First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 102582
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Henrik Brix Andersen <henrik@brixandersen.dk>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 102582 depends on: Show dependency tree
Show dependency graph
Bug 102582 blocks:

Additional Comments: (this is where you put emerge --info)







View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-08-15 01:42 0000 
The following vulnerabilities are fixed in linux-2.6.12.5 according to the
ChangeLog: CAN-2005-2458, CAN-2005-2459, CAN-2005-2098 and CAN-2005-2099.

I have added sys-kernel/vanilla-sources-2.6.12.5 to portage, but it still needs
to be marked stable on affected archs.

We will need a new genpatches revision to include the 2.6.12.5 fixes in
sys-kernel/gentoo-sources and others.

------- Comment #1 From Henrik Brix Andersen 2005-08-15 01:47:35 0000 ------- 
*** Bug 102583 has been marked as a duplicate of this bug. ***

------- Comment #2 From Henrik Brix Andersen 2005-08-15 14:52:18 0000 ------- 
sys-kernel/vanilla-sources-2.6.12.5 stable on x86.

------- Comment #3 From Daniel Drake 2005-08-16 10:09:03 0000 ------- 
Fixed in genpatches-2.6.12-13
Fixed in gentoo-sources-2.6.12-r9

------- Comment #4 From Henrik Brix Andersen 2005-08-17 07:31:22 0000 ------- 
Fixed in sys-kernel/suspend2-sources-2.6.12-r5.

------- Comment #5 From Tim Yamin (RETIRED) 2005-08-19 11:37:00 0000 ------- 
*** Bug 102803 has been marked as a duplicate of this bug. ***

------- Comment #6 From Tim Yamin (RETIRED) 2005-08-19 11:38:40 0000 ------- 
CAN-2005-2617

------- Comment #7 From Henrik Brix Andersen 2005-08-21 09:09:37 0000 ------- 
Arch maintainers: please test sys-kernel/vanilla-sources-2.6.12.5 (and
sys-kernel/gentoo-sources-2.6.12-r9 if appropriate) on your arch and mark stable.

------- Comment #8 From Markus Rothe 2005-08-21 11:22:40 0000 ------- 
stable on ppc64

------- Comment #9 From Luis Medinas (RETIRED) 2005-08-21 11:32:23 0000 ------- 
Both Marked Stable.
Thanks

------- Comment #10 From SpanKY 2005-08-21 12:11:34 0000 ------- 
s390 stays with linux-2.6.5

------- Comment #11 From Thierry Carrez (RETIRED) 2005-08-22 05:10:03 0000 ------- 
Bug descriptions :

David Howells discovered a local Denial of Service vulnerability in
the key session joining function. Under certain user-triggerable
conditions, a semaphore was not released properly, which caused
processes which also attempted to join a key session to hang forever.
This only affects Ubuntu 5.04 (Hoary Hedgehog). (CAN-2005-2098)

David Howells discovered a local Denial of Service vulnerability in
the keyring allocator. A local attacker could exploit this to crash
the kernel by attempting to add a specially crafted invalid keyring.
This only affects Ubuntu 5.04 (Hoary Hedgehog). (CAN-2005-2099)

It was discovered that the kernel's embedded zlib compression library
was still vulnerable to two old vulnerabilities of the standalone zlib
library. This library is used by various drivers and can also be used
by third party modules, so the impact varies. (CAN-2005-2458,
CAN-2005-2459)

------- Comment #12 From Thierry Carrez (RETIRED) 2005-08-22 05:23:41 0000 ------- 
*** Bug 103325 has been marked as a duplicate of this bug. ***

------- Comment #13 From Thierry Carrez (RETIRED) 2005-08-22 05:24:05 0000 ------- 
This also includes this one :

Tim Yamin discovered that the driver for compressed ISO file systems
did not sufficiently validate the iput data. By tricking an user into
mounting a malicious CD-ROM with a specially crafted compressed ISO
file system, he could cause a kernel crash. (CAN-2005-2457)

------- Comment #14 From Aron Griffis (RETIRED) 2005-08-25 07:00:50 0000 ------- 
vanilla-sources-2.6.12.5 and gentoo-sources-2.6.12-r9 stable on ia64

------- Comment #15 From Bryan Østergaard (RETIRED) 2005-09-14 18:04:33 0000 ------- 
vanilla-sources stable on alpha.

------- Comment #16 From Tim Yamin (RETIRED) 2005-11-26 04:07:41 0000 ------- 
All fixed, closing.
First Last Prev Next    No search results available      Search page      Enter new bug