Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Fedora Core 3: 2005-013 Critical Kernel Privilege Escalation

fedora
Calendar Grey January 10, 2005
Dist Fedora Esm H88
The latest kernel patch for Fedora Core 3 brings crucial security enhancements aimed at mitigating vulnerabilities and optimizing system efficiency.
This update rebases the kernel to match the upstream 2.6.10 release, and adds a number of security fixes by means of adding the latest -ac patch.

Summary

The kernel package contains the Linux kernel (vmlinuz), the core of any

Linux operating system. The kernel handles the basic functions

of the operating system: memory allocation, process allocation, device

input and output, etc.

This update rebases the kernel to match the upstream 2.6.10 release,

and adds a number of security fixes by means of adding the latest -ac patch.

CAN-2004-1235

Paul Starzetz from isec.pl found a problem in the binary format loaders uselib()

function that could lead to potential priveledge escalation.

https://isec.pl/en/vulnerabilities/isec-0021-uselib.txt

NO-CAN-ASSIGNED

Brad Spengler found several problems.

- An integer overflow in the random poolsize sysctl handler.

- SCSI ioctl integer overflow and information leak.

- RLIMIT_MEMLOCK bypass and unprivileged user DoS.

NO-CAN-ASSIGNED

Coverity Inc. found a number of bugs with their automated source checker

in coda, xfs, network bridging, rose network protocol, and the sdla wan driver.

- Disable slab debugging.

* Sat Jan 08 2005 Dave Jones

- Periodic slab debug is incompatable with pagealloc debug.

Disable the latter.

- Update to 2.6.10-ac8

* Fri Jan 07 2005 Dave Jones

- Bump up to -ac7

- Another new card reader.

* Thu Jan 06 2005 Dave Jones

- Rebase to 2.6.10-ac5

* Tue Jan 04 2005 Dave Jones

- Rebase to 2.6.10-ac4

- Add periodic slab debug checker.

* Mon Jan 03 2005 Dave Jones

- Drop patch which meant we needed a newer gcc. (#144035)

- Rebase to 2.6.10-ac2

- Enable SL82C104 IDE driver as built-in on PPC64 (#131033)

3358578123d1f533f59551e3ae57c58d SRPMS/kernel-2.6.10-1.737_FC3.src.rpm

fefab702da72d80a17f288a732314f2f x86_64/kernel-2.6.10-1.737_FC3.x86_64.rpm

367a35017888dd291ae5d5e49d3d528f x86_64/kernel-smp-2.6.10-1.737_FC3.x86_64.rpm

bdd8a314125cb1999b55c4f6f3cdb246 x86_64/debug/kernel-debuginfo-2.6.10-1.737_FC3.x86_64.rpm

f48db7fff38c51f651364fc58443c30d x86_64/kernel-doc-2.6.10-1.737_FC3.noarch.rpm

36f98dd65ec1765c26770be7e6362a6f i386/kernel-2.6.10-1.737_FC3.i586.rpm

a7122fda3dd50ac6adb24789fb6d1bba i386/kernel-smp-2.6.10-1.737_FC3.i586.rpm

415412abd0857a5789da547af0825864 i386/debug/kernel-debuginfo-2.6.10-1.737_FC3.i586.rpm

909a1a29aa29773b1d9918e2a7614844 i386/kernel-2.6.10-1.737_FC3.i686.rpm

30cd263a60bc43a502ce768c2354dc07 i386/kernel-smp-2.6.10-1.737_FC3.i686.rpm

0d19dc4ba95ca24403c8cf8aab1333d4 i386/debug/kernel-debuginfo-2.6.10-1.737_FC3.i686.rpm

f48db7fff38c51f651364fc58443c30d i386/kernel-doc-2.6.10-1.737_FC3.noarch.rpm

This update can also be installed with the Update Agent; you can

launch the Update Agent with the 'up2date' command.

fedora-announce-list@redhat.com

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Name: kernel
Version: 2.6.10
Release: 1.737_FC3
Summary: The Linux kernel (the core of the Linux operating system)

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here