c665f2509688a06dbb7dc5cf476 redhat/7.3/updates-testing/i386/kernel-2.4.20-45.7.legacy.i686.rpm 35a542d7ed5e2dff70e6ebeb15dc63db3a5a22ed redhat/7.3/updates-testing/i386/kernel-bigmem-2.4.20-45.7.legacy.i686.rpm 102da0ff1569535bbc7d9aca3e2a561023acb57e redhat/7.3/updates-testing/i386/kernel-BOOT-2.4.20-45.7.legacy.i386.rpm 8e212adf8bfc35be7dc76ddc5a953f284afb6999 redhat/7.3/updates-testing/i386/kernel-doc-2.4.20-45.7.legacy.i386.rpm b7028d0d870b89f6458bb84327cb027c3d9ec5d1 redhat/7.3/updates-testing/i386/kernel-smp-2.4.20-45.7.legacy.athlon.rpm 2943f4978adeb9f53c50188662408a23634e302b redhat/7.3/updates-testing/i386/kernel-smp-2.4.20-45.7.legacy.i586.rpm 4035b35ddeac849f735c8ad5cde1a7bb3fef5e21 redhat/7.3/updates-testing/i386/kernel-smp-2.4.20-45.7.legacy.i686.rpm d242481b1d858a51630249cce33c21e228c46e07 redhat/7.3/updates-testing/i386/kernel-source-2.4.20-45.7.legacy.i386.rpm 89fbef5527f3eca6d425fa9ea19279d5f68bd5e2 redhat/7.3/updates-testing/SRPMS/kernel-2.4.20-45.7.legacy.src.rpm rh9: 79715461d8828d7234ec6b869bc4194c2a79b361 redhat/9/updates-testing/i386/kernel-2.4.20-45.9.legacy.athlon.rpm 7f9842acd1795a36cb453e25e407ca2025341f36 redhat/9/updates-testing/i386/kernel-2.4.20-45.9.legacy.i386.rpm aa842cd1fe707a70c931ff48ba50298262f2497b redhat/9/updates-testing/i386/kernel-2.4.20-45.9.legacy.i586.rpm 7ec2ea043778048f1406ece0c7f6b991e02966ac redhat/9/updates-testing/i386/kernel-2.4.20-45.9.legacy.i686.rpm 09d566d1a703b793c42b87155b0d4814dfd40469 redhat/9/updates-testing/i386/kernel-bigmem-2.4.20-45.9.legacy.i686.rpm 45802423788003573d97706975ccc9636d89c82b redhat/9/updates-testing/i386/kernel-BOOT-2.4.20-45.9.legacy.i386.rpm 9c1d236b876886cfd3327aa2f348e7e5530442fa redhat/9/updates-testing/i386/kernel-doc-2.4.20-45.9.legacy.i386.rpm 97ce9e99cb88f211a5a9346705fad362b418816b redhat/9/updates-testing/i386/kernel-smp-2.4.20-45.9.legacy.athlon.rpm 3232e1932a793feee9d625aea2bbde38abff40dc redhat/9/updates-testing/i386/kernel-smp-2.4.20-45.9.legacy.i586.rpm fc363685f585932dbb1ebb90c093a411e6195598 redhat/9/updates-testing/i386/kernel-smp-2.4.20-45.9.legacy.i686.rpm 81fa656b518909155cd84e2cfeebda3eb1050af5 redhat/9/updates-testing/i386/kernel-source-2.4.20-45.9.legacy.i386.rpm c267b0ccf2e7f62362b2e0413eeb9f315d04dd77 redhat/9/updates-testing/SRPMS/kernel-2.4.20-45.9.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list