Fedora Legacy Test Update Notification: kernel (fc1)

Marc Deslauriers marcdeslauriers at videotron.ca
Tue Feb 21 00:57:30 UTC 2006 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2006-157459-2
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=157459
2006-02-20
---------------------------------------------------------------------

Name        : kernel
Versions    : fc1: kernel-2.4.22-1.2199.7.legacy.nptl
Summary     : The Linux kernel (the core of the Linux operating system).
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of
the Red Hat Linux operating system. The kernel handles the basic
functions of the operating system: memory allocation, process
allocation, device input and output, etc.

---------------------------------------------------------------------
Update Information:

Updated kernel packages that fix several security issues are now
available.

The Linux kernel handles the basic functions of the operating system.

These new kernel packages contain fixes for the security issues
described below:

- a flaw in network IGMP processing that a allowed a remote user on the
local network to cause a denial of service (disabling of multicast
reports) if the system is running multicast applications (CVE-2002-2185)

- a recent Internet Draft by Fernando Gont recommended that ICMP Source
Quench messages be ignored by hosts. A patch to ignore these messages is
included. (CVE-2004-0791)

- flaws in ptrace() syscall handling on AMD64 and Intel EM64T systems
that allowed a local user to cause a denial of service (crash)
(CAN-2005-0756, CAN-2005-1762, CAN-2005-2553)

- a flaw between execve() syscall handling and core dumping of
ELF-format executables allowed local unprivileged users to cause a
denial of service (system crash) or possibly gain privileges
(CVE-2005-1263)

- a flaw in gzip/zlib handling internal to the kernel that may allow a
local user to cause a denial of service (crash) (CVE-2005-2458)

- a flaw in sendmsg() syscall handling on 64-bit systems that allowed
a local user to cause a denial of service or potentially gain
privileges (CAN-2005-2490)

- a flaw in exec() handling on some 64-bit architectures that allowed
a local user to cause a denial of service (crash) (CVE-2005-2708)

- a flaw in procfs handling during unloading of modules that allowed a
local user to cause a denial of service or potentially gain privileges
(CVE-2005-2709)

- a flaw in IPv6 network UDP port hash table lookups that allowed a
local user to cause a denial of service (hang) (CVE-2005-2973)

- a flaw in 32-bit-compat handling of the TIOCGDEV ioctl that allowed
a local user to cause a denial of service (crash) (CVE-2005-3044)

- a network buffer info leak using the orinoco driver that allowed
a remote user to possibly view uninitialized data (CVE-2005-3180)

- a flaw in IPv4 network TCP and UDP netfilter handling that allowed
a local user to cause a denial of service (crash) (CVE-2005-3275)

- a minor info leak with the get_thread_area() syscall that allowed
a local user to view uninitialized kernel stack data (CVE-2005-3276)

- a flaw in the IPv6 flowlabel code that allowed a local user to cause a
denial of service (crash) (CVE-2005-3806)

- a flaw in file lease time-out handling that allowed a local user to
cause a denial of service (log file overflow) (CVE-2005-3857)

All users are advised to upgrade their kernels to the packages
associated with their machine architectures and configurations as listed
in this erratum.

---------------------------------------------------------------------
Changelogs

fc1:
* Fri Feb 17 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.4.22-1.2199.7.legacy.nptl
- Added patch for CVE-2002-2185 (potential IGMP DoS)

* Thu Feb 02 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.4.22-1.2199.6.legacy.nptl
- Added patches for:
  CVE-2004-0791 (source quench DoS)
  CVE-2005-0756 (ptrace-check-segment x86_64 crash)
  CVE-2005-1263 (ELF core dump privilege elevation)
  CVE-2005-1762 (ptrace can induce double-fault on x86_64)
  CVE-2005-2458 (gzip/zlib flaws)
  CVE-2005-2490 (compat layer sendmsg() races)
  CVE-2005-2553 (32-bit ptrace find_target() oops)
  CVE-2005-2708 (user code panics kernel in exec.c)
  CVE-2005-2709 (sysctl races)
  CVE-2005-2973 (ipv6 infinite loop)
  CVE-2005-3044 (lost fput and sockfd_put could lead to DoS)
  CVE-2005-3180 (orinoco driver information leakage)
  CVE-2005-3275 (NAT DoS)
  CVE-2005-3276 (sys_get_thread_area minor info leak)
  CVE-2005-3806 (ipv6 flowlabel DOS)
  CVE-2005-3857 (lease printk DoS)

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

fc1:
3e6b7ebfdf1b6c5f075aef36299ce8746f292d40
fedora/1/updates-testing/i386/kernel-2.4.22-1.2199.7.legacy.nptl.athlon.rpm
839072496f51940e258f5611b9cc58007a4d7364
fedora/1/updates-testing/i386/kernel-2.4.22-1.2199.7.legacy.nptl.i586.rpm
79d928006411ff6bffda331d2f2a4c1023b5f26f
fedora/1/updates-testing/i386/kernel-2.4.22-1.2199.7.legacy.nptl.i686.rpm
84b43c2dff417f86a6dcd0266a55b79bddaa99da
fedora/1/updates-testing/i386/kernel-BOOT-2.4.22-1.2199.7.legacy.nptl.i386.rpm
7cc2ce4d1db0f84bc1f8fcec0d988b2d09f322e4
fedora/1/updates-testing/i386/kernel-doc-2.4.22-1.2199.7.legacy.nptl.i386.rpm
178695c22baa53fc78eb3ee5ec60300a75fda9c1
fedora/1/updates-testing/i386/kernel-smp-2.4.22-1.2199.7.legacy.nptl.athlon.rpm
723c08fc887abab70032e3c0dabf2d3331502e67
fedora/1/updates-testing/i386/kernel-smp-2.4.22-1.2199.7.legacy.nptl.i586.rpm
9374c084a20f5610911bfb63e4a607ba1cbd05a2
fedora/1/updates-testing/i386/kernel-smp-2.4.22-1.2199.7.legacy.nptl.i686.rpm
27c171fe901031ac3a7b89cc3e6b38df4b662cdb
fedora/1/updates-testing/i386/kernel-source-2.4.22-1.2199.7.legacy.nptl.i386.rpm
b65085b0eacca6ec4288b00aefeb58a29aae5f83
fedora/1/updates-testing/SRPMS/kernel-2.4.22-1.2199.7.legacy.nptl.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20060220/a432ab38/attachment.sig>

More information about the fedora-legacy-list mailing list