Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!

Full Text Bug Listing

Description:
Some vulnerabilities have been reported in the Linux kernel. One has an unknown impact, and the others can be exploited to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

1) An error exists in ROSE due to missing verification of the ndigis argument of new routes.

2) Any user with permissions to access a SCSI tape device can send some commands, which may cause it to become unusable for other users.

3) Some unspecified errors have been reported in the ISO9660 filesystem handler including Rock Ridge and Juliet extensions. These can be exploited via a specially crafted filesystem to cause a DoS or potentially corrupt memory leading to execution of arbitrary code.

Solution:
The vulnerabilities have been fixed in version 2.6.12-rc1.

Original Advisory:
Kernel.org:
http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.12-rc1

ISO9660 vulnerabilities are now treated in bug 86784

Created an attachment (id=56383) [details]
2.6.11 Compound Patch

Created an attachment (id=56384) [details]
2.6.10 (and below) Compound Patch

mips-sources fixed.

2) Any user with permissions to access a SCSI tape device can send some
commands, which may cause it to become unusable for other users.

Alan Cox says the patch to solve this is totally wrong, and I'd agree with my
basic knowledge of the SCSI command table. No proper fix is available (but I'm
not even sure if one is needed...)

Obsoleting patches: Alan Cox says the upstream fix (which said patches contain)
is wrong, so we're now waiting on upstream for the SCSI issue.

For the ROSE issue please use:

http://linux.bkbits.net:8080/linux-2.6/gnupatch@423114bcdthRtmtdS6MsZiBVvteGCg

ROSE Fixed in usermode-sources-2.6.11

Here's the new/approved scsi tape fix:
http://dev.gentoo.org/~dsd/gentoo-sources/release-11.10/dist/1105_scsi_tape.patch

All fixed in gentoo-sources-2.6.11-r7

`Kumba: CCing you again as there's a new fixed bug for the SCSI issues, see
http://dev.gentoo.org/~dsd/gentoo-sources/release-11.10/dist/1105_scsi_tape.patch

tseng,tocharian,kang,trulux: you guys need these updates for
hardened-sources-2.6.x and rsbac-sources-2.6.x

Ok, so the new upstream SCSI fix is no good (again):
http://marc.theaimsgroup.com/?l=linux-scsi&m=111497008818281&w=2

... please apply only the ROSE fix for now.

Created an attachment (id=57758) [details]
ROSE fixes with minor cleanup and SCSI tape fix removed.

A new patchset has been uploaded to
http://pearls.tuxedo-es.org/gentoo/hardened/kernel/hardened-patches-2.6-11.3.tar.bz2.


Also, two ebuilds are provided:
http://pearls.tuxedo-es.org/gentoo/hardened/kernel/hardened-sources-2.6.11-r1.ebuild
(uses pearls.tuxedo-es.org as HGPV_SRC) and the one using tseng's space at
dev.gentoo.org (default):
http://pearls.tuxedo-es.org/gentoo/hardened/kernel/hardened-sources-2.6.11-r1.ebuild.tseng


Cheers,
Lorenzo.

Created an attachment (id=57762) [details]
The correct patch for the ROSE driver fix (wtihout the rest of cleanups and not
necessary changes)

This the right patch.
Thanks Tim for pointing out the right CSET.

New patchset with the correct patch uploaded to
http://pearls.tuxedo-es.org/gentoo/hardened/kernel/hardened-patches-2.6-11.3.tar.bz2.

Cheers,
Lorenzo.

rsbac-sources fixed with latest patch as r-s-2.6.11-r3

Removing Lorenzo from cc per request via email.

All fixed, closing bug.