From vmiklos at frugalware.org Fri Aug 14 14:45:37 2009 From: vmiklos at frugalware.org (Miklos Vajna) Date: Fri, 14 Aug 2009 14:45:37 +0200 (CEST) Subject: [Frugalware-security] [ FSA-615 ] kernel Message-ID: <20090814124537.F1C2011F04A1@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-615 Date: 2009-08-14 Package: kernel Vulnerable versions: <= 2.6.28-6anacreon1 Unaffected versions: >= 2.6.28-6anacreon2 Related bugreport: http://bugs.frugalware.org/task/3881 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1895 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2406 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2407 Description =========== 1) The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PER_CLEAR_ON_SETID setting that does not clear the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to (1) conduct NULL pointer dereference attacks, (2) bypass the mmap_min_addr protection mechanism, or (3) defeat address space layout randomization (ASLR). 2) Stack-based buffer overflow in the parse_tag_11_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to not ensuring that the key signature length in a Tag 11 packet is compatible with the key signature buffer size. 3) Heap-based buffer overflow in the parse_tag_3_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to a large encrypted key size in a Tag 3 packet. Updated Packages ================ Check if you have kernel installed: # pacman-g2 -Q kernel If found, then you should upgrade to the latest version: # pacman-g2 -Sy kernel Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/615 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAkqFXHEACgkQZ7NElSD1VhnjYwCcCXx1x7p+VxDsSOdWeXthwzRa 0vgAnRxFoWvxplX0MQ1oxG7ZfNWARRz0 =1IIH -----END PGP SIGNATURE----- From vmiklos at frugalware.org Fri Aug 14 14:49:34 2009 From: vmiklos at frugalware.org (Miklos Vajna) Date: Fri, 14 Aug 2009 14:49:34 +0200 (CEST) Subject: [Frugalware-security] [ FSA-616 ] kernel Message-ID: <20090814124934.A278011F04A0@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-616 Date: 2009-08-14 Package: kernel Vulnerable versions: <= 2.6.28-6anacreon2 Unaffected versions: >= 2.6.28-6anacreon3 Related bugreport: http://bugs.frugalware.org/task/3907 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692 Description =========== A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges. The vulnerability is caused due to the incorrect initialisation of the proto_ops structure for certain protocols (e.g. PF_APPLETALK, PF_IPX, PF_IRDA, PF_X25, PF_AX25 families, PF_BLUETOOTH, PF_IUCV, PF_INET6 (with IPPROTO_SCTP), PF_PPPOX, and PF_ISDN), which can be exploited to cause a NULL pointer dereference when triggering the "sock_sendpage()" function for an incorrectly initialised socket. Updated Packages ================ Check if you have kernel installed: # pacman-g2 -Q kernel If found, then you should upgrade to the latest version: # pacman-g2 -Sy kernel Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/616 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEUEARECAAYFAkqFXV4ACgkQZ7NElSD1VhmmnQCgi/q26pgeyBj1vNoCMId032o0 QjUAmIkGppTadk8hh8qWp7b2rkTAmLk= =SjGD -----END PGP SIGNATURE-----