--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2006-157459-4 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=157459 2006-02-20 --------------------------------------------------------------------- Name : kernel Versions : fc3: kernel-2.6.12-2.3.legacy_FC3 Summary : The Linux kernel (the core of the Linux operating system). Description : The kernel package contains the Linux kernel (vmlinuz), the core of the Red Hat Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. --------------------------------------------------------------------- Update Information: Updated kernel packages that fix several security issues are now available. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below: - a flaw in network IGMP processing that a allowed a remote user on the local network to cause a denial of service (disabling of multicast reports) if the system is running multicast applications (CVE-2002-2185) - a flaw in procfs handling during unloading of modules that allowed a local user to cause a denial of service or potentially gain privileges (CVE-2005-2709) - a flaw in 32-bit-compat handling of the TIOCGDEV ioctl that allowed a local user to cause a denial of service (crash) (CVE-2005-3044) - a race condition in ip_vs_conn_flush that allowed a local user to cause a denial of service (CVE-2005-3274) - a flaw in mq_open system call that allowed a local user to cause a denial of service (crash) (CVE-2005-3356) - a flaw in set_mempolicy that allowed a local user on some 64-bit architectures to cause a denial of service (crash) (CVE-2005-3358) - a race condition in do_coredump in signal.c that allowed a local user to cause a denial of service (crash) (CVE-2005-3527) - a flaw in the auto-reap of child processes that allowed a local user to cause a denial of service (crash) (CVE-2005-3784) - a flaw in the POSIX timer cleanup handling that allowed a local user to cause a denial of service (crash) (CVE-2005-3805) - a flaw in the IPv6 flowlabel code that allowed a local user to cause a denial of service (crash) (CVE-2005-3806) - a memory leak in the VFS file lease handling that allowed a local user to cause a denial of service (CVE-2005-3807) - a flaw in file lease time-out handling that allowed a local user to cause a denial of service (log file overflow) (CVE-2005-3857) - a flaw in procfs handling that allowed a local user to read kernel memory (CVE-2005-4605) - a memory disclosure flaw in dm-crypt that allowed a local user to obtain sensitive information about a cryptographic key (CVE-2006-0095) - a flaw while constructing an ICMP response that allowed remote users to cause a denial of service (crash) (CVE-2006-0454) All users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. --------------------------------------------------------------------- Changelogs fc3: * Sat Feb 18 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 2.6.12-2.3.legacy_FC3 - Corrected upstream reference in CVE-2006-0454 patch * Tue Feb 07 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 2.6.12-2.2.legacy_FC3 - Added patches for: CVE-2002-2185 (IGMP DoS) CVE-2005-3527 (do_coredump() vs SIGSTOP race) CVE-2005-3805 (POSIX timer cleanup handling on exit locking problem) CVE-2006-0095 (dm-crypt key leak) CVE-2006-0454 (ICMP route double-free) CVE-2005-3807 (memory leak with file leases) * Fri Jan 27 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 2.6.12-2.1.legacy_FC3 - Added patches for: CVE-2005-2709 (sysctl races) CVE-2005-3044 (lost fput and sockfd_put could lead to DoS) CVE-2005-3274 (ip_vs_conn_flush race condition DoS) CVE-2005-3356 (double decrement of mqueue_mnt->mnt_count in sys_mq_open) CVE-2005-3358 (prevent panic caused by invalid arguments to set_mempolicy) CVE-2005-3784 (auto-reap DoS) CVE-2005-3806 (ipv6 flowlabel DOS) CVE-2005-3857 (lease printk DoS) CVE-2005-4605 (kernel memory disclosure via /proc exploit) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) fc3: b9e37d94319ce74e98aa053d9da798437b979a5e fedora/3/updates-testing/i386/kernel-2.6.12-2.3.legacy_FC3.i586.rpm e8698e932795b5a8c9ecc97e95fab42f55d71ac9 fedora/3/updates-testing/i386/kernel-2.6.12-2.3.legacy_FC3.i686.rpm 58e7014a387ef6e17bf9f68d26eb1242a9dab3f2 fedora/3/updates-testing/i386/kernel-doc-2.6.12-2.3.legacy_FC3.noarch.rpm d09fb6f194558505d8d52fb22a60420cd35a06f1 fedora/3/updates-testing/i386/kernel-smp-2.6.12-2.3.legacy_FC3.i586.rpm 640077c447f1ac5edf5e21000c916bb750006f84 fedora/3/updates-testing/i386/kernel-smp-2.6.12-2.3.legacy_FC3.i686.rpm 3341ee0cc5e61d464a9982a5f96ec802d9121965 fedora/3/updates-testing/x86_64/kernel-2.6.12-2.3.legacy_FC3.x86_64.rpm 58e7014a387ef6e17bf9f68d26eb1242a9dab3f2 fedora/3/updates-testing/x86_64/kernel-doc-2.6.12-2.3.legacy_FC3.noarch.rpm ab4a29a3ec0bceda378319476b6ce46613805f90 fedora/3/updates-testing/x86_64/kernel-smp-2.6.12-2.3.legacy_FC3.x86_64.rpm 725204fe5e8fb35b54083be1a6757cc8be43cf9d fedora/3/updates-testing/SRPMS/kernel-2.6.12-2.3.legacy_FC3.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list