Linux Kernel SMP "/proc" Race Condition Denial of Service (Not Critical)
Quote:
This is CVE-2006-2629. |
Linux 2.6.16.21 and 2.6.17.1 have been released. Both releases address security issues.
Regarding 2.6.16.21: The ChangeLog shows it consists of 4 patches, 3 of which have CVE IDs: Quote:
Quote:
Quote:
Regarding 2.6.17.1: The ChangeLog shows it consists of a patch for CVE-2006-3085: Quote:
|
Linux 2.6.16.23 and 2.6.17.3 have been released.
Both releases address a Netfilter vulnerability: Quote:
ChangeLogs: 2.6.16.23, 2.6.17.3. |
Linux 2.6.16.24 and 2.6.17.4 have been released.
Both releases address a core dump handling vulnerability: Quote:
ChangeLogs: 2.6.16.24, 2.6.17.4. |
Linux 2.6.16.25 and 2.6.17.5 have been released.
Both releases address a /proc vulnerability: Quote:
ChangeLogs: 2.6.16.25, 2.6.17.5. UPDATE: Linux 2.6.16.26 and 2.6.17.6 were released shortly after, to relax the /proc fix a bit. Because this patch isn't in and of itself a vulnerability fix, I will not be making a new post for it (this thread is only for vulnerabilities, not just any bugfixes). Quote:
|
Linux 2.6.16.27 has been released.
It's three patches, one of which addresses a security vulnerability: Quote:
ChangeLog: 2.6.16.27. |
Linux 2.6.17.7 has been released.
It consists of many patches, one of which addresses a security vulnerability: Quote:
ChangeLog: 2.6.17.7. |
Linux Kernel Ext3 Invalid Inode Number Denial of Service
Quote:
NOTE: It seems like 2.6.17.8 addresses this, but it's not entirely clear whether the patch is a temporary workaround or a permanent fix. |
Linux 2.4.33 has been released.
It consists of a great deal of maintenance patches over 2.4.32, several of which address security vulnerabilities. Here's the essence, as far as patches with CVE IDs are concerned: Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
NOTE: I realize it might be a little odd to see the 2.4.x kernel make it into this thread. But considering that 2.4.x is still in such wide use, I feel it's important we post vulnerability reports for it also. Furthermore, the release of 2.4.33 seems like the perfect time to start doing so IMHO. |
Linux Kernel UDF Truncation Denial of Service (Not Critical)
Quote:
|
Linux 2.6.17.9 has been released.
It consists of a single patch for a PowerPC vulnerability: Quote:
|
Linux 2.4.33.1 has been released.
It includes a patch for the PowerPC vulnerability, as well as one for CVE-2006-1528. The ChangeLog is here. |
Linux 2.4.33.2 has been released.
It includes a patch for CVE-2006-3745 (SCTP local privilage elevation). The ChangeLog is here. |
Linux 2.6.17.10 has been released.
It consists of three patches, two of which have CVE IDs: Quote:
Quote:
The 2.6.17.10 ChangeLog is here. UPDATE: Linux 2.6.17.11 has been released, but because it doesn't seem to include any fixes for security vulnerabilities, a new post here isn't warranted. |
Linux 2.6.16.28 has been released.
It consists of several bugfixes, four of which address security vulnerabilities. From the ChangeLog: Quote:
|
All times are GMT -5. The time now is 08:30 PM. |