LinuxQuestions.org
Page 5 of 20 « First 34 5 6715 Last »
Show 50 post(s) from this thread on one page

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Kernel Vulns (https://www.linuxquestions.org/questions/linux-security-4/kernel-vulns-399624/)

win32sux 11-19-2006 05:06 AM
Linux 2.6.18.3 has been released.
 
It includes many bugfixes, one of which addresses a security vulnerability:
Quote:
[PATCH] security/seclvl.c: fix time wrap (CVE-2005-4352)

initlvl=2 in seclvl gives the guarantee
"Cannot decrement the system time".

But it was possible to set the time to the maximum unixtime value
(19 Jan 2038) resulting in a wrap to the minimum value.

This patch fixes this by disallowing setting the time to any date
after 2030 with initlvl=2.

This patch does not apply to kernel 2.6.19 since the seclvl module was
already removed in this kernel.
ChangeLog | CVE-2005-4352

win32sux 11-20-2006 02:48 PM
Linux 2.4.33.4 has been released
 
It includes several bugfixes, at least one of which addresses a security vulnerability:
Quote:
Backport fix for CVE-2006-4997 to 2.4 tree
ChangeLog | CVE-2006-4997

win32sux 11-30-2006 12:39 AM
Linux 2.6.18.4 has been released.
 
It consists of a single patch addressing a security vulnerability:
Quote:
[PATCH] bridge: fix possible overflow in get_fdb_entries (CVE-2006-5751)

Make sure to properly clamp maxnum to avoid overflow (CVE-2006-5751).
ChangeLog | CVE-2006-5751


BTW: Seems I once again missed a 2.6.16.y security fix release. 2.6.16.33 was released November 22 and included a patch for CVE-2005-4352.

win32sux 12-09-2006 07:03 AM
Linux Kernel "ip_summed" Memory Corruption Vulnerability (Less Critical)
 
Quote:
Description:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to a memory corruption in drivers/net/tokenring/ibmtr.c, which can be exploited to cause a DoS by sending specially crafted packet to a vulnerable system.

The vulnerability is reported in Linux Kernel 2.6.19.

Solution:
A patch is available in the GIT repository.
Secunia Advisory

win32sux 12-09-2006 07:11 AM
Linux 2.6.16.35 has been released.
 
It includes many bugfixes, one of which addresses a security vulnerability:
Quote:
bridge: fix possible overflow in get_fdb_entries (CVE-2006-5751)

Make sure to properly clamp maxnum to avoid overflow (CVE-2006-5751).
ChangeLog | CVE-2006-5751

win32sux 12-12-2006 05:53 AM
Linux 2.6.19.1 has been released.
 
It includes several bugfixes, one of which addresses a security vulnerability:
Quote:
[PATCH] do_coredump() and not stopping rewrite attacks? (CVE-2006-6304)
Changelog | CVE-2006-6304

win32sux 12-16-2006 05:53 PM
Linux 2.4.33.5 has been released.
 
It consists of a few bugfixes, one of which addresses a security vulnerability:
Quote:
[Bluetooth] Add packet size checks for CAPI messages (CVE-2006-6106)
ChangeLog | CVE-2006-6106

win32sux 12-18-2006 09:52 PM
Linux 2.6.18.6 has been released.
 
It consists of a few bugfixes, one of which addresses a security vulnerability:
Quote:
Bluetooth: Add packet size checks for CAPI messages (CVE-2006-6106)
Changelog | CVE-2006-6106

win32sux 12-19-2006 09:45 PM
Linux 2.4.33.6 has been released.
 
It consists of two bugfixes, one of which addresses a security vulnerability:
Quote:
Fix incorrect user space access locking in mincore() (CVE-2006-4814)
ChangeLog | CVE-2006-4814

win32sux 12-23-2006 04:59 PM
Linux 2.4.33.7 has been released.
 
It consists of a single patch addressing a security vulnerability:
Quote:
Call init_timer() for ISDN PPP CCP reset state timer (CVE-2006-5749)
ChangeLog | CVE-2006-5749

win32sux 01-10-2007 06:16 PM
Linux 2.6.19.2 has been released.
 
It includes many bugfixes, including Linus Torvalds' much anticipated data corruption fix.

Of course, several security issues are also addressed:
Quote:
Bluetooth: Add packet size checks for CAPI messages (CVE-2006-6106)

handle ext3 directory corruption better (CVE-2006-6053)

corrupted cramfs filesystems cause kernel oops (CVE-2006-5823)

ext2: skip pages past number of blocks in ext2_find_entry (CVE-2006-6054)

Fix incorrect user space access locking in mincore() (CVE-2006-4814)
ChangeLog | Tarball | Patch

win32sux 01-27-2007 09:21 PM
Linux 2.6.16.38 has been released (01/20/2007).
 
It includes several bugfixes, at least ten of which address security vulnerabilities:
Quote:
corrupted cramfs filesystems cause kernel oops (CVE-2006-5823)

handle ext3 directory corruption better (CVE-2006-6053)

ext2: skip pages past number of blocks in ext2_find_entry (CVE-2006-6054)

hfs_fill_super returns success even if no root inode (CVE-2006-6056)

x86_64: Don't leak NT bit into next task (CVE-2006-5755)

Bluetooth: Add packet size checks for CAPI messages (CVE-2006-6106)

grow_buffers() infinite loop fix (CVE-2006-5757/CVE-2006-6060)

i386: save/restore eflags in context switch (CVE-2006-5173)

Call init_timer() for ISDN PPP CCP reset state timer (CVE-2006-5749)

Fix incorrect user space access locking in mincore() (CVE-2006-4814)

win32sux 01-31-2007 04:28 PM
Linux Kernel "listxattr" Memory Corruption Vulnerability (Less Critical)
 
Quote:
Description:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or potentially gain escalated privileges.

The vulnerability is caused due to an error within the "listxattr" system call when interpreting "bad_inode_ops" return values, which can be exploited to cause a memory corruption.

Successful exploitation requires a bad inode.

Solution:
The vulnerability is fixed in version 2.6.20-rc4.
Secunia Advisory | CVE-2006-5753

win32sux 02-13-2007 10:25 PM
Linux Kernel "key_alloc_serial()" Denial of Service (Not Critical)
 
Quote:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to a NULL pointer dereference within the "key_alloc_serial()" function, which can be exploited to crash the Kernel.
Secunia Advisory | CVE-2007-0006

win32sux 02-20-2007 04:54 AM
Linux 2.6.20.1 has been released.
 
It consists of a single patch over 2.6.20, addressing a security issue.
Quote:
[PATCH] Fix a free-wrong-pointer bug in nfs/acl server (CVE-2007-0772)

Due to type confusion, when an nfsacl verison 2 'ACCESS' request
finishes and tries to clean up, it calls fh_put on entiredly the
wrong thing and this can cause an oops.
ChangeLog | CVE-2007-0772 | Secunia Advisory


NOTE: The 2.6.18.y and 2.6.19.y branches also patched for this issue:

ChangeLog for 2.6.18.7 | ChangeLog for 2.6.19.4


All times are GMT -5. The time now is 08:47 PM.
Page 5 of 20 « First 34 5 6715 Last »
Show 50 post(s) from this thread on one page