Fedora Legacy Test Update Notification: kernel (fc3)

Marc Deslauriers marcdeslauriers at videotron.ca
Tue Feb 21 00:58:21 UTC 2006 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2006-157459-4
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=157459
2006-02-20
---------------------------------------------------------------------

Name        : kernel
Versions    : fc3: kernel-2.6.12-2.3.legacy_FC3
Summary     : The Linux kernel (the core of the Linux operating system).
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of
the Red Hat Linux operating system. The kernel handles the basic
functions of the operating system: memory allocation, process
allocation, device input and output, etc.

---------------------------------------------------------------------
Update Information:

Updated kernel packages that fix several security issues are now
available.

The Linux kernel handles the basic functions of the operating system.

These new kernel packages contain fixes for the security issues
described below:

- a flaw in network IGMP processing that a allowed a remote user on the
local network to cause a denial of service (disabling of multicast
reports) if the system is running multicast applications (CVE-2002-2185)

- a flaw in procfs handling during unloading of modules that allowed a
local user to cause a denial of service or potentially gain privileges
(CVE-2005-2709)

- a flaw in 32-bit-compat handling of the TIOCGDEV ioctl that allowed
a local user to cause a denial of service (crash) (CVE-2005-3044)

- a race condition in ip_vs_conn_flush that allowed a local user to
cause a denial of service (CVE-2005-3274)

- a flaw in mq_open system call that allowed a local user to cause a
denial of service (crash) (CVE-2005-3356)

- a flaw in set_mempolicy that allowed a local user on some 64-bit
architectures to cause a denial of service (crash) (CVE-2005-3358)

- a race condition in do_coredump in signal.c that allowed a local user
to cause a denial of service (crash) (CVE-2005-3527)

- a flaw in the auto-reap of child processes that allowed a local user
to cause a denial of service (crash) (CVE-2005-3784)

- a flaw in the POSIX timer cleanup handling that allowed a local user
to cause a denial of service (crash) (CVE-2005-3805)

- a flaw in the IPv6 flowlabel code that allowed a local user to cause a
denial of service (crash) (CVE-2005-3806)

- a memory leak in the VFS file lease handling that allowed a local user
to cause a denial of service (CVE-2005-3807)

- a flaw in file lease time-out handling that allowed a local user to
cause a denial of service (log file overflow) (CVE-2005-3857)

- a flaw in procfs handling that allowed a local user to read kernel
memory (CVE-2005-4605)

- a memory disclosure flaw in dm-crypt that allowed a local user to
obtain sensitive information about a cryptographic key (CVE-2006-0095)

- a flaw while constructing an ICMP response that allowed remote users
to cause a denial of service (crash) (CVE-2006-0454)

All users are advised to upgrade their kernels to the packages
associated with their machine architectures and configurations as listed
in this erratum.

---------------------------------------------------------------------
Changelogs

fc3:
* Sat Feb 18 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.6.12-2.3.legacy_FC3
- Corrected upstream reference in CVE-2006-0454 patch

* Tue Feb 07 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.6.12-2.2.legacy_FC3
- Added patches for:
  CVE-2002-2185 (IGMP DoS)
  CVE-2005-3527 (do_coredump() vs SIGSTOP race)
  CVE-2005-3805 (POSIX timer cleanup handling on exit locking problem)
  CVE-2006-0095 (dm-crypt key leak)
  CVE-2006-0454 (ICMP route double-free)
  CVE-2005-3807 (memory leak with file leases)

* Fri Jan 27 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.6.12-2.1.legacy_FC3
- Added patches for:
  CVE-2005-2709 (sysctl races)
  CVE-2005-3044 (lost fput and sockfd_put could lead to DoS)
  CVE-2005-3274 (ip_vs_conn_flush race condition DoS)
  CVE-2005-3356 (double decrement of mqueue_mnt->mnt_count in sys_mq_open)
  CVE-2005-3358 (prevent panic caused by invalid arguments to set_mempolicy)
  CVE-2005-3784 (auto-reap DoS)
  CVE-2005-3806 (ipv6 flowlabel DOS)
  CVE-2005-3857 (lease printk DoS)
  CVE-2005-4605 (kernel memory disclosure via /proc exploit)

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

fc3:
b9e37d94319ce74e98aa053d9da798437b979a5e
fedora/3/updates-testing/i386/kernel-2.6.12-2.3.legacy_FC3.i586.rpm
e8698e932795b5a8c9ecc97e95fab42f55d71ac9
fedora/3/updates-testing/i386/kernel-2.6.12-2.3.legacy_FC3.i686.rpm
58e7014a387ef6e17bf9f68d26eb1242a9dab3f2
fedora/3/updates-testing/i386/kernel-doc-2.6.12-2.3.legacy_FC3.noarch.rpm
d09fb6f194558505d8d52fb22a60420cd35a06f1
fedora/3/updates-testing/i386/kernel-smp-2.6.12-2.3.legacy_FC3.i586.rpm
640077c447f1ac5edf5e21000c916bb750006f84
fedora/3/updates-testing/i386/kernel-smp-2.6.12-2.3.legacy_FC3.i686.rpm
3341ee0cc5e61d464a9982a5f96ec802d9121965
fedora/3/updates-testing/x86_64/kernel-2.6.12-2.3.legacy_FC3.x86_64.rpm
58e7014a387ef6e17bf9f68d26eb1242a9dab3f2
fedora/3/updates-testing/x86_64/kernel-doc-2.6.12-2.3.legacy_FC3.noarch.rpm
ab4a29a3ec0bceda378319476b6ce46613805f90
fedora/3/updates-testing/x86_64/kernel-smp-2.6.12-2.3.legacy_FC3.x86_64.rpm
725204fe5e8fb35b54083be1a6757cc8be43cf9d
fedora/3/updates-testing/SRPMS/kernel-2.6.12-2.3.legacy_FC3.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20060220/d09515be/attachment.sig>

More information about the fedora-legacy-list mailing list