[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[plamo:28191] linux-2.6.21.4,linux-2.6.20.13が出ています。
-
From:名倉昭一
-
Date:Fri, 8 Jun 2007 15:58:56 +0900 (JST)
- Subject: [plamo:28191] linux-2.6.21.4,linux-2.6.20.13が出ています。
- From: 名倉昭一<nagura-s@xxxxxxxxxxxx>
- Date: Fri, 08 Jun 2007 15:58:53 +0900
名倉 です。
linux-2.6.21.4が出ています。以下はそのChangeLogですが
linux-2.6.20.13も同様の内容です。
commit e95907f256676ca48ae66d071ca0c9c066cb79ab
Author: Chris Wright <chrisw@xxxxxxxxxxxx>
Date: Thu Jun 7 14:27:31 2007 -0700
Linux 2.6.21.4
commit 8c640bd0c68201dd0d71b78a07bb224973580ad3
Author: Patrick McHardy <kaber@xxxxxxxxx>
Date: Tue Jun 5 14:14:22 2007 +0200
[PATCH] NETFILTER: {ip, nf}_conntrack_sctp: fix remotely triggerable NULL ptr dereference (CVE-2007-2876)
When creating a new connection by sending an unknown chunk type, we
don't transition to a valid state, causing a NULL pointer dereference in
sctp_packet when accessing sctp_timeouts[SCTP_CONNTRACK_NONE].
Fix by don't creating new conntrack entry if initial state is invalid.
Noticed by Vilmos Nebehaj <vilmos.nebehaj@xxxxxxxxx>
CC: Kiran Kumar Immidi <immidi_kiran@xxxxxxxxx>
Cc: David Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxx>
Signed-off-by: Chris Wright <chrisw@xxxxxxxxxxxx>
commit c23e7e4c94647c2c47d2c835b21cc7d745f62d05
Author: Chris Wright <chrisw@xxxxxxxxxxxx>
Date: Thu Jun 7 14:25:31 2007 -0700
[PATCH] cpuset: prevent information leak in cpuset_tasks_read (CVE-2007-2875)
Use simple_read_from_buffer to avoid possible underflow in
cpuset_tasks_read which could allow user to read kernel memory.
Note: This is fixed upstream in 85badbdf5120d246ce2bb3f1a7689a805f9c9006
Signed-off-by: Chris Wright <chrisw@xxxxxxxxxxxx>
commit 7bd369b1346bf7f15bba42ddf369fb79fe759b50
Author: Matt Mackall <mpm@xxxxxxxxxxx>
Date: Tue May 29 21:58:10 2007 -0500
[PATCH] random: fix seeding with zero entropy (CVE-2007-2453 2 of 2)
Add data from zero-entropy random_writes directly to output pools to
avoid accounting difficulties on machines without entropy sources.
Tested on lguest with all entropy sources disabled.
Signed-off-by: Matt Mackall <mpm@xxxxxxxxxxx>
Acked-by: "Theodore Ts'o" <tytso@xxxxxxx>
Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Chris Wright <chrisw@xxxxxxxxxxxx>
commit 374f167dfb97c1785515a0c41e32a66b414859a8
Author: Matt Mackall <mpm@xxxxxxxxxxx>
Date: Tue May 29 21:54:27 2007 -0500
[PATCH] random: fix error in entropy extraction (CVE-2007-2453 1 of 2)
Fix cast error in entropy extraction.
Add comments explaining the magic 16.
Remove extra confusing loop variable.
Signed-off-by: Matt Mackall <mpm@xxxxxxxxxxx>
Acked-by: "Theodore Ts'o" <tytso@xxxxxxx>
Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Chris Wright <chrisw@xxxxxxxxxxxx>
[検索ページ]
[メール一覧]
Plamo ML 公開システム