The following vulnerabilities are fixed in linux-2.6.12.5 according to the ChangeLog: CAN-2005-2458, CAN-2005-2459, CAN-2005-2098 and CAN-2005-2099. I have added sys-kernel/vanilla-sources-2.6.12.5 to portage, but it still needs to be marked stable on affected archs. We will need a new genpatches revision to include the 2.6.12.5 fixes in sys-kernel/gentoo-sources and others.
*** Bug 102583 has been marked as a duplicate of this bug. ***
sys-kernel/vanilla-sources-2.6.12.5 stable on x86.
Fixed in genpatches-2.6.12-13 Fixed in gentoo-sources-2.6.12-r9
Fixed in sys-kernel/suspend2-sources-2.6.12-r5.
*** Bug 102803 has been marked as a duplicate of this bug. ***
CAN-2005-2617
Arch maintainers: please test sys-kernel/vanilla-sources-2.6.12.5 (and sys-kernel/gentoo-sources-2.6.12-r9 if appropriate) on your arch and mark stable.
stable on ppc64
Both Marked Stable. Thanks
s390 stays with linux-2.6.5
Bug descriptions : David Howells discovered a local Denial of Service vulnerability in the key session joining function. Under certain user-triggerable conditions, a semaphore was not released properly, which caused processes which also attempted to join a key session to hang forever. This only affects Ubuntu 5.04 (Hoary Hedgehog). (CAN-2005-2098) David Howells discovered a local Denial of Service vulnerability in the keyring allocator. A local attacker could exploit this to crash the kernel by attempting to add a specially crafted invalid keyring. This only affects Ubuntu 5.04 (Hoary Hedgehog). (CAN-2005-2099) It was discovered that the kernel's embedded zlib compression library was still vulnerable to two old vulnerabilities of the standalone zlib library. This library is used by various drivers and can also be used by third party modules, so the impact varies. (CAN-2005-2458, CAN-2005-2459)
*** Bug 103325 has been marked as a duplicate of this bug. ***
This also includes this one : Tim Yamin discovered that the driver for compressed ISO file systems did not sufficiently validate the iput data. By tricking an user into mounting a malicious CD-ROM with a specially crafted compressed ISO file system, he could cause a kernel crash. (CAN-2005-2457)
vanilla-sources-2.6.12.5 and gentoo-sources-2.6.12-r9 stable on ia64
vanilla-sources stable on alpha.
All fixed, closing.