lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 06 Dec 2006 12:10:29 -0500
From: rPath Update Announcements <announce-noreply@...th.com>
To: security-announce@...ts.rpath.com, update-announce@...ts.rpath.com
Cc: lwn@....net, full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: rPSA-2006-0226-1 kernel

rPath Security Advisory: 2006-0226-1
Published: 2006-12-06
Products: rPath Linux 1
Rating: Severe
Exposure Level Classification:
    Local Root Non-deterministic Privilege Escalation
Updated Versions:
    kernel=/conary.rpath.com@rpl:devel//1/2.6.17.14-0.4-1
    kernel=/conary.rpath.com@rpl:devel//1-xen/2.6.16.29-0.11-1

References:
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5751
    https://issues.rpath.com/browse/RPL-803
    https://issues.rpath.com/browse/RPL-837

Description:
    Previous versions of the kernel package are vulnerable to a local
    denial of service or privilege escalation attack by unprivileged
    users if any network bridge interface has been configured with more
    than two interfaces.  The attacker can cause the system to crash,
    and is believed to be able to provide arbitrary code that may
    (with undetermined probability) run in kernel context.  Xen dom0
    instances in the default bridging configuration are vulnerable.
    
    Previous versions of the Xen dom0 kernel did not embed the
    firmware for QLogic 2XXX Fibre Channel adapters, disabling Xen
    dom0 on those systems.
    
    This update requires a system reboot to implement the fixes.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists