| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 06 Dec 2006 12:10:29 -0500
From: rPath Update Announcements <announce-noreply@...th.com>
To: security-announce@...ts.rpath.com,
update-announce@...ts.rpath.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com,
lwn@....net
Subject: rPSA-2006-0226-1 kernel
rPath Security Advisory: 2006-0226-1
Published: 2006-12-06
Products: rPath Linux 1
Rating: Severe
Exposure Level Classification:
Local Root Non-deterministic Privilege Escalation
Updated Versions:
kernel=/conary.rpath.com@rpl:devel//1/2.6.17.14-0.4-1
kernel=/conary.rpath.com@rpl:devel//1-xen/2.6.16.29-0.11-1
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5751
https://issues.rpath.com/browse/RPL-803
https://issues.rpath.com/browse/RPL-837
Description:
Previous versions of the kernel package are vulnerable to a local
denial of service or privilege escalation attack by unprivileged
users if any network bridge interface has been configured with more
than two interfaces. The attacker can cause the system to crash,
and is believed to be able to provide arbitrary code that may
(with undetermined probability) run in kernel context. Xen dom0
instances in the default bridging configuration are vulnerable.
Previous versions of the Xen dom0 kernel did not embed the
firmware for QLogic 2XXX Fibre Channel adapters, disabling Xen
dom0 on those systems.
This update requires a system reboot to implement the fixes.
Powered by blists - more mailing lists