[plamo:27593] linux-2.6.18が出ています。

[名倉昭一]

 　名倉 です。

　　linux-2.6.18が出ています。

　　以下はChangeLog-2.6.18の抜粋です。

　commit 00a2b0f6dd2372842df73de72d51621b539fea44
　Author: Jan Kara <jack@suse.cz>
　Date:   Tue Aug 15 13:56:26 2006 +0200

    Fix possible UDF deadlock and memory corruption (CVE-2006-4145)
    
    UDF code is not really ready to handle extents larger that 1GB. This is
    the easy way to forbid creating those.
    
    Also truncation code did not count with the case when there are no
    extents in the file and we are extending the file.
    
    Signed-off-by: Jan Kara <jack@suse.cz>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

　commit c164a9ba0a8870c5c9d353f63085319931d69f23
　Author: Sridhar Samudrala <sri@us.ibm.com>
　Date:   Tue Aug 22 11:50:39 2006 -0700

    Fix sctp privilege elevation (CVE-2006-3745)
    
    sctp_make_abort_user() now takes the msg_len along with the msg
    so that we don't have to recalculate the bytes in iovec.
    It also uses memcpy_fromiovec() so that we don't go beyond the
    length allocated.
    
    It is good to have this fix even if verify_iovec() is fixed to
    return error on overflow.
    
    Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

　commit 9a936a2e0526089194159eae31238e36b1c19e74
　Author: Olof Johansson <olof@lixom.net>
　Date:   Sun Aug 6 20:51:25 2006 -0500

    [POWERPC] powerpc: Clear HID0 attention enable on PPC970 at boot time
    
    Clear HID0[en_attn] at CPU init time on PPC970.  Closes CVE-2006-4093.
    
    Signed-off-by: Olof Johansson <olof@lixom.net>
    Signed-off-by: Paul Mackerras <paulus@samba.org>

　commit abf75a5033d4da7b8a7e92321d74021d1fcfb502
　Author: Marcel Holtmann <marcel@holtmann.org>
　Date:   Wed Jul 12 13:12:00 2006 +0200

    [PATCH] Fix prctl privilege escalation and suid_dumpable (CVE-2006-2451)
    
    Based on a patch from Ernie Petrides
    
    During security research, Red Hat discovered a behavioral flaw in core
    dump handling. A local user could create a program that would cause a
    core file to be dumped into a directory they would not normally have
    permissions to write to. This could lead to a denial of service (disk
    consumption), or allow the local user to gain root privileges.
    
    The prctl() system call should never allow to set "dumpable" to the
    value 2. Especially not for non-privileged users.
    
    This can be split into three cases:
    
      1) running as root -- then core dumps will already be done as root,
         and so prctl(PR_SET_DUMPABLE, 2) is not useful
    
      2) running as non-root w/setuid-to-root -- this is the debatable case
    
      3) running as non-root w/setuid-to-non-root -- then you definitely
         do NOT want "dumpable" to get set to 2 because you have the
         privilege escalation vulnerability
    
    With case #2, the only potential usefulness is for a program that has
    designed to run with higher privilege (than the user invoking it) that
    wants to be able to create root-owned root-validated core dumps. This
    might be useful as a debugging aid, but would only be safe if the program
    had done a chdir() to a safe directory.
    
    There is no benefit to a production setuid-to-root utility, because it
    shouldn't be dumping core in the first place. If this is true, then the
    same debugging aid could also be accomplished with the "suid_dumpable"
    sysctl.
    
    Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
    Signed-off-by: Linus Torvalds <torvalds@osdl.org>

　commit d3dcd4efe2ad1ad1865b2fe5c863c1ebd9482a84
　Author: Patrick McHardy <kaber@trash.net>
　Date:   Mon Jun 19 23:39:45 2006 -0700

    [NETFILTER]: xt_sctp: fix endless loop caused by 0 chunk length
    
    Fix endless loop in the SCTP match similar to those already fixed in
    the SCTP conntrack helper (was CVE-2006-1527).
    
    Signed-off-by: Patrick McHardy <kaber@trash.net>
    Signed-off-by: David S. Miller <davem@davemloft.net>

　今ダウンロードが終わったところ
　ぼちぼち更新にかかります。