[Gelistirici] [merge] kernel-dom[0U]

S.Çağlar Onur caglar at pardus.org.tr
21 Mar 2007 Çar 04:35:48 EET 

Fixes;
             - CVE-2006-5753: fix bad_inode_ops memory corruption
             - CVE-2006-6333: The tr_rx function in ibmtr.c for Linux kernel 
2.6.19 assigns the wrong flag to the ip_summed field, which allows remote 
attackers to cause a denial of service (memory corruption) via crafted 
packets that cause the kernel to interpret another field as an offset.
             - CVE-2007-0005: Fix buffer overflow in Omnikey CardMan 4040 
driver
             - CVE-2007-0006: Keys: Fix key serial number collision handling
             - CVE-2007-0772: Fix a free-wrong-pointer bug in nfsd/acl
             - CVE-2007-0958: Linux kernel 2.6.x before 2.6.20 allows local 
users to read unreadable binaries by using the interpreter (PT_INTERP) 
functionality and triggering a core dump, a variant of CVE-2004-1073
             - CVE-2007-1000: [IPV6]: Handle np->opt being NULL in 
ipv6_getsockopt_sticky().
             - CVE-2007-1388: NULL pointer dereference in do_ipv6_setsockopt
             - CVE-2007-1496: nfnetlink_log in netfilter in the Linux kernel 
before 2.6.20.3 allows attackers to cause a denial of service (crash) via 
unspecified vectors involving the (1) nfulnl_recv_config function, (2) 
using "multiple packets per netlink message", and (3) bridged packets, which 
trigger a NULL pointer dereference.
             - CVE-2007-1497: nf_conntrack in netfilter in the Linux kernel 
before 2.6.20.3 does not set nfctinfo during reassembly of fragmented 
packets, which leaves the default value as IP_CT_ESTABLISHED and might allow 
remote attackers to bypass certain rulesets using IPv6 fragments.
-- 
S.Çağlar Onur <caglar at pardus.org.tr>
http://cekirdek.pardus.org.tr/~caglar/

Linux is like living in a teepee. No Windows, no Gates and an Apache in house!
-------------- sonraki bölüm --------------
A non-text attachment was scrubbed...
Name: kullanılamıyor
Type: application/pgp-signature
Size: 189 bytes
Desc: kullanılamıyor
URL: <http://liste.pardus.org.tr/gelistirici/attachments/20070321/95cd7ec0/attachment-0002.pgp>

Gelistirici mesaj listesiyle ilgili daha fazla bilgi