[plamo:27218] linux-2.6.16.17が出ています。

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[plamo:27218] linux-2.6.16.17が出ています。

From:名倉昭一

Date:Sun, 21 May 2006 08:31:20 +0900 (JST)

Subject: [plamo:27218] linux-2.6.16.17が出ています。
From: 名倉昭一<nagura-s@xxxxxxxxxxxx>
Date: Sun, 21 May 2006 08:31:46 +0900

 名倉 です。

　linux-2.6.16.17が出ています。
　以下はChangeLogの抜粋です。

　Date:   Fri May 19 14:25:53 2006 -0700

   [PATCH] SCTP: Validate the parameter length in HB-ACK chunk (CVE-2006-1857)
    
    If SCTP receives a badly formatted HB-ACK chunk, it is possible
    that we may access invalid memory and potentially have a buffer
    overflow.  We should really make sure that the chunk format is
    what we expect, before attempting to touch the data.
    
　Date:   Fri May 19 11:52:20 2006 -0700

    [PATCH] SCTP: Respect the real chunk length when walking parameters (CVE-2006-1858)
    
    When performing bound checks during the parameter processing, we
    want to use the real chunk and paramter lengths for bounds instead
    of the rounded ones.  This prevents us from potentially walking of
    the end if the chunk length was miscalculated.  We still use rounded
    lengths when advancing the pointer. This was found during a
    conformance test that changed the chunk length without modifying
    parameters.
    
    (Vlad noted elsewhere: the most you'd overflow is 3 bytes, so problem
    is parameter dependent).

　Date:   Tue May 16 12:07:20 2006 -0700
    
    [PATCH] Netfilter: do_add_counters race, possible oops or info leak (CVE-2006-0039)
    
    Solar Designer found a race condition in do_add_counters(). The beginning
    of paddc is supposed to be the same as tmp which was sanity-checked
    above, but it might not be the same in reality. In case the integer
    overflow and/or the race condition are triggered, paddc->num_counters
    might not match the allocation size for paddc. If the check below
    (t->private->number != paddc->num_counters) nevertheless passes (perhaps
    this requires the race condition to be triggered), IPT_ENTRY_ITERATE()
    would read kernel memory beyond the allocation size, potentially causing
    an oops or leaking sensitive data (e.g., passwords from host system or
    from another VPS) via counter increments.  This requires CAP_NET_ADMIN.
    
    https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191698

Prev by Date: [plamo:27217] Apache 1.3.36
Next by Date: [plamo:27219] Plamo でのクロスコンパイラ作成方法
Previous by thread: [plamo:27224] Re: Apache 1.3.36
Next by thread: [plamo:27219] Plamo でのクロスコンパイラ作成方法
Index(es):
- Date
- Thread

[検索ページ] [メール一覧]
Plamo ML 公開システム