LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 11-19-2006, 05:06 AM   #61
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux 2.6.18.3 has been released.


It includes many bugfixes, one of which addresses a security vulnerability:
Quote:
[PATCH] security/seclvl.c: fix time wrap (CVE-2005-4352)

initlvl=2 in seclvl gives the guarantee
"Cannot decrement the system time".

But it was possible to set the time to the maximum unixtime value
(19 Jan 2038) resulting in a wrap to the minimum value.

This patch fixes this by disallowing setting the time to any date
after 2030 with initlvl=2.

This patch does not apply to kernel 2.6.19 since the seclvl module was
already removed in this kernel.
ChangeLog | CVE-2005-4352

Last edited by win32sux; 11-19-2006 at 05:19 AM.
 
Old 11-20-2006, 02:48 PM   #62
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux 2.4.33.4 has been released

It includes several bugfixes, at least one of which addresses a security vulnerability:
Quote:
Backport fix for CVE-2006-4997 to 2.4 tree
ChangeLog | CVE-2006-4997
 
Old 11-30-2006, 12:39 AM   #63
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux 2.6.18.4 has been released.

It consists of a single patch addressing a security vulnerability:
Quote:
[PATCH] bridge: fix possible overflow in get_fdb_entries (CVE-2006-5751)

Make sure to properly clamp maxnum to avoid overflow (CVE-2006-5751).
ChangeLog | CVE-2006-5751


BTW: Seems I once again missed a 2.6.16.y security fix release. 2.6.16.33 was released November 22 and included a patch for CVE-2005-4352.

Last edited by win32sux; 11-30-2006 at 12:51 AM.
 
Old 12-09-2006, 07:03 AM   #64
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux Kernel "ip_summed" Memory Corruption Vulnerability (Less Critical)

Quote:
Description:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to a memory corruption in drivers/net/tokenring/ibmtr.c, which can be exploited to cause a DoS by sending specially crafted packet to a vulnerable system.

The vulnerability is reported in Linux Kernel 2.6.19.

Solution:
A patch is available in the GIT repository.
Secunia Advisory
 
Old 12-09-2006, 07:11 AM   #65
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux 2.6.16.35 has been released.

It includes many bugfixes, one of which addresses a security vulnerability:
Quote:
bridge: fix possible overflow in get_fdb_entries (CVE-2006-5751)

Make sure to properly clamp maxnum to avoid overflow (CVE-2006-5751).
ChangeLog | CVE-2006-5751
 
Old 12-12-2006, 05:53 AM   #66
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux 2.6.19.1 has been released.

It includes several bugfixes, one of which addresses a security vulnerability:
Quote:
[PATCH] do_coredump() and not stopping rewrite attacks? (CVE-2006-6304)
Changelog | CVE-2006-6304
 
Old 12-16-2006, 05:53 PM   #67
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux 2.4.33.5 has been released.

It consists of a few bugfixes, one of which addresses a security vulnerability:
Quote:
[Bluetooth] Add packet size checks for CAPI messages (CVE-2006-6106)
ChangeLog | CVE-2006-6106
 
Old 12-18-2006, 09:52 PM   #68
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux 2.6.18.6 has been released.

It consists of a few bugfixes, one of which addresses a security vulnerability:
Quote:
Bluetooth: Add packet size checks for CAPI messages (CVE-2006-6106)
Changelog | CVE-2006-6106
 
Old 12-19-2006, 09:45 PM   #69
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux 2.4.33.6 has been released.

It consists of two bugfixes, one of which addresses a security vulnerability:
Quote:
Fix incorrect user space access locking in mincore() (CVE-2006-4814)
ChangeLog | CVE-2006-4814
 
Old 12-23-2006, 04:59 PM   #70
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux 2.4.33.7 has been released.

It consists of a single patch addressing a security vulnerability:
Quote:
Call init_timer() for ISDN PPP CCP reset state timer (CVE-2006-5749)
ChangeLog | CVE-2006-5749
 
Old 01-10-2007, 06:16 PM   #71
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux 2.6.19.2 has been released.

It includes many bugfixes, including Linus Torvalds' much anticipated data corruption fix.

Of course, several security issues are also addressed:
Quote:
Bluetooth: Add packet size checks for CAPI messages (CVE-2006-6106)

handle ext3 directory corruption better (CVE-2006-6053)

corrupted cramfs filesystems cause kernel oops (CVE-2006-5823)

ext2: skip pages past number of blocks in ext2_find_entry (CVE-2006-6054)

Fix incorrect user space access locking in mincore() (CVE-2006-4814)
ChangeLog | Tarball | Patch

Last edited by win32sux; 01-10-2007 at 07:38 PM.
 
Old 01-27-2007, 09:21 PM   #72
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux 2.6.16.38 has been released (01/20/2007).

It includes several bugfixes, at least ten of which address security vulnerabilities:
Quote:
corrupted cramfs filesystems cause kernel oops (CVE-2006-5823)

handle ext3 directory corruption better (CVE-2006-6053)

ext2: skip pages past number of blocks in ext2_find_entry (CVE-2006-6054)

hfs_fill_super returns success even if no root inode (CVE-2006-6056)

x86_64: Don't leak NT bit into next task (CVE-2006-5755)

Bluetooth: Add packet size checks for CAPI messages (CVE-2006-6106)

grow_buffers() infinite loop fix (CVE-2006-5757/CVE-2006-6060)

i386: save/restore eflags in context switch (CVE-2006-5173)

Call init_timer() for ISDN PPP CCP reset state timer (CVE-2006-5749)

Fix incorrect user space access locking in mincore() (CVE-2006-4814)
 
Old 01-31-2007, 04:28 PM   #73
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux Kernel "listxattr" Memory Corruption Vulnerability (Less Critical)

Quote:
Description:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or potentially gain escalated privileges.

The vulnerability is caused due to an error within the "listxattr" system call when interpreting "bad_inode_ops" return values, which can be exploited to cause a memory corruption.

Successful exploitation requires a bad inode.

Solution:
The vulnerability is fixed in version 2.6.20-rc4.
Secunia Advisory | CVE-2006-5753
 
Old 02-13-2007, 10:25 PM   #74
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux Kernel "key_alloc_serial()" Denial of Service (Not Critical)

Quote:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to a NULL pointer dereference within the "key_alloc_serial()" function, which can be exploited to crash the Kernel.
Secunia Advisory | CVE-2007-0006
 
Old 02-20-2007, 04:54 AM   #75
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux 2.6.20.1 has been released.

It consists of a single patch over 2.6.20, addressing a security issue.
Quote:
[PATCH] Fix a free-wrong-pointer bug in nfs/acl server (CVE-2007-0772)

Due to type confusion, when an nfsacl verison 2 'ACCESS' request
finishes and tries to clean up, it calls fh_put on entiredly the
wrong thing and this can cause an oops.
ChangeLog | CVE-2007-0772 | Secunia Advisory


NOTE: The 2.6.18.y and 2.6.19.y branches also patched for this issue:

ChangeLog for 2.6.18.7 | ChangeLog for 2.6.19.4

Last edited by win32sux; 02-20-2007 at 01:12 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Kernel 2.4 in Zipslack (Waring: unable to open an initial console | Kernel Panic...) kurtamos Linux - General 2 05-10-2006 12:58 PM
Kernel-Patch Debian Logo 2.6.2 not correctly working for custom kernel 2.6.11 smp deepclutch Debian 3 06-27-2005 03:59 AM
kernel panic: try passing init= option to kernel...installation with Red Hat 9 kergen Linux - Hardware 1 09-30-2004 03:28 AM
are there any vulns for kernel 2.6.5? trax Linux - Security 2 04-24-2004 04:10 PM
snort rules to vulns not yet published zuessh Linux - Security 1 02-12-2004 02:17 PM


All times are GMT -5. The time now is 06:54 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration