Fedora Legacy Test Update Notification: kernel (rh73 and rh9)

Marc Deslauriers marcdeslauriers at videotron.ca
Tue Feb 21 00:57:04 UTC 2006 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2006-157459-1
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=157459
2006-02-20
---------------------------------------------------------------------

Name        : kernel
Versions    : rh7.3: kernel-2.4.20-45.7.legacy
Versions    : rh9: kernel-2.4.20-45.9.legacy
Summary     : The Linux kernel (the core of the Linux operating system).
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of
the Red Hat Linux operating system. The kernel handles the basic
functions of the operating system: memory allocation, process
allocation, device input and output, etc.

---------------------------------------------------------------------
Update Information:

Updated kernel packages that fix several security issues are now
available.

The Linux kernel handles the basic functions of the operating system.

These new kernel packages contain fixes for the security issues
described below:

- a flaw in network IGMP processing that a allowed a remote user on the
local network to cause a denial of service (disabling of multicast
reports) if the system is running multicast applications (CVE-2002-2185)

- a recent Internet Draft by Fernando Gont recommended that ICMP Source
Quench messages be ignored by hosts. A patch to ignore these messages is
included. (CVE-2004-0791)

- flaws in the coda module that allowed denial-of-service attacks
(crashes) or local privilege escalations (CVE-2005-0124)

- a flaw between execve() syscall handling and core dumping of
ELF-format executables allowed local unprivileged users to cause a
denial of service (system crash) or possibly gain privileges
(CVE-2005-1263)

- a flaw in gzip/zlib handling internal to the kernel that may allow a
local user to cause a denial of service (crash) (CVE-2005-2458)

- a flaw in sendmsg() syscall handling on 64-bit systems that allowed
a local user to cause a denial of service or potentially gain
privileges (CAN-2005-2490)

- a flaw in exec() handling on some 64-bit architectures that allowed
a local user to cause a denial of service (crash) (CVE-2005-2708)

- a flaw in procfs handling during unloading of modules that allowed a
local user to cause a denial of service or potentially gain privileges
(CVE-2005-2709)

- a flaw in IPv6 network UDP port hash table lookups that allowed a
local user to cause a denial of service (hang) (CVE-2005-2973)

- a network buffer info leak using the orinoco driver that allowed
a remote user to possibly view uninitialized data (CVE-2005-3180)

- a flaw in the packet radio ROSE protocol that allowed a user to
trigger out-of-bounds errors. (CVE-2005-3273)

- a flaw in IPv4 network TCP and UDP netfilter handling that allowed
a local user to cause a denial of service (crash) (CVE-2005-3275)

- a minor info leak with the get_thread_area() syscall that allowed
a local user to view uninitialized kernel stack data (CVE-2005-3276)

- a flaw in the IPv6 flowlabel code that allowed a local user to cause a
denial of service (crash) (CVE-2005-3806)

- a flaw in file lease time-out handling that allowed a local user to
cause a denial of service (log file overflow) (CVE-2005-3857)

All users are advised to upgrade their kernels to the packages
associated with their machine architectures and configurations as listed
in this erratum.

---------------------------------------------------------------------
Changelogs

rh73:
* Sat Feb 04 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.4.20-45.9.legacy
- Removed CVE-2005-3044 patch (it was 64-bit only)
- Fixed CVE-2005-2709 patch
- Added patch for CVE-2002-2185 (potential IGMP DoS)

* Fri Feb 03 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.4.20-44.9.legacy
- Added patches for:
  CVE-2004-0791 (source quench DoS)
  CVE-2005-0124 (coda fs flaw)
  CVE-2005-1263 (ELF core dump privilege elevation)
  CVE-2005-2458 (gzip/zlib flaws)
  CVE-2005-2490 (compat layer sendmsg() races)
  CVE-2005-2708 (user code panics kernel in exec.c)
  CVE-2005-2709 (sysctl races)
  CVE-2005-2973 (ipv6 infinite loop)
  CVE-2005-3044 (lost fput and sockfd_put could lead to DoS)
  CVE-2005-3180 (orinoco driver information leakage)
  CVE-2005-3273 (ROSE ndigis verification)
  CVE-2005-3275 (NAT DoS)
  CVE-2005-3276 (sys_get_thread_area minor info leak)
  CVE-2005-3806 (ipv6 flowlabel DOS)
  CVE-2005-3857 (lease printk DoS)

rh9:
* Sat Feb 04 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.4.20-45.9.legacy
- Removed CVE-2005-3044 patch (it was 64-bit only)
- Fixed CVE-2005-2709 patch
- Added patch for CVE-2002-2185 (potential IGMP DoS)

* Fri Feb 03 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.4.20-44.9.legacy
- Added patches for:
  CVE-2004-0791 (source quench DoS)
  CVE-2005-0124 (coda fs flaw)
  CVE-2005-1263 (ELF core dump privilege elevation)
  CVE-2005-2458 (gzip/zlib flaws)
  CVE-2005-2490 (compat layer sendmsg() races)
  CVE-2005-2708 (user code panics kernel in exec.c)
  CVE-2005-2709 (sysctl races)
  CVE-2005-2973 (ipv6 infinite loop)
  CVE-2005-3044 (lost fput and sockfd_put could lead to DoS)
  CVE-2005-3180 (orinoco driver information leakage)
  CVE-2005-3273 (ROSE ndigis verification)
  CVE-2005-3275 (NAT DoS)
  CVE-2005-3276 (sys_get_thread_area minor info leak)
  CVE-2005-3806 (ipv6 flowlabel DOS)
  CVE-2005-3857 (lease printk DoS)

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

rh7.3:
95b69624330b0f8e68f49abf74ecc23c570ae4b5
redhat/7.3/updates-testing/i386/kernel-2.4.20-45.7.legacy.athlon.rpm
3d3077374f86a53920a3a0c69cbbb06e831f24d3
redhat/7.3/updates-testing/i386/kernel-2.4.20-45.7.legacy.i386.rpm
778142537201606c53c3d019236c2760429dbe3d
redhat/7.3/updates-testing/i386/kernel-2.4.20-45.7.legacy.i586.rpm
488df87ec8914c665f2509688a06dbb7dc5cf476
redhat/7.3/updates-testing/i386/kernel-2.4.20-45.7.legacy.i686.rpm
35a542d7ed5e2dff70e6ebeb15dc63db3a5a22ed
redhat/7.3/updates-testing/i386/kernel-bigmem-2.4.20-45.7.legacy.i686.rpm
102da0ff1569535bbc7d9aca3e2a561023acb57e
redhat/7.3/updates-testing/i386/kernel-BOOT-2.4.20-45.7.legacy.i386.rpm
8e212adf8bfc35be7dc76ddc5a953f284afb6999
redhat/7.3/updates-testing/i386/kernel-doc-2.4.20-45.7.legacy.i386.rpm
b7028d0d870b89f6458bb84327cb027c3d9ec5d1
redhat/7.3/updates-testing/i386/kernel-smp-2.4.20-45.7.legacy.athlon.rpm
2943f4978adeb9f53c50188662408a23634e302b
redhat/7.3/updates-testing/i386/kernel-smp-2.4.20-45.7.legacy.i586.rpm
4035b35ddeac849f735c8ad5cde1a7bb3fef5e21
redhat/7.3/updates-testing/i386/kernel-smp-2.4.20-45.7.legacy.i686.rpm
d242481b1d858a51630249cce33c21e228c46e07
redhat/7.3/updates-testing/i386/kernel-source-2.4.20-45.7.legacy.i386.rpm
89fbef5527f3eca6d425fa9ea19279d5f68bd5e2
redhat/7.3/updates-testing/SRPMS/kernel-2.4.20-45.7.legacy.src.rpm

rh9:
79715461d8828d7234ec6b869bc4194c2a79b361
redhat/9/updates-testing/i386/kernel-2.4.20-45.9.legacy.athlon.rpm
7f9842acd1795a36cb453e25e407ca2025341f36
redhat/9/updates-testing/i386/kernel-2.4.20-45.9.legacy.i386.rpm
aa842cd1fe707a70c931ff48ba50298262f2497b
redhat/9/updates-testing/i386/kernel-2.4.20-45.9.legacy.i586.rpm
7ec2ea043778048f1406ece0c7f6b991e02966ac
redhat/9/updates-testing/i386/kernel-2.4.20-45.9.legacy.i686.rpm
09d566d1a703b793c42b87155b0d4814dfd40469
redhat/9/updates-testing/i386/kernel-bigmem-2.4.20-45.9.legacy.i686.rpm
45802423788003573d97706975ccc9636d89c82b
redhat/9/updates-testing/i386/kernel-BOOT-2.4.20-45.9.legacy.i386.rpm
9c1d236b876886cfd3327aa2f348e7e5530442fa
redhat/9/updates-testing/i386/kernel-doc-2.4.20-45.9.legacy.i386.rpm
97ce9e99cb88f211a5a9346705fad362b418816b
redhat/9/updates-testing/i386/kernel-smp-2.4.20-45.9.legacy.athlon.rpm
3232e1932a793feee9d625aea2bbde38abff40dc
redhat/9/updates-testing/i386/kernel-smp-2.4.20-45.9.legacy.i586.rpm
fc363685f585932dbb1ebb90c093a411e6195598
redhat/9/updates-testing/i386/kernel-smp-2.4.20-45.9.legacy.i686.rpm
81fa656b518909155cd84e2cfeebda3eb1050af5
redhat/9/updates-testing/i386/kernel-source-2.4.20-45.9.legacy.i386.rpm
c267b0ccf2e7f62362b2e0413eeb9f315d04dd77
redhat/9/updates-testing/SRPMS/kernel-2.4.20-45.9.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20060220/a915e302/attachment.sig>

More information about the fedora-legacy-list mailing list