Date:         Thu, 25 May 2006 18:37:13 -0500
Reply-To:     Connie Sieh 
Sender:       Security Errata for Scientific Linux
              
From:         Connie Sieh 
Subject:      ERRATA for "kernel"  on SL 40,41,42,43 i386 x86_64 now available
Comments: To: scientific 

The ERRATA for SL 40,41,42,43 i386 x86_64 are now available from:

Synopsis:  Updated kernel packages that fix several security issues in the 
           Scientific Linux 4x kernel are now available

Severity: important

Issued on: 2006-05-24

Problem Description:

	Issue in the IPv6 implementation that allowed a local user to cause a
	denial of service (infinite loop and crash) (CVE-2005-2973, important)

	Issue in the bridge implementation that allowed a remote user to
	cause forwarding of spoofed packets via poisoning of the forwarding
	table with already dropped frames (CVE-2005-3272, moderate)

	Isuue in the atm module that allowed a local user to cause a denial
	of service (panic) via certain socket calls (CVE-2005-3359, important)

	Issue in the NFS client implementation that allowed a local user to
	cause a denial of service (panic) via O_DIRECT writes (CVE-2006-0555,
	important)

	A difference in "sysretq" operation of EM64T (as opposed to Opteron)
	processors that allowed a local user to cause a denial of service
	(crash) upon return from certain system calls (CVE-2006-0741 and
	CVE-2006-0744, important)

	Issue in the keyring implementation that allowed a local user to
	cause a denial of service (OOPS) (CVE-2006-1522, important)

	Issue in IP routing implementation that allowed a local user to cause
	a denial of service (panic) via a request for a route for a multicast IP
	(CVE-2006-1525, important)

	Issue in the SCTP-netfilter implementation that allowed a remote user
	to cause a denial of service (infinite loop) (CVE-2006-1527, important)

	Issue in the sg driver that allowed a local user to cause a denial of
	service (crash) via a dio transfer to memory mapped (mmap) IO space
	(CVE-2006-1528, important)

	Issue in the threading implementation that allowed a local user to
	cause a denial of service (panic) (CVE-2006-1855, important)

	Two missing LSM hooks that allowed a local user to bypass the LSM by
	using readv() or writev() (CVE-2006-1856, moderate)

	Issue in the virtual memory implementation that allowed local user to
	cause a denial of service (panic) by using the lsof command
	(CVE-2006-1862, important)

	A directory traversal vulnerability in smbfs that allowed a local user
	to escape chroot restrictions for an SMB-mounted filesystem via "..\\"
	sequences (CVE-2006-1864, moderate)

 	Issue in the ECNE chunk handling of SCTP that allowed a remote user
	to cause a denial of service (panic) (CVE-2006-2271, moderate)

	Issue in the handling of COOKIE_ECHO and HEARTBEAT control chunks of
	SCTP that allowed a remote user to cause a denial of service (panic)
	(CVE-2006-2272, moderate)

	Issue in the handling of DATA fragments of SCTP that allowed a remote
	user to cause a denial of service (infinite recursion and crash)
	(CVE-2006-2274, moderate)


CVEs:   CVE-2005-2973 CVE-2005-3272 CVE-2005-3359 CVE-2006-0555 CVE-2006-0741 
        CVE-2006-0744 CVE-2006-1522 CVE-2006-1525 CVE-2006-1527 CVE-2006-1528 
        CVE-2006-1855 CVE-2006-1856 CVE-2006-1862 CVE-2006-1864 CVE-2006-2271
        CVE-2006-2272 CVE-2006-2274

SRPMS
	kernel-2.6.9-34.0.1.EL.src.rpm

Arch: i386
	kernel-2.6.9-34.0.1.EL.i686.rpm
	kernel-devel-2.6.9-34.0.1.EL.i686.rpm
	kernel-doc-2.6.9-34.0.1.EL.noarch.rpm
	kernel-hugemem-2.6.9-34.0.1.EL.i686.rpm
	kernel-hugemem-devel-2.6.9-34.0.1.EL.i686.rpm
	kernel-smp-2.6.9-34.0.1.EL.i686.rpm
	kernel-smp-devel-2.6.9-34.0.1.EL.i686.rpm

Dependencies:

	kernel-module-openafs-2.6.9-34.0.1.EL-1.4.0-8.SL.i686.rpm
	kernel-module-openafs-2.6.9-34.0.1.ELsmp-1.4.0-8.SL.i686.rpm

-Connie Sieh
-Troy Dawson

SciLinux: CVE-2005-2973 "kernel" SL 40,41,42,43 i386 x86_64

Updated kernel packages that fix several security issues in the

Summary

Date:         Thu, 25 May 2006 18:37:13 -0500Reply-To:     Connie Sieh Sender:       Security Errata for Scientific Linux              From:         Connie Sieh Subject:      ERRATA for "kernel"  on SL 40,41,42,43 i386 x86_64 now availableComments: To: scientific The ERRATA for SL 40,41,42,43 i386 x86_64 are now available from:Synopsis:  Updated kernel packages that fix several security issues in the            Scientific Linux 4x kernel are now availableSeverity: importantIssued on: 2006-05-24Problem Description:	Issue in the IPv6 implementation that allowed a local user to cause a	denial of service (infinite loop and crash) (CVE-2005-2973, important)	Issue in the bridge implementation that allowed a remote user to	cause forwarding of spoofed packets via poisoning of the forwarding	table with already dropped frames (CVE-2005-3272, moderate)	Isuue in the atm module that allowed a local user to cause a denial	of service (panic) via certain socket calls (CVE-2005-3359, important)	Issue in the NFS client implementation that allowed a local user to	cause a denial of service (panic) via O_DIRECT writes (CVE-2006-0555,	important)	A difference in "sysretq" operation of EM64T (as opposed to Opteron)	processors that allowed a local user to cause a denial of service	(crash) upon return from certain system calls (CVE-2006-0741 and	CVE-2006-0744, important)	Issue in the keyring implementation that allowed a local user to	cause a denial of service (OOPS) (CVE-2006-1522, important)	Issue in IP routing implementation that allowed a local user to cause	a denial of service (panic) via a request for a route for a multicast IP	(CVE-2006-1525, important)	Issue in the SCTP-netfilter implementation that allowed a remote user	to cause a denial of service (infinite loop) (CVE-2006-1527, important)	Issue in the sg driver that allowed a local user to cause a denial of	service (crash) via a dio transfer to memory mapped (mmap) IO space	(CVE-2006-1528, important)	Issue in the threading implementation that allowed a local user to	cause a denial of service (panic) (CVE-2006-1855, important)	Two missing LSM hooks that allowed a local user to bypass the LSM by	using readv() or writev() (CVE-2006-1856, moderate)	Issue in the virtual memory implementation that allowed local user to	cause a denial of service (panic) by using the lsof command	(CVE-2006-1862, important)	A directory traversal vulnerability in smbfs that allowed a local user	to escape chroot restrictions for an SMB-mounted filesystem via "..\\"	sequences (CVE-2006-1864, moderate) 	Issue in the ECNE chunk handling of SCTP that allowed a remote user	to cause a denial of service (panic) (CVE-2006-2271, moderate)	Issue in the handling of COOKIE_ECHO and HEARTBEAT control chunks of	SCTP that allowed a remote user to cause a denial of service (panic)	(CVE-2006-2272, moderate)	Issue in the handling of DATA fragments of SCTP that allowed a remote	user to cause a denial of service (infinite recursion and crash)	(CVE-2006-2274, moderate)CVEs:   CVE-2005-2973 CVE-2005-3272 CVE-2005-3359 CVE-2006-0555 CVE-2006-0741         CVE-2006-0744 CVE-2006-1522 CVE-2006-1525 CVE-2006-1527 CVE-2006-1528         CVE-2006-1855 CVE-2006-1856 CVE-2006-1862 CVE-2006-1864 CVE-2006-2271        CVE-2006-2272 CVE-2006-2274SRPMS	kernel-2.6.9-34.0.1.EL.src.rpmArch: i386	kernel-2.6.9-34.0.1.EL.i686.rpm	kernel-devel-2.6.9-34.0.1.EL.i686.rpm	kernel-doc-2.6.9-34.0.1.EL.noarch.rpm	kernel-hugemem-2.6.9-34.0.1.EL.i686.rpm	kernel-hugemem-devel-2.6.9-34.0.1.EL.i686.rpm	kernel-smp-2.6.9-34.0.1.EL.i686.rpm	kernel-smp-devel-2.6.9-34.0.1.EL.i686.rpmDependencies:	kernel-module-openafs-2.6.9-34.0.1.EL-1.4.0-8.SL.i686.rpm	kernel-module-openafs-2.6.9-34.0.1.ELsmp-1.4.0-8.SL.i686.rpm-Connie Sieh-Troy Dawson



Security Fixes

Severity

Related News

19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved