From 2.4.33.3: [SCTP] Fix sctp_primitive_ABORT() call in sctp_close() Fix possible UDF deadlock and memory corruption (CVE-2006-4145) From 2.4.33.2: [SCTP] Local privilege elevation - CVE-2006-3745 From 2.4.33.1: drivers/scsi/sg.c : fix CVE-2006-1528 2.4.33 fixed security bugs against 2.4.32 but iirc we've got those already fixed in previous patches. sparc-sources-2.4.33.3 is already in the tree as ~sparc with the latest mojo.
First fix is DUPLICATE. Third is fixed by time window.
Note to self -- Add CC's.
xen-sources, systrace-sources, both of you need to bump this to 2.6.17.10. Again, due for hardmask on the 19th for 144820, date applies here.
from http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.34 v2.4.34-rc4 Call init_timer() for ISDN PPP CCP reset state timer (CVE-2006-5749) v2.4.34-rc3 Fix incorrect user space access locking in mincore() (CVE-2006-4814) v2.4.34-rc2 [Bluetooth] Add packet size checks for CAPI messages (CVE-2006-6106) v2.4.34-pre2 drivers/scsi/sg.c : fix CVE-2006-1528 Fix possible UDF deadlock and memory corruption (CVE-2006-4145) [SCTP] Local privilege elevation - CVE-2006-3745
Xen, are you still vulnerable?
(In reply to comment #0) > [SCTP] Fix sctp_primitive_ABORT() call in sctp_close() > Fix possible UDF deadlock and memory corruption (CVE-2006-4145) Fixed upstream in 2.6.16.28 (http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.28). > [SCTP] Local privilege elevation - CVE-2006-3745 Fixed upstream in 2.6.16.28 (http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.28). > drivers/scsi/sg.c : fix CVE-2006-1528 According to http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1528, 2.6.16 was never affected by this.
(In reply to comment #4) CVE-2006-3745: https://bugs.gentoo.org/show_bug.cgi?id=144820 CVE-2006-4145: https://bugs.gentoo.org/show_bug.cgi?id=143538 CVE-2006-5749: https://bugs.gentoo.org/show_bug.cgi?id=158809 CVE-2006-4814 https://bugs.gentoo.org/show_bug.cgi?id=170857 CVE-2006-6106: https://bugs.gentoo.org/show_bug.cgi?id=158791 CVE-2006-1528: (this bug) Linux kernel before 2.6.13 allows local users to cause a denial of service (crash) via a dio transfer from the sg driver to memory mapped (mmap) IO space.