[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[plamo:27593] linux-2.6.18が出ています。
-
From:名倉昭一
-
Date:Wed, 20 Sep 2006 13:50:48 +0900 (JST)
- Subject: [plamo:27593] linux-2.6.18が出ています。
- From: 名倉昭一<nagura-s@xxxxxxxxxxxx>
- Date: Wed, 20 Sep 2006 13:51:31 +0900
名倉 です。
linux-2.6.18が出ています。
以下はChangeLog-2.6.18の抜粋です。
commit 00a2b0f6dd2372842df73de72d51621b539fea44
Author: Jan Kara <jack@suse.cz>
Date: Tue Aug 15 13:56:26 2006 +0200
Fix possible UDF deadlock and memory corruption (CVE-2006-4145)
UDF code is not really ready to handle extents larger that 1GB. This is
the easy way to forbid creating those.
Also truncation code did not count with the case when there are no
extents in the file and we are extending the file.
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
commit c164a9ba0a8870c5c9d353f63085319931d69f23
Author: Sridhar Samudrala <sri@us.ibm.com>
Date: Tue Aug 22 11:50:39 2006 -0700
Fix sctp privilege elevation (CVE-2006-3745)
sctp_make_abort_user() now takes the msg_len along with the msg
so that we don't have to recalculate the bytes in iovec.
It also uses memcpy_fromiovec() so that we don't go beyond the
length allocated.
It is good to have this fix even if verify_iovec() is fixed to
return error on overflow.
Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
commit 9a936a2e0526089194159eae31238e36b1c19e74
Author: Olof Johansson <olof@lixom.net>
Date: Sun Aug 6 20:51:25 2006 -0500
[POWERPC] powerpc: Clear HID0 attention enable on PPC970 at boot time
Clear HID0[en_attn] at CPU init time on PPC970. Closes CVE-2006-4093.
Signed-off-by: Olof Johansson <olof@lixom.net>
Signed-off-by: Paul Mackerras <paulus@samba.org>
commit abf75a5033d4da7b8a7e92321d74021d1fcfb502
Author: Marcel Holtmann <marcel@holtmann.org>
Date: Wed Jul 12 13:12:00 2006 +0200
[PATCH] Fix prctl privilege escalation and suid_dumpable (CVE-2006-2451)
Based on a patch from Ernie Petrides
During security research, Red Hat discovered a behavioral flaw in core
dump handling. A local user could create a program that would cause a
core file to be dumped into a directory they would not normally have
permissions to write to. This could lead to a denial of service (disk
consumption), or allow the local user to gain root privileges.
The prctl() system call should never allow to set "dumpable" to the
value 2. Especially not for non-privileged users.
This can be split into three cases:
1) running as root -- then core dumps will already be done as root,
and so prctl(PR_SET_DUMPABLE, 2) is not useful
2) running as non-root w/setuid-to-root -- this is the debatable case
3) running as non-root w/setuid-to-non-root -- then you definitely
do NOT want "dumpable" to get set to 2 because you have the
privilege escalation vulnerability
With case #2, the only potential usefulness is for a program that has
designed to run with higher privilege (than the user invoking it) that
wants to be able to create root-owned root-validated core dumps. This
might be useful as a debugging aid, but would only be safe if the program
had done a chdir() to a safe directory.
There is no benefit to a production setuid-to-root utility, because it
shouldn't be dumping core in the first place. If this is true, then the
same debugging aid could also be accomplished with the "suid_dumpable"
sysctl.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
commit d3dcd4efe2ad1ad1865b2fe5c863c1ebd9482a84
Author: Patrick McHardy <kaber@trash.net>
Date: Mon Jun 19 23:39:45 2006 -0700
[NETFILTER]: xt_sctp: fix endless loop caused by 0 chunk length
Fix endless loop in the SCTP match similar to those already fixed in
the SCTP conntrack helper (was CVE-2006-1527).
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
今ダウンロードが終わったところ
ぼちぼち更新にかかります。
- Follow-Ups
-
- [plamo:27600] Re: linux-2.6.18が出ています。, 名倉昭一
[検索ページ]
[メール一覧]
Plamo ML 公開システム