This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 200034 - Various kernel security issues - July thru October 2006
Various kernel security issues - July thru October 2006
Status: CLOSED WONTFIX
Product: Fedora Legacy
Classification: Retired
Component: kernel (Show other bugs)
unspecified
All Linux
medium Severity urgent
: ---
: ---
Assigned To: Fedora Legacy Bugs
LEGACY, rh73, rh90, 1, 2, 3, NEEDSWORK
: Security
: 188935 190082 190083 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-07-24 18:20 EDT by Marc Deslauriers
Modified: 2007-08-30 15:57 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-08-30 15:57:05 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Marc Deslauriers 2006-07-24 18:20:50 EDT
This bug will track the various kernel issues up to July 2006.
Comment 1 Marc Deslauriers 2006-07-24 18:21:39 EDT
*** Bug 188935 has been marked as a duplicate of this bug. ***
Comment 2 Marc Deslauriers 2006-07-24 18:22:34 EDT
*** Bug 190082 has been marked as a duplicate of this bug. ***
Comment 3 Marc Deslauriers 2006-07-24 18:23:29 EDT
*** Bug 190083 has been marked as a duplicate of this bug. ***
Comment 4 Marc Deslauriers 2006-07-24 18:26:41 EDT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here are updated kernel packages to QA for FC3:

* Sun Jul 16 2006 Marc Deslauriers <marcdeslauriers@videotron.ca>
2.6.12-2.4.legacy_FC3
- - Added patches for:
  CVE-2005-3359 (incorrect inrement/decrement in atm module)
  CVE-2006-0555 (nfs: fix client panic using O_DIRECT)
  CVE-2006-0741 (fix for ELF exec vulnerability on EM64T)
  CVE-2006-0744 (fix for ELF exec vulnerability on EM64T)
  CVE-2006-1525 (panic in ip_route_input() via inet_rtm_getroute())
  CVE-2006-1527 (netfilter/sctp: fix lockup in sctp_new)
  CVE-2006-1528 (local crash by dio/mmap sg/st driver)
  CVE-2006-1556 (LSM: add missing hooks to readv/writev)
  CVE-2006-1857 (SCTP HB-ACK chunk overflow)
  CVE-2006-1858 (SCTP chunk length overflow)
  CVE-2006-1860 (fcntl_setlease lockup)
  CVE-2006-1863 (cifs chroot issue)
  CVE-2006-1864 (smbfs chroot issue)
  CVE-2006-2071 (mprotect gives write permission to a readonly attachment)
  CVE-2006-2271 (SCTP ECNE chunk handling DoS)
  CVE-2006-2272 (SCTP incoming COOKIE_ECHO and HEARTBEAT packets DoS)
  CVE-2006-2274 (SCTP DATA fragments DoS)
  CVE-2006-2444 (SNMP NAT netfilter memory corruption)
  CVE-2006-2934 (SCTP netfilter DoS with chunkless packets)
  CVE-2006-3626 (Nasty /proc privilege escalation)


968488a6e0f4742b96c7f25eba4929bd4129a8d3  kernel-2.6.12-2.4.legacy_FC3.src.rpm
ada2a7e0bb8967dacd624690c2a345b9ce33bac5  i586/kernel-2.6.12-2.4.legacy_FC3.i586.rpm
872eb6040e1bf3ccaef86c375c571ad164f33133 
i586/kernel-smp-2.6.12-2.4.legacy_FC3.i586.rpm
0fc765f01b5fad2eb04a239ec3961cddab0b5f3c  i686/kernel-2.6.12-2.4.legacy_FC3.i686.rpm
66a20220792e8d8392ab99abc1acaae24af31a51 
i686/kernel-smp-2.6.12-2.4.legacy_FC3.i686.rpm
a2de56c192a6a5dedc4e53c633fa4b7e2e415bc2 
noarch/kernel-doc-2.6.12-2.4.legacy_FC3.noarch.rpm
40b1b373dc87bc7b9b80b3701a6e3821cfb66e87 
x86_64/kernel-2.6.12-2.4.legacy_FC3.x86_64.rpm
c1bb0f2f15b46abc48373a2b58ff1849a3c7b059 
x86_64/kernel-smp-2.6.12-2.4.legacy_FC3.x86_64.rpm

Available here:
http://turbosphere.fedoralegacy.org/logs/fedora-3-core/163-kernel-2.6.12-2.4.legacy_FC3/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFExUxNLMAs/0C4zNoRAojgAJ442eHt1Trs9sY0PXsdpWhzZNwsdQCff2zu
xLFN7rgzVeNPZS/dDyVSLCA=
=6FGu
-----END PGP SIGNATURE-----
Comment 5 John Dalbec 2006-07-28 16:36:48 EDT
06.27.24 CVE: CVE-2006-2935
Platform: Linux
Title: Linux Kernel CD-ROM Driver Local Buffer Overflow
Description: The Linux kernel is susceptible to a local buffer
overflow issue. It fails to properly bounds check user-supplied input
before using it in a memory copy operation. Linux kernel versions
2.6.17.3 and earlier are affected.
Ref: http://www.securityfocus.com/bid/18847
Comment 6 John Dalbec 2006-07-28 16:58:06 EDT
06.27.29 CVE: Not Available
Platform: Unix
Title: Linux Kernel PRCTL Core Dump Handling Privilege Escalation
Description: Linux kernel is exposed to a local privilege escalation
issue. This issue affects "prctl" because the application handles core
dump files in an insecure manner. Linux kernel versions 2.6.17.3 and
earlier are vulnerable.
Ref: http://rhn.redhat.com/errata/RHSA-2006-0574.html
Comment 7 Marc Deslauriers 2006-07-28 17:30:16 EDT
Bug in comment #5 applies to FL kernel releases.
Patch here:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=197670

Bug in comment #6 doesn't apply to any FL releases.
Comment 8 Marc Deslauriers 2006-08-02 21:57:25 EDT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here are updated kernel packages to QA for FC3 that fix a few more issues:

* Tue Aug 01 2006 Marc Deslauriers <marcdeslauriers@videotron.ca>
2.6.12-2.5.legacy_FC3
- - Added patches for:
  CVE-2006-2935 (Possible buffer overflow in DVD handling)
  CVE-2006-1242 (Linux zero IP ID vulnerability)
  CVE-2006-0742 (die_if_kernel() can return DoS)
  CVE-2005-3055 (async usb devio oops)
  CVE-2006-1343 (Small information leak in SO_ORIGINAL_DST)

80171a403f1a7451872df440c5356da44d9f0f87  kernel-2.6.12-2.5.legacy_FC3.src.rpm
b5e7d072ba4aed6d774514e3a84ea8fc1e94f3b0  i586/kernel-2.6.12-2.5.legacy_FC3.i586.rpm
0f0adb6317264fbcefd54f89f847f2c67a53f7f5 
i586/kernel-smp-2.6.12-2.5.legacy_FC3.i586.rpm
c4593480b44f4c211bbc91c6cd7c2825acee2395  i686/kernel-2.6.12-2.5.legacy_FC3.i686.rpm
db05a644bb491d7b5c9957a8c52bc3582945ec61 
i686/kernel-smp-2.6.12-2.5.legacy_FC3.i686.rpm
1fbb1b9b069a6802238ec28e1a0d66b15abef3a3 
noarch/kernel-doc-2.6.12-2.5.legacy_FC3.noarch.rpm
ba77b4394fe5c0d8d0e7e8fb9b1728a5f9e68be9 
x86_64/kernel-2.6.12-2.5.legacy_FC3.x86_64.rpm
2676339fbb99886861be78b43a1ef4f6a8e21889 
x86_64/kernel-smp-2.6.12-2.5.legacy_FC3.x86_64.rpm

Available here:
http://turbosphere.fedoralegacy.org/logs/fedora-3-core/168-kernel-2.6.12-2.5.legacy_FC3/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFE0VsTLMAs/0C4zNoRAu4QAJ9ELrxzrcn60xbwtxaJBwDSQEALqwCgu15P
TsrcJPbuexiZ3zFPrZ+dpLE=
=V+kG
-----END PGP SIGNATURE-----
Comment 9 David Eisenstein 2006-10-02 07:25:20 EDT
Marc:  I, for one, apologize for not getting on this earlier to do PUBLISH
QA on this package.  As you know, I'm looking into recruiting more contri-
butors to the Fedora Legacy project so things like this won't happen any
more...  *crossing my fingers*

I intend to do Publish QA this week.
Comment 10 David Eisenstein 2006-10-02 07:48:25 EDT
Will these security issues affect FC4's kernel?  Wasn't it still being
supported by Red Hat at the time this work was done by you, Marc?
Comment 11 Marc Deslauriers 2006-10-02 18:27:20 EDT
FC4 was supported by RH then. There are a whole lot of new issues since these
packages, so I don't think it's worthwhile QAing them.
Comment 12 David Eisenstein 2006-10-07 07:15:20 EDT
What then may I do to best help here, Marc?  Where to from here on this issue??
Comment 13 David Eisenstein 2006-10-09 19:47:42 EDT
Removing the "publish-FC3" from the Status Whiteboard, since more work needs to
done on the FC3 kernel.
Comment 14 Matthew Miller 2006-10-27 21:58:53 EDT
There's a CVE for the bug referred to in comment #5 now -- CVE-2006-2451. I
believe this applies to FC3, but is definitely already fixed in FC4.
Comment 15 Jesse Keating 2007-08-30 15:57:05 EDT
Fedora Legacy project has ended.  These will not be fixed by Fedora Legacy.

Note You need to log in before you can comment on or make changes to this bug.