[Gelistirici] [merge] kernel-dom[0U]
S.Çağlar Onur
caglar at pardus.org.tr
21 Mar 2007 Çar 04:35:48 EET
Fixes;
- CVE-2006-5753: fix bad_inode_ops memory corruption
- CVE-2006-6333: The tr_rx function in ibmtr.c for Linux kernel
2.6.19 assigns the wrong flag to the ip_summed field, which allows remote
attackers to cause a denial of service (memory corruption) via crafted
packets that cause the kernel to interpret another field as an offset.
- CVE-2007-0005: Fix buffer overflow in Omnikey CardMan 4040
driver
- CVE-2007-0006: Keys: Fix key serial number collision handling
- CVE-2007-0772: Fix a free-wrong-pointer bug in nfsd/acl
- CVE-2007-0958: Linux kernel 2.6.x before 2.6.20 allows local
users to read unreadable binaries by using the interpreter (PT_INTERP)
functionality and triggering a core dump, a variant of CVE-2004-1073
- CVE-2007-1000: [IPV6]: Handle np->opt being NULL in
ipv6_getsockopt_sticky().
- CVE-2007-1388: NULL pointer dereference in do_ipv6_setsockopt
- CVE-2007-1496: nfnetlink_log in netfilter in the Linux kernel
before 2.6.20.3 allows attackers to cause a denial of service (crash) via
unspecified vectors involving the (1) nfulnl_recv_config function, (2)
using "multiple packets per netlink message", and (3) bridged packets, which
trigger a NULL pointer dereference.
- CVE-2007-1497: nf_conntrack in netfilter in the Linux kernel
before 2.6.20.3 does not set nfctinfo during reassembly of fragmented
packets, which leaves the default value as IP_CT_ESTABLISHED and might allow
remote attackers to bypass certain rulesets using IPv6 fragments.
--
S.Çağlar Onur <caglar at pardus.org.tr>
http://cekirdek.pardus.org.tr/~caglar/
Linux is like living in a teepee. No Windows, no Gates and an Apache in house!
-------------- sonraki bölüm --------------
A non-text attachment was scrubbed...
Name: kullanılamıyor
Type: application/pgp-signature
Size: 189 bytes
Desc: kullanılamıyor
URL: <http://liste.pardus.org.tr/gelistirici/attachments/20070321/95cd7ec0/attachment-0002.pgp>
Gelistirici mesaj listesiyle ilgili
daha fazla bilgi