[Mageia-sysadm] Updated kernels for the Mageia Servers...
Thomas Backlund
tmb at iki.fi
Tue Dec 14 21:06:12 CET 2010
Hi,
Since it probably will take some time before Mandriva releases their
next kernel security updates, I suggest to install the ones I have built
from current svn:
So for 2010.1 hosts:
> * Fri Dec 10 2010 Thomas Backlund <tmb at mandriva.org> 2.6.33.7-2.2mnb
> o Thomas Backlund <tmb at mandriva.org>
> - vmscan: raise the bar to PAGEOUT_IO_SYNC stalls
> (Fixes "system goes unresponsive under memory pressure and lots of
> dirty/writeback pages" bug. (http://lkml.org/lkml/2010/4/4/86))
> - make kernel-source require diffutils as it uses both diff and cmp
> during build (mdv #61719)
> - econet: disallow NULL remote addr for sendmsg() (CVE-2010-3849)
> - econet: Add missing check for capable(CAP_NET_ADMIN) in SIOCSIFADDR
> operation (CVE-2010-3850)
> - econet: fix stack overflow if msg->msgiovlen is large (CVE-2010-3848)
> - do_exit(): make sure that we run with get_fs() == USER_DS (CVE-2010-4258)
> - af_unix: limit unix_tot_inflight and recursion level (CVE-2010-4249)(fixes unix socket OOM)
http://tmb.mine.nu/Mandriva/2010.1/
http://tmb2.mine.nu/Mandriva/2010.1/
And for 2010.0 hosts:
> * Sat Dec 11 2010 Thomas Backlund <tmb at mandriva.org> 2.6.31.14-1.1mnb
> o Thomas Backlund <tmb at mandriva.org>
> - fix local root exploit with 32bit compat mode on 64 bit kernels
> (CVE-2010-3301)
> - econet: fix stack overflow if msg->msgiovlen is large (CVE-2010-3848)
> - econet: disallow NULL remote addr for sendmsg() (CVE-2010-3849)
> - econet: Add missing check for capable(CAP_NET_ADMIN) in SIOCSIFADDR
> operation (CVE-2010-3850)
> - do_exit(): make sure that we run with get_fs() == USER_DS (CVE-2010-4258)
> - af_unix: limit unix_tot_inflight and recursion level (CVE-2010-4249)
http://tmb.mine.nu/Mandriva/2010.0/
http://tmb2.mine.nu/Mandriva/2010.0/
Any complaints / suggestions ?
--
Thomas
More information about the Mageia-sysadm
mailing list