From Ubuntu's latest : A Denial of Service vulnerability was discovered in the sys_set_mempolicy() function. By calling the function with a negative first argument, a local attacker could cause a kernel crash. (CAN-2005-3053) A race condition was discovered in the handling of shared memory mappings with CLONE_VM. A local attacker could exploit this to cause a deadlock (Denial of Service) by triggering a core dump while waiting for a thread which had just performed an exec() system call. (CAN-2005-3106) A race condition was found in the handling of traced processes. When one thread was tracing another thread that shared the same memory map, a local attacker could trigger a deadlock (Denial of Service) by forcing a core dump when the traced thread was in the TASK_TRACED state. (CAN-2005-3107) The HFS and HFS+ file system drivers did not properly verify that the file system that was attempted to be mounted really was HFS/HFS+. On machines which allow users to mount arbitrary removable devices as HFS or HFS+ with an /etc/fstab entry, this could be exploited to trigger a kernel crash. (CAN-2005-3109) Steve Herrel discovered a race condition in the "ebtables" netfilter module. A remote attacker could exploit this by sending specially crafted packets that caused a value to be modified after it had been read but before it had been locked. This eventually lead to a kernel crash. This only affects multiprocessor machines (SMP). (CAN-2005-3110) Robert Derr discovered a memory leak in the system call auditing code. On a kernel which has the CONFIG_AUDITSYSCALL option enabled, this leads to memory exhaustion and eventually a Denial of Service. A local attacker could also speed this up by excessively calling system calls. http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=829841146878e082613a49581ae252c071057c23
The last one is CAN-2005-3181 http://linux.bkbits.net:8080/linux-2.6/cset@4346883bQBeBd26syWTKX2CVC5bDcA
(In reply to comment #0) > A Denial of Service vulnerability was discovered in the > sys_set_mempolicy() function. By calling the function with a negative > first argument, a local attacker could cause a kernel crash. > (CAN-2005-3053) Fixed in 2.6.13 http://linux.bkbits.net:8080/linux-2.6/gnupatch@42eef8b09C5r6iI0LuMe5Uy3k05c5g > A race condition was discovered in the handling of shared memory > mappings with CLONE_VM. A local attacker could exploit this to cause a > deadlock (Denial of Service) by triggering a core dump while waiting > for a thread which had just performed an exec() system call. > (CAN-2005-3106) Fixed in 2.6.11 > A race condition was found in the handling of traced processes. When > one thread was tracing another thread that shared the same memory map, > a local attacker could trigger a deadlock (Denial of Service) by > forcing a core dump when the traced thread was in the TASK_TRACED > state. (CAN-2005-3107) Fixed in 2.6.11 > The HFS and HFS+ file system drivers did not properly verify that the > file system that was attempted to be mounted really was HFS/HFS+. On > machines which allow users to mount arbitrary removable devices as HFS > or HFS+ with an /etc/fstab entry, this could be exploited to trigger a > kernel crash. (CAN-2005-3109) Fixed in 2.6.12 http://www.kernel.org/git/gitweb.cgi?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=945b092011c6af71a0107be96e119c8c08776f3f > Steve Herrel discovered a race condition in the "ebtables" netfilter > module. A remote attacker could exploit this by sending specially > crafted packets that caused a value to be modified after it had > been read but before it had been locked. This eventually lead to a > kernel crash. This only affects multiprocessor machines (SMP). > (CAN-2005-3110) Fixed in 2.6.12 > Robert Derr discovered a memory leak in the system call auditing code. > On a kernel which has the CONFIG_AUDITSYSCALL option enabled, this > leads to memory exhaustion and eventually a Denial of Service. A local > attacker could also speed this up by excessively calling system calls. > http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=829841146878e082613a49581ae252c071057c23 This is fixed in 2.6.14
Adding maintiners: mips-sources-2.4.13: Kumba rsbac-sources: kang
mips-sources-2.4.13 no longer in tree so all kernels secure, closing bug...
Err, that should have been 2.6.13 :P
