LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 02-24-2007, 07:45 PM   #76
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux 2.6.18.8 has been released.


It addresses several security vulnerabilities, and it's likely to be the last patch to hit 2.6.18.y unless something extremely serious comes-up.

Quote:
grow_buffers() infinite loop fix (CVE-2006-5757, CVE-2006-6060)

hfs_fill_super returns success even if no root inode (CVE-2006-6056)

Fix incorrect user space access locking in mincore() (CVE-2006-4814)
ChangeLog was not available at the time of this post, but should be here when it is.
 
Old 03-02-2007, 05:06 PM   #77
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux 2.6.16.42 has been released.

It happened last week, but it slipped-by me. =/

It includes several bugfixes, including three for security vulnerabilities.
Quote:
fix bad_inode_ops memory corruption (CVE-2006-5753)

Fix a free-wrong-pointer bug in nfs/acl server (CVE-2007-0772)

Keys: Fix key serial number collision handling (CVE-2007-0006)
ChangeLog | Patch
 
Old 03-05-2007, 04:08 PM   #78
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux 2.6.19.6 has been released.

It includes several bugfixes, one which addresses a security vulnerability. This is quite likely the last 2.6.19.y release, unless something extremely serious is found.
Quote:
fix memory corruption from misinterpreted bad_inode_ops return values (CVE-2006-5753)
ChangeLog | Patch

NOTE: A few hours after, 2.6.19.7 was released, addressing a few issues which slipped past the -stable team. It does not appear to address any vulnerabilities. The ChangeLog for it is here.

Last edited by win32sux; 03-05-2007 at 04:09 PM.
 
Old 03-08-2007, 08:12 PM   #79
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux Kernel Omnikey CardMan 4040 Driver Buffer Overflow (Not Critical)

Quote:
Description:
A vulnerability has been reported in the Linux Kernel, which potentially can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges.

The vulnerability is caused due to boundary errors within the "read()" and "write()" functions of the Omnikey CardMan 4040 driver. This can be exploited to cause a buffer overflow and may allow the execution of arbitrary code with kernel privileges.

The vulnerability is reported in versions prior to 2.6.21-rc3.
Secunia Advisory
 
Old 03-09-2007, 04:10 PM   #80
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux 2.6.20.2 has been released.

It includes a ton of bugfixes, two of which address security vulnerabilities.
Quote:
IPV6: Handle np->opt being NULL in ipv6_getsockopt_sticky() [CVE-2007-1000]

Fix buffer overflow in Omnikey CardMan 4040 driver (CVE-2007-0005)
ChangeLog | Patch
 
Old 03-14-2007, 03:05 PM   #81
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux Kernel NULL Pointer Dereferences and Security Bypass

Quote:
Description:
Some vulnerabilities have been reported in the Linux Kernel, which potentially can be exploited by malicious people to bypass certain security restrictions or cause a DoS (Denial of Service).

1) NULL pointer dereferences within net/netfilter/nfnetlink_log.c can potentially be exploited to cause a kernel panic by sending specially crafted packets to a vulnerable system.

2) An error exists within conntrack when assembling fragmented IPv6 packets. This can potentially be exploited to bypass certain rulesets that accept ESTABLISHED packets early.

Solution:
Update to version 2.6.20.3.
Secunia Advisory
 
Old 03-23-2007, 01:53 PM   #82
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux Kernel "ipv6_fl_socklist" Denial of Service (Less Critical)

Quote:
Description:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to listening IPv6 TCP sockets incorrectly sharing the "ipv6_fl_socklist" IPv6 flowlist with child sockets. This can be exploited to e.g. cause a kernel crash by performing certain actions on IPv6 TCP sockets.
Secunia Advisory | CVE-2007-1592
 
Old 04-10-2007, 11:40 AM   #83
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux Kernel "atalk_sum_skb()" AppleTalk Denial of Service (Less Critical)

Quote:
Description:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within the "atalk_sum_skb()" function when creating the checksum of an AppleTalk frame that is shorter than specified in the header. This can be exploited to trigger a "BUG_ON" condition by sending a specially crafted AppleTalk frame to a vulnerable system.

Successful exploitation requires that the AppleTalk kernel module is loaded.

Solution:
Update to version 2.6.20.5.
Secunia Advisory
 
Old 04-25-2007, 11:16 PM   #84
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux Kernel "L2CAP" and "HCI" Information Disclosure (Not Critical)

Quote:
Description:
Two weaknesses have been reported in the Linux Kernel, which can be exploited by malicious, local users to disclose potential sensitive information.

The weaknesses are caused due to uninitialised variables within the "hci_sock_setsockopt()" function in net/bluetooth/hci_sock.c and the "l2cap_sock_setsockopt()" function in net/bluetooth/l2cap.c and can potentially be exploited to disclose uninitialised bytes of the kernel stack.

The weaknesses are reported in versions prior to 2.4.34.3.

Solution:
Update to version 2.4.34.3.
Secunia Advisory | CVE-2007-1353
 
Old 04-30-2007, 11:34 AM   #85
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux Kernel IPv6 Type 0 Route Headers Denial of Service (Moderately Critical)

Quote:
Description:
A security issue has been reported in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service).

The security issue is caused due to an error within the processing of packets with IPv6 type 0 route headers. This can be exploited to cause a DoS due to high network traffic by sending specially crafted IPv6 packets to vulnerable systems.

Solution:
Update to version 2.6.20.9 or 2.6.21.
Secunia Advisory | CVE-2007-2242
 
Old 05-01-2007, 01:01 PM   #86
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux Kernel netlink NETLINK_FIB_LOOKUP Denial of Service (Not Critical)

Quote:
Description:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within the handling of NETLINK_FIB_LOOKUP reply messages. This can be exploited to cause an infinite recursion, which could result in a stack overflow.

The vulnerability is reported in versions prior to 2.6.20.8. Other versions may also be affected.

Solution:
Update to version 2.6.20.8.
Secunia Advisory
 
Old 05-08-2007, 08:30 AM   #87
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux Kernel PPPoE Socket "PPPIOCGCHAN" Denial of Service (Not Critical)

Quote:
Description:
A vulnerability has been reported in the Linux Kernel, which potentially can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to a memory leak when releasing PPPoE sockets after they are connected, but before the "PPPIOCGCHAN" ioctl is called. This can be exploited to cause a DoS due to memory exhaustion.

The vulnerability is reported in versions prior to 2.6.21-git8. Other versions may also be affected.

Solution:
Update to version 2.6.21-git8.
Secunia Advisory
 
Old 05-24-2007, 05:17 PM   #88
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux 2.6.21.3 has been released.

It addresses a GEODE-AES security vulnerability.
Quote:
[PATCH] GEODE-AES: Allow in-place operations [CVE-2007-2451]

Allow in-place crypto operations. Also remove the coherent user flag
(we use it automagically now), and by default use the user written
key rather then the HW hidden key - this makes crypto just work without
any special considerations, and thats OK, since its our only usage
model.
ChangeLog is here.
 
Old 06-01-2007, 10:45 AM   #89
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux Kernel VFAT IOCTLs Denial of Service (Not Critical)

Quote:
Description:
A security issue has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The security issue is caused due to an error within the handling of certain VFAT IOCTLs on 64bit systems, which can be exploited to crash the kernel by calling certain IOCTLs with malicious parameters.

Successful exploitation requires a 64bit-system and vfat and msdos file systems.

Solution:
Update to version 2.6.21.2.
Secunia Advisory | CVE-2007-2878
 
Old 06-08-2007, 05:10 AM   #90
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux 2.6.21.4 has been released.

It is purely a security-fix update, addressing a few vulnerabilities.

Quote:
PATCH] NETFILTER: {ip, nf}_conntrack_sctp: fix remotely triggerable NULL ptr dereference (CVE-2007-2876)

[PATCH] cpuset: prevent information leak in cpuset_tasks_read (CVE-2007-2875)

[PATCH] random: fix error in entropy extraction (CVE-2007-2453 1 of 2)

[PATCH] random: fix seeding with zero entropy (CVE-2007-2453 2 of 2)
ChangeLog | Secunia Advisory
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Kernel 2.4 in Zipslack (Waring: unable to open an initial console | Kernel Panic...) kurtamos Linux - General 2 05-10-2006 12:58 PM
Kernel-Patch Debian Logo 2.6.2 not correctly working for custom kernel 2.6.11 smp deepclutch Debian 3 06-27-2005 03:59 AM
kernel panic: try passing init= option to kernel...installation with Red Hat 9 kergen Linux - Hardware 1 09-30-2004 03:28 AM
are there any vulns for kernel 2.6.5? trax Linux - Security 2 04-24-2004 04:10 PM
snort rules to vulns not yet published zuessh Linux - Security 1 02-12-2004 02:17 PM


All times are GMT -5. The time now is 01:17 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration