Summary: | Security fixes in 2.6.12.5 (CAN-2005-{2617,2457,2458,2459,2098,2099}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Henrik Brix Andersen <henrik> |
Component: | Kernel | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | jaervosz, security-kernel |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5 | ||
Whiteboard: | [linux < 2.6.13] | ||
Package list: | Runtime testing required: | --- |
Description
Henrik Brix Andersen
2005-08-15 01:42:35 UTC
*** Bug 102583 has been marked as a duplicate of this bug. *** sys-kernel/vanilla-sources-2.6.12.5 stable on x86. Fixed in genpatches-2.6.12-13 Fixed in gentoo-sources-2.6.12-r9 Fixed in sys-kernel/suspend2-sources-2.6.12-r5. *** Bug 102803 has been marked as a duplicate of this bug. *** CAN-2005-2617 Arch maintainers: please test sys-kernel/vanilla-sources-2.6.12.5 (and sys-kernel/gentoo-sources-2.6.12-r9 if appropriate) on your arch and mark stable. stable on ppc64 Both Marked Stable. Thanks s390 stays with linux-2.6.5 Bug descriptions : David Howells discovered a local Denial of Service vulnerability in the key session joining function. Under certain user-triggerable conditions, a semaphore was not released properly, which caused processes which also attempted to join a key session to hang forever. This only affects Ubuntu 5.04 (Hoary Hedgehog). (CAN-2005-2098) David Howells discovered a local Denial of Service vulnerability in the keyring allocator. A local attacker could exploit this to crash the kernel by attempting to add a specially crafted invalid keyring. This only affects Ubuntu 5.04 (Hoary Hedgehog). (CAN-2005-2099) It was discovered that the kernel's embedded zlib compression library was still vulnerable to two old vulnerabilities of the standalone zlib library. This library is used by various drivers and can also be used by third party modules, so the impact varies. (CAN-2005-2458, CAN-2005-2459) *** Bug 103325 has been marked as a duplicate of this bug. *** This also includes this one : Tim Yamin discovered that the driver for compressed ISO file systems did not sufficiently validate the iput data. By tricking an user into mounting a malicious CD-ROM with a specially crafted compressed ISO file system, he could cause a kernel crash. (CAN-2005-2457) vanilla-sources-2.6.12.5 and gentoo-sources-2.6.12-r9 stable on ia64 vanilla-sources stable on alpha. All fixed, closing. |