[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Linux 2.0.34pre10: Summary of fixed vulnerabilities (fwd)






Upcoming Linux 2.0.34 kernel, here are the bug fixes (from Alan Cox)
The latest patch level is 2.0.34pre11 , available at:

ftp://ftp.uk.linux.org/pub/linux/incoming/patch-2.0.34pre11b.gz

--Ariel

Bug Fixes

   Fragment handling bug  [Remote DoS]  BUGTRAQ
          A bug in fragment handling that could cause a kernel crash has
          been fixed.

   MM Corruption        [theoretical remote DoS]
          A bug in which 2.0.33 could suffer memory corruption and
          possible crashes under very high load has been fixed.

   LDT Leak             [local DoS]
          A situation which DOSemu and Wine could leak memory used for
          LDT tables has been fixed.

   Floppy Driver        [local DoS, needs root/setuid]
          A bug in which the floppy driver could crash when its interrupt
          or DMA resources were not available has been fixed. This was an
          extremely abnormal situation but a real bug.

   Inode count overrun  [local giving root access] BUGTRAQ
          A bug in which a specifically malicious program could cause an
          inode count overrun has been fixed.

   Obscure serial race [local DoS needs setuid app]
          An obscure race in the serial driver has been removed.

   Quota crash [requires misconfigurations of setuid apps] BUGTRAQ
          A very obscure situation in which the quota subsystem performed
          an invalid seek on the quota database has been fixed.

   Memory corruption on clone [local DoS]
          A bug causing memory corruption when mmaping memory during a
          clone in specific situations has been fixed.

   Possible overflow on Alpha [local DoS]
          A possible integer overflow on group handling for the Alpha
          platform has been fixed.

   Socket crashes [local DoS]
          A possible socket layer crash with AX.25/NetROM/ROSE/X.25 has
          been fixed in 2.0.34

   RAW socket handling  [Crash only if root does something at the time]
          A small bug in raw socket handling which could cause a crash in
          very obscure situations has been fixed.

   Loading bogus modules [Crash, DoS] BUGTRAQ
          A situation existed in earlier kernels where a user process
          could cause a module to be loaded. It was possible to exploit
          this to load modules that the administrator had installed but
          did not wish loaded. Fixed in 2.0.34. Note that this means only
          superuser processes can load network interfaces.

   TCP listened to ICMP source quench [limited impairment of connections]
          This is no longer 'good practice' and we also backed off twice
          once from the error and once from the drop. This was primarily
          needed to handle 3COM office connect routers which appear to
          send source quench (its been obsolete for years so they should
          not) and without rate limiting (also not allowed).

   Window searching [possible connection attacks]
          An obscure quirk allowing a third party to discover the current
          window for a TCP connection has been fixed.

   Unsafe temporary file [local root breach requires timing with the make]
                                BUGTRAQ
          The 'make config' script used an unsafe temporary file. It now
          uses a file in its working directory.

Alan