Multiple Kernel vulnerabilities were released to BugTraq: http://www.securityfocus.com/bid/12261?ref=rss http://www.securityfocus.com/bid/11491?ref=rss http://www.securityfocus.com/bid/11492?ref=rss http://www.securityfocus.com/bid/11533?ref=rss http://www.securityfocus.com/bid/12195?ref=rss Can these please be applied to all relevant kernels? SUSE and Ubuntu already have fixed kernels released.
http://www.securityfocus.com/bid/12261?ref=rss is CAN-2005-0003, Gentoo bug 72452, resolved http://www.securityfocus.com/bid/11491?ref=rss http://www.securityfocus.com/bid/11492?ref=rss are CAN-2004-0814, Gentoo bug 68421, resolved http://www.securityfocus.com/bid/12195?ref=rss is CAN-2005-0504, Gentoo bug 77094, under correction http://www.securityfocus.com/bid/11533?ref=rss is a NO-CAN reiserfs localdos, fixed in 2.6.9 So we'll restrict this to only the reiserfs local dos for which I can't find a duplicate: ============================================================== The Linux kernel is affected by a local denial of service vulnerability in its ReiserFS file system functionality. This issue is due to a failure of the application to properly handle files under certain conditions. An attacker may leverage this issue to trigger a livelock in the affected file system, forcing a user to restart the computer to return it to proper functionality. ============================================================== Fixed in vanilla 2.6.9
So... in light of this can we mask xfs utils on ppc64 for anything lower than 2.6.11-r6?
woopse wrong bug ;-)
Closing bug as fixed; all the issues reported here have already been dealt with in other bugs; and SecurityFocus has no cross-references or details about the reiserfs issue so we can't do anything about that, and all kernels should be >= 2.6.9 by now anyway...