Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 102582 - Security fixes in 2.6.12.5 (CAN-2005-{2617,2457,2458,2459,2098,2099})
Summary: Security fixes in 2.6.12.5 (CAN-2005-{2617,2457,2458,2459,2098,2099})
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://www.kernel.org/pub/linux/kerne...
Whiteboard: [linux < 2.6.13]
Keywords:
: 102583 102803 103325 (view as bug list)
Depends on:
Blocks:
 
Reported: 2005-08-15 01:42 UTC by Henrik Brix Andersen
Modified: 2019-11-03 12:33 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Henrik Brix Andersen 2005-08-15 01:42:35 UTC 
The following vulnerabilities are fixed in linux-2.6.12.5 according to the
ChangeLog: CAN-2005-2458, CAN-2005-2459, CAN-2005-2098 and CAN-2005-2099.

I have added sys-kernel/vanilla-sources-2.6.12.5 to portage, but it still needs
to be marked stable on affected archs.

We will need a new genpatches revision to include the 2.6.12.5 fixes in
sys-kernel/gentoo-sources and others.
Comment 1 Henrik Brix Andersen 2005-08-15 01:47:35 UTC 
*** Bug 102583 has been marked as a duplicate of this bug. ***
Comment 2 Henrik Brix Andersen 2005-08-15 14:52:18 UTC 
sys-kernel/vanilla-sources-2.6.12.5 stable on x86.
Comment 3 Daniel Drake (RETIRED) gentoo-dev 2005-08-16 10:09:03 UTC 
Fixed in genpatches-2.6.12-13
Fixed in gentoo-sources-2.6.12-r9
Comment 4 Henrik Brix Andersen 2005-08-17 07:31:22 UTC 
Fixed in sys-kernel/suspend2-sources-2.6.12-r5.
Comment 5 Tim Yamin (RETIRED) gentoo-dev 2005-08-19 11:37:00 UTC 
*** Bug 102803 has been marked as a duplicate of this bug. ***
Comment 6 Tim Yamin (RETIRED) gentoo-dev 2005-08-19 11:38:40 UTC 
CAN-2005-2617
Comment 7 Henrik Brix Andersen 2005-08-21 09:09:37 UTC 
Arch maintainers: please test sys-kernel/vanilla-sources-2.6.12.5 (and
sys-kernel/gentoo-sources-2.6.12-r9 if appropriate) on your arch and mark stable.
Comment 8 Markus Rothe (RETIRED) gentoo-dev 2005-08-21 11:22:40 UTC 
stable on ppc64
Comment 9 Luis Medinas (RETIRED) gentoo-dev 2005-08-21 11:32:23 UTC 
Both Marked Stable.
Thanks
Comment 10 SpanKY gentoo-dev 2005-08-21 12:11:34 UTC 
s390 stays with linux-2.6.5
Comment 11 Thierry Carrez (RETIRED) gentoo-dev 2005-08-22 05:10:03 UTC 
Bug descriptions :

David Howells discovered a local Denial of Service vulnerability in
the key session joining function. Under certain user-triggerable
conditions, a semaphore was not released properly, which caused
processes which also attempted to join a key session to hang forever.
This only affects Ubuntu 5.04 (Hoary Hedgehog). (CAN-2005-2098)

David Howells discovered a local Denial of Service vulnerability in
the keyring allocator. A local attacker could exploit this to crash
the kernel by attempting to add a specially crafted invalid keyring.
This only affects Ubuntu 5.04 (Hoary Hedgehog). (CAN-2005-2099)

It was discovered that the kernel's embedded zlib compression library
was still vulnerable to two old vulnerabilities of the standalone zlib
library. This library is used by various drivers and can also be used
by third party modules, so the impact varies. (CAN-2005-2458,
CAN-2005-2459)
Comment 12 Thierry Carrez (RETIRED) gentoo-dev 2005-08-22 05:23:41 UTC 
*** Bug 103325 has been marked as a duplicate of this bug. ***
Comment 13 Thierry Carrez (RETIRED) gentoo-dev 2005-08-22 05:24:05 UTC 
This also includes this one :

Tim Yamin discovered that the driver for compressed ISO file systems
did not sufficiently validate the iput data. By tricking an user into
mounting a malicious CD-ROM with a specially crafted compressed ISO
file system, he could cause a kernel crash. (CAN-2005-2457)
Comment 14 Aron Griffis (RETIRED) gentoo-dev 2005-08-25 07:00:50 UTC 
vanilla-sources-2.6.12.5 and gentoo-sources-2.6.12-r9 stable on ia64
Comment 15 Bryan Østergaard (RETIRED) gentoo-dev 2005-09-14 18:04:33 UTC 
vanilla-sources stable on alpha.
Comment 16 Tim Yamin (RETIRED) gentoo-dev 2005-11-26 04:07:41 UTC 
All fixed, closing.