[svlug] [svlug-announce] @RISK: The Consensus Security Vulnerability Alert

John Delaney goldhind at ix.netcom.com
Tue Mar 7 03:19:12 PST 2006


06.9.14 CVE: CVE-2005-3847
Platform: Linux
Title: Linux Kernel handle_stop_signal Denial of Service
Description: Linux kernel is prone to a denial of service
vulnerability caused by a race condition. The issue resides in the
"handle_stop_signal()" function in "signal.c". It arises when a core
dump is triggered in one thread while another thread has a pending
SIGKILL.
Ref:
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=dd12f48d4e8774415b528d3991ae47c28f26e1ac;hp=ade6648b3b11a5d81f6f28135193ab6d85d621db
______________________________________________________________________

06.9.15 CVE: CVE-2006-0040
Platform: Linux
Title: GNOME Evolution Denial of Service
Description: Evolution is an email client for the GNOME desktop. It is
vulnerable to a remote denial of service issue due to a failure in the
application to properly handle incoming emails consisting of a large
number of URI and other formatting. This issue is compounded when the
application is restarted, as it will attempt to process the same
malicious email. GNOME Evolution versions 2.3.7 and earlier are
affected.
Ref: http://www.securityfocus.com/bid/16899
______________________________________________________________________

06.9.16 CVE: Not Available
Platform: Linux
Title: IRSSI DCC ACCEPT Denial of Service
Description: IRSSI is an Internet Relay Chat (IRC) client. It is
vulnerable to a remote denial of service issue because the DCC ACCEPT
command handler does not verify remotely specified arguments. IRSSI
versions 0.8.9 and 0.8.10rc5 are vulnerable.
Ref: http://www.securityfocus.com/bid/16913
______________________________________________________________________

06.9.17 CVE: CVE-2006-0554
Platform: Linux
Title: Linux Kernel XFS File System Local Information Disclosure
Description: The Linux kernel contains support for the XFS filesystem
by SGI. It is susceptible to a local information disclosure issue due
to a flaw in the filesystem that may result in previously written data
being returned to local users. This issue arrises when certain
"ftruncate()" activity triggers a flaw that may result in data extents
being exposed to local users where holes should be. Linux kernel
versions prior to 2.6.15.5 are affected.
Ref: http://www.securityfocus.com/bid/16844
______________________________________________________________________

06.9.18 CVE: CVE-2006-0555
Platform: Linux
Title: Linux Kernel NFS Client Denial of Service
Description: Linux kernel NFS client is prone to a local denial of
service vulnerability. This issue is due to improper handling of the
direct I/O with excessive O_DIRECT data. For more information on
affected versions, please follow the reference link.
Ref: http://www.securityfocus.com/bid/16922
______________________________________________________________________

06.9.19 CVE: Not Available
Platform: Linux
Title: Linux Kernel sys_mbind System Call Local Denial of Service
Description: The Linux kernel "sys_mbind" system call is vulnerable to
a local denial of service issue due to insufficient sanitization in
the system call's arguments.
Linux kernel versions 2.6.15.4 and earlier are vulnerable.
Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15.5
______________________________________________________________________

06.9.20 CVE: CVE-2006-0741
Platform: Linux
Title: Linux Kernel ELF File Entry Point Denial of Service
Description: Linux kernel is vulnerable to a denial of service when
opening malformed ELF files with a bad entry address. Intel EM64T
processors running Linux kernel versions 2.6.15.4 and earlier are
vulnerable.
Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15.5

John Delaney
goldhind at ix.netcom.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.svlug.org/archives/svlug/attachments/20060307/85231aed/attachment.htm
-------------- next part --------------
_______________________________________________
svlug-announce mailing list
svlug-announce at lists.svlug.org
http://lists.svlug.org/lists/listinfo/svlug-announce


More information about the svlug mailing list