Linux 2.6.22.8 has been released.
It consists of one patch for a security vulnerability.
Quote:
|
Linux Kernel ptrace Single Step "CS" Null Pointer Dereference (Not Critical)
Quote:
|
Linux Kernel "ieee80211_rx()" Denial of Service Vulnerability (Less Critical)
Quote:
|
Linux Kernel CIFS "SendReceive()" Buffer Overflow (Less Critical)
Quote:
|
Linux 2.6.23.8 has been released.
It consists of fixes for two security vulnerabilities:
Quote:
Quote:
|
Linux Kernel "isdn_net_setcfg()" Buffer Overflow Vulnerability
Quote:
|
Linux Kernel "do_coredump()" Information Disclosure
Quote:
|
Linux Kernel "mmap_min_addr" Security Bypass
Quote:
|
Linux 2.6.23.10 has been released.
It addresses several bugs, at least one of which is a security vulnerability:
Code:
hrtimers: avoid overflow for large relative timeouts (CVE-2007-5966) EDIT: Please note that 2.6.23.11 was released less than 10 hours later. |
Linux 2.6.23.14 has been released.
It solely consists of a patch for a security vulnerability.
Quote:
|
Linux Kernel minix File System Denial of Service Vulnerability
Quote:
|
Linux Kernel CHRP Denial of Service Security Issue
Quote:
|
Linux 2.6.24.1 has been released.
It includes several bugfixes, including two which address security vulnerabilities.
Quote:
Quote:
EDIT #1: For whatever reason, the 2.6.24.2 update which was released shortly after did not include a CVE ID in the ChangeLog. EDIT #2: Here's the Secunia Advisory, which also includes CVE-2008-0600. |
Linux 2.6.25.1 has been released.
It includes fixes for a couple of security vulnerabilities.
Quote:
Quote:
Quote:
|
Linux 2.6.25.2 has been released.
It consists solely of a patch for an SMP security issue.
Quote:
|
Linux Kernel Multiple Vulnerabilities
Quote:
|
Linux Kernel Unspecified Vulnerability
Quote:
|
Linux 2.6.25.5 has been released.
It consists of a single patch for a security vulnerability.
Quote:
|
Linux Kernel "pppol2tp_recvmsg()" Memory Corruption Vulnerability
Quote:
|
Linux Kernel x86_64 ptrace Local Memory Corruption Vulnerability
No CVE ID appears in the 2.6.25.10 ChangeLog.
Quote:
|
TTY Operations NULL Pointer Dereference Denial of Service Vulnerabilities
Another one without a CVE mentioned in the 2.6.25.10 ChangeLog.
Quote:
|
Linux Kernel "snd_seq_oss_synth_make_info()" Information Disclosure
Quote:
EDIT: Note that stable version 2.6.26.2 was released today, and it includes a patch for this. |
Linux Kernel 'uvc_driver.c ' Format Descriptor Parsing Buffer Overflow Vulnerability
Seems 2.6.26.1 did include at least one security patch, which I missed (partly for reasons discussed here).
So I'm posting this late notice only for completeness' sake. =/ Quote:
|
Linux Kernel "rt6_fill_node()" Denial of Service Vulnerability
Quote:
|
Linux Kernel 'sctp_setsockopt_auth_key()' Remote Denial of Service Vulnerability
Quote:
Quote:
|
Linux Kernel s390 ptrace Local Denial of Service
Quote:
|
Linux kernel NFSv4 ACL Buffer Overflow Vulnerability
Quote:
|
Linux Kernel "vmi_write_ldt_entry()" Privilege Escalation
Quote:
|
Linux 2.6.26.6 has been released. AFAICT, it includes at least two security fixes. One for the previously mentioned CVE-2008-1514, and one for a SCTP INIT-ACK AUTH Extension Remote Denial of Service Vulnerability.
|
Linux Kernel DRM_I915_HWS_ADDR IOCTL Privilege Escalation
Quote:
|
Linux 2.6.27.3 has been released.
It includes the fix for CVE-2008-3831 (mentioned above), and at least one more security-related fix:
Code:
security: avoid calling a NULL function pointer in drivers/video/tvaudio.c |
Linux 2.6.27.4 has been released.
It includes at least one security vulnerability fix:
Code:
ext[234]: Avoid printk floods in the face of directory corruption |
Linux 2.6.27.6 has been released.
In addresses at least one security vulnerability:
Quote:
|
Linux 2.6.27.7 has been released.
It addresses at least one security vulnerability:
Quote:
|
Linux Kernel "sendmsg()" Garbage Collector Denial of Service
Quote:
|
Linux Kernel PARISC "parisc_show_stack()" Denial of Service
Quote:
|
Linux 2.6.27.8 has been released.
|
Linux 2.6.27.9 has been released.
It includes at least one security fix.
Quote:
|
Linux Kernel 64bit ABI System Call Parameter Sign Extension Security Issue
Quote:
|
Linux Kernel "keyctl_join_session_keyring()" Denial of Service
Quote:
|
Linux Kernel dell_rbu Denial of Service Security Issues
Quote:
|
Linux Kernel Denial of Service Vulnerabilities
Quote:
|
Linux Kernel Console Selection Local Privilege Escalation Vulnerability
Quote:
|
Quote:
Quote:
PS. Thanks for posting these win32sux. As my distro of choice doesn't tend to update the kernel except in the most severe cases, I find your announcements here invaluable. |
Yeah, you have my gratitude as well. Keep up the good work win32sux!
|
Linux Kernel Kprobe Memory Corruption Vulnerability
Glad to be of service, guys! :)
Quote:
|
Linux Kernel 64 Bit ABI System Call Parameter Privilege Escalation Vulnerability
Quote:
|
Linux Kernel SysKonnect FDDI Driver Statistics Reset Security Bypass
Quote:
|
Linux Kernel 'sock.c' SO_BSDCOMPAT Option Information Disclosure Vulnerability
Quote:
|
Gotta love sidux, slh keeps the kernel updated.
2.6.28-7.slh.1-sidux-686 |
All times are GMT -5. The time now is 02:21 PM. |