[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[plamo:28191] linux-2.6.21.4,linux-2.6.20.13が出ています。



  名倉 です。

 linux-2.6.21.4が出ています。以下はそのChangeLogですが
 linux-2.6.20.13も同様の内容です。

  commit e95907f256676ca48ae66d071ca0c9c066cb79ab
  Author: Chris Wright <chrisw@xxxxxxxxxxxx>
  Date:   Thu Jun 7 14:27:31 2007 -0700

    Linux 2.6.21.4

  commit 8c640bd0c68201dd0d71b78a07bb224973580ad3
  Author: Patrick McHardy <kaber@xxxxxxxxx>
  Date:   Tue Jun 5 14:14:22 2007 +0200

    [PATCH] NETFILTER: {ip, nf}_conntrack_sctp: fix remotely triggerable NULL ptr dereference (CVE-2007-2876)
    
    When creating a new connection by sending an unknown chunk type, we
    don't transition to a valid state, causing a NULL pointer dereference in
    sctp_packet when accessing sctp_timeouts[SCTP_CONNTRACK_NONE].
    
    Fix by don't creating new conntrack entry if initial state is invalid.
    
    Noticed by Vilmos Nebehaj <vilmos.nebehaj@xxxxxxxxx>
    
    CC: Kiran Kumar Immidi <immidi_kiran@xxxxxxxxx>
    Cc: David Miller <davem@xxxxxxxxxxxxx>
    Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
    Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxx>
    Signed-off-by: Chris Wright <chrisw@xxxxxxxxxxxx>

  commit c23e7e4c94647c2c47d2c835b21cc7d745f62d05
  Author: Chris Wright <chrisw@xxxxxxxxxxxx>
  Date:   Thu Jun 7 14:25:31 2007 -0700

    [PATCH] cpuset: prevent information leak in cpuset_tasks_read (CVE-2007-2875)
    
    Use simple_read_from_buffer to avoid possible underflow in
    cpuset_tasks_read which could allow user to read kernel memory.
    
    Note: This is fixed upstream in 85badbdf5120d246ce2bb3f1a7689a805f9c9006
    
    Signed-off-by: Chris Wright <chrisw@xxxxxxxxxxxx>

  commit 7bd369b1346bf7f15bba42ddf369fb79fe759b50
  Author: Matt Mackall <mpm@xxxxxxxxxxx>
  Date:   Tue May 29 21:58:10 2007 -0500

    [PATCH] random: fix seeding with zero entropy (CVE-2007-2453 2 of 2)
    
    Add data from zero-entropy random_writes directly to output pools to
    avoid accounting difficulties on machines without entropy sources.
    
    Tested on lguest with all entropy sources disabled.
    
    Signed-off-by: Matt Mackall <mpm@xxxxxxxxxxx>
    Acked-by: "Theodore Ts'o" <tytso@xxxxxxx>
    Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
    Signed-off-by: Chris Wright <chrisw@xxxxxxxxxxxx>

  commit 374f167dfb97c1785515a0c41e32a66b414859a8
  Author: Matt Mackall <mpm@xxxxxxxxxxx>
  Date:   Tue May 29 21:54:27 2007 -0500

    [PATCH] random: fix error in entropy extraction (CVE-2007-2453 1 of 2)
    
    Fix cast error in entropy extraction.
    Add comments explaining the magic 16.
    Remove extra confusing loop variable.
    
    Signed-off-by: Matt Mackall <mpm@xxxxxxxxxxx>
    Acked-by: "Theodore Ts'o" <tytso@xxxxxxx>
    Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
    Signed-off-by: Chris Wright <chrisw@xxxxxxxxxxxx>







[検索ページ] [メール一覧]
Plamo ML 公開システム