[<prev] [next>] [day] [month] [year] [list]
Message-ID: <441A0890.6080903@videotron.ca>
Date: Fri Mar 17 00:52:02 2006
From: marcdeslauriers at videotron.ca (Marc Deslauriers)
Subject: [FLSA-2006:157459-3] Updated kernel packages fix
security issues
---------------------------------------------------------------------
Fedora Legacy Update Advisory
Synopsis: Updated kernel packages fix security issues
Advisory ID: FLSA:157459-3
Issue date: 2006-03-16
Product: Fedora Core
Keywords: Bugfix
CVE Names: CVE-2002-2185 CVE-2005-0756 CVE-2005-1761
CVE-2005-1762 CVE-2005-1763 CVE-2005-0839
CVE-2005-0867 CVE-2005-0937 CVE-2005-0977
CVE-2005-1041 CVE-2005-1263 CVE-2005-1264
CVE-2005-1265 CVE-2005-1368 CVE-2005-1369
CVE-2005-2098 CVE-2005-2099 CVE-2005-2456
CVE-2005-2555 CVE-2005-2458 CVE-2005-2490
CVE-2005-2492 CVE-2005-2709 CVE-2005-2800
CVE-2005-2801 CVE-2005-2872 CVE-2005-2973
CVE-2005-3044 CVE-2005-3053 CVE-2005-3106
CVE-2005-3109 CVE-2005-3110 CVE-2005-3180
CVE-2005-3181 CVE-2005-3274 CVE-2005-3275
CVE-2005-3276 CVE-2005-3356 CVE-2005-3358
CVE-2005-3784 CVE-2005-3805 CVE-2005-3806
CVE-2005-3807 CVE-2005-3848 CVE-2005-3857
CVE-2005-3858 CVE-2005-4605 CVE-2006-0095
---------------------------------------------------------------------
---------------------------------------------------------------------
1. Topic:
Updated kernel packages that fix several security issues are now
available.
The Linux kernel handles the basic functions of the operating system.
2. Relevant releases/architectures:
Fedora Core 2 - i386
3. Problem description:
These new kernel packages contain fixes for the security issues
described below:
- a flaw in network IGMP processing that a allowed a remote user on the
local network to cause a denial of service (disabling of multicast
reports) if the system is running multicast applications (CVE-2002-2185)
- flaws in ptrace() syscall handling on 64-bit systems that allowed a
local user to cause a denial of service (crash) (CVE-2005-0756,
CVE-2005-1761, CVE-2005-1762, CVE-2005-1763)
- a flaw when setting the line discipline on a serial tty that allowed a
local user to inject mouse movements or keystrokes when another user is
logged in. (CVE-2005-0839)
- an integer overflow flaw when writing to a sysfs file that allowed a
local user to overwrite kernel memory, causing a denial of service
(system crash) or arbitrary code execution. (CVE-2005-0867)
- a flaw in the futex functions that allowed a local user to cause a
denial of service (system crash). (CVE-2005-0937)
- a flaw in the tmpfs file system that allowed a local user to cause a
denial of service (system crash). (CVE-2005-0977)
- a flaw in the fib_seq_start function that allowed a local user to
cause a denial of service (system crash) via /proc/net/route.
(CVE-2005-1041)
- a flaw between execve() syscall handling and core dumping of
ELF-format executables allowed local unprivileged users to cause a
denial of service (system crash) or possibly gain privileges
(CVE-2005-1263)
- a flaw in the servicing of a raw device ioctl that allowed a local
user who has access to raw devices to write to kernel memory and cause a
denial of service or potentially gain privileges (CVE-2005-1264)
- a flaw that prevented the topdown allocator from allocating mmap areas
all the way down to address zero (CVE-2005-1265)
- a flaw in the key_user_lookup function in security/keys/key.c that
allowed a user to cause a denial of service (crash) (CVE-2005-1368)
- a flaw in the it87 and via686a drivers in I2C that allowed a locl user
to cause a denial of service (crash) (CVE-2005-1369)
- flaws dealing with keyrings that could cause a local denial of service
(CVE-2005-2098, CVE-2005-2099)
- flaws in IPSEC network handling that allowed a local user to cause a
denial of service or potentially gain privileges (CVE-2005-2456,
CVE-2005-2555)
- a flaw in gzip/zlib handling internal to the kernel that may allow a
local user to cause a denial of service (crash) (CVE-2005-2458)
- a flaw in sendmsg() syscall handling on 64-bit systems that allowed
a local user to cause a denial of service or potentially gain
privileges (CVE-2005-2490)
- a flaw in sendmsg() syscall handling that allowed a local user to
cause a denial of service by altering hardware state (CVE-2005-2492)
- a flaw in procfs handling during unloading of modules that allowed a
local user to cause a denial of service or potentially gain privileges
(CVE-2005-2709)
- a flaw in the SCSI procfs interface that allowed a local user to cause
a denial of service (crash) (CVE-2005-2800)
- a xattr sharing bug in the ext2 and ext3 file systems that could cause
default ACLs to disappear (CVE-2005-2801)
- a flaw in the ipt_recent module on 64-bit architectures which could
allow a remote denial of service (CVE-2005-2872)
- a flaw in IPv6 network UDP port hash table lookups that allowed a
local user to cause a denial of service (hang) (CVE-2005-2973)
- a flaw in 32-bit-compat handling of the TIOCGDEV ioctl that allowed
a local user to cause a denial of service (crash) (CVE-2005-3044)
- a flaw in the set_mempolicy system call that allowed a local user to
cause a denial of service (system panic). (CVE-2005-3053)
- a race condition when threads share memory mapping that allowed local
users to cause a denial of service (deadlock) (CVE-2005-3106)
- a flaw when trying to mount a non-hfsplus filesystem using hfsplus
that allowed local users to cause a denial of service (crash)
(CVE-2005-3109)
- a race condition in the ebtables netfilter module that may allow
remote attackers to cause a denial of service (crash) on a SMP system
that is operating under a heavy load (CVE-2005-3110)
- a network buffer info leak using the orinoco driver that allowed
a remote user to possibly view uninitialized data (CVE-2005-3180)
- a memory leak was found in the audit system that allowed an
unprivileged local user to cause a denial of service. (CVE-2005-3181)
- a race condition in ip_vs_conn_flush that allowed a local user to
cause a denial of service (CVE-2005-3274)
- a flaw in IPv4 network TCP and UDP netfilter handling that allowed
a local user to cause a denial of service (crash) (CVE-2005-3275)
- a minor info leak with the get_thread_area() syscall that allowed
a local user to view uninitialized kernel stack data (CVE-2005-3276)
- a flaw in mq_open system call that allowed a local user to cause a
denial of service (crash) (CVE-2005-3356)
- a flaw in set_mempolicy that allowed a local user on some 64-bit
architectures to cause a denial of service (crash) (CVE-2005-3358)
- a flaw in the auto-reap of child processes that allowed a local user
to cause a denial of service (crash) (CVE-2005-3784)
- a flaw in the POSIX timer cleanup handling that allowed a local user
to cause a denial of service (crash) (CVE-2005-3805)
- a flaw in the IPv6 flowlabel code that allowed a local user to cause a
denial of service (crash) (CVE-2005-3806)
- a memory leak in the VFS file lease handling that allowed a local user
to cause a denial of service (CVE-2005-3807)
- a flaw in network ICMP processing that allowed a local user to cause
a denial of service (memory exhaustion) (CVE-2005-3848)
- a flaw in file lease time-out handling that allowed a local user to
cause a denial of service (log file overflow) (CVE-2005-3857)
- a flaw in network IPv6 xfrm handling that allowed a local user to
cause a denial of service (memory exhaustion) (CVE-2005-3858)
- a flaw in procfs handling that allowed a local user to read kernel
memory (CVE-2005-4605)
- a memory disclosure flaw in dm-crypt that allowed a local user to
obtain sensitive information about a cryptographic key (CVE-2006-0095)
All users are advised to upgrade their kernels to the packages
associated with their machine architectures and configurations as listed
in this erratum.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To install kernel packages manually, use "rpm -ivh <package>" and modify
system settings to boot the kernel you have installed. To do this, edit
/boot/grub/grub.conf and change the default entry to "default=0" (or, if
you have chosen to use LILO as your boot loader, edit /etc/lilo.conf and
run lilo)
Please note that this update is also available via yum and apt. Many
people find this an easier way to apply updates. To use yum issue:
yum update
or to use apt:
apt-get update; apt-get upgrade
This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that you
have yum or apt-get configured for obtaining Fedora Legacy content.
Please visit http://www.fedoralegacy.org/docs for directions on how to
configure yum and apt-get.
Note that this may not automatically pull the new kernel in if you have
configured apt/yum to ignore kernels. If so, follow the manual
instructions above.
5. Bug IDs fixed:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=157459
6. RPMs required:
Fedora Core 2:
SRPM:
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/kernel-2.6.10-2.3.legacy_FC2.src.rpm
i386:
http://download.fedoralegacy.org/fedora/2/updates/i386/kernel-doc-2.6.10-2.3.legacy_FC2.noarch.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/kernel-sourcecode-2.6.10-2.3.legacy_FC2.noarch.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/kernel-2.6.10-2.3.legacy_FC2.i586.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/kernel-smp-2.6.10-2.3.legacy_FC2.i586.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/kernel-2.6.10-2.3.legacy_FC2.i686.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/kernel-smp-2.6.10-2.3.legacy_FC2.i686.rpm
7. Verification:
SHA1 sum Package Name
---------------------------------------------------------------------
68999cdecf0bb3c6cda09edbe2cedd57fff709ad
fedora/2/updates/i386/kernel-2.6.10-2.3.legacy_FC2.i586.rpm
85de0ac6c22acb127c7bfae0c8b6e8067fd60442
fedora/2/updates/i386/kernel-2.6.10-2.3.legacy_FC2.i686.rpm
631a71b16611758af3db18da17205422deb41c30
fedora/2/updates/i386/kernel-doc-2.6.10-2.3.legacy_FC2.noarch.rpm
6f5010188ca24a79d5fb6323a687c5cdc9611d24
fedora/2/updates/i386/kernel-smp-2.6.10-2.3.legacy_FC2.i586.rpm
4beec907750088ff917855a7e5ec8a31bb752358
fedora/2/updates/i386/kernel-smp-2.6.10-2.3.legacy_FC2.i686.rpm
1a33e38fa69b09fb80e6a5d334aad72e963820eb
fedora/2/updates/i386/kernel-sourcecode-2.6.10-2.3.legacy_FC2.noarch.rpm
85eee44769a3a0ca55221b93d9386563798961a7
fedora/2/updates/SRPMS/kernel-2.6.10-2.3.legacy_FC2.src.rpm
These packages are GPG signed by Fedora Legacy for security. Our key is
available from http://www.fedoralegacy.org/about/security.php
You can verify each package with the following command:
rpm --checksig -v <filename>
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:
sha1sum <filename>
8. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0756
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1761
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1762
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1763
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0839
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0867
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0977
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1041
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1264
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1265
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1369
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2099
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2490
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2709
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2800
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2872
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2973
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3044
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3110
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3274
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3276
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3356
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3358
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3805
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3806
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3848
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3857
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3858
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4605
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0095
9. Contact:
The Fedora Legacy security contact is <secnotice@...oralegacy.org>. More
project details at http://www.fedoralegacy.org
---------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: OpenPGP digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060316/489c104e/signature.bin
Powered by blists - more mailing lists