Wednesday, December 9, 2009

Security Update: Kernel

It's very rare to see Slackware released a security update on kernel packages, but today it happened. Slackware patched the kernel due to problem found by David Ford which can caused the system to immediate hang when it received an over-sized IP packets.

Here are the changes in -Current today:
Tue Dec 8 20:44:44 UTC 2009
a/kernel-firmware-2.6.29.6-noarch-3.txz: Rebuilt.

a/kernel-generic-2.6.29.6-i486-3.txz: Rebuilt.
Patched a bug (CVE-2009-1298) where oversized IP packets cause a NULL pointer dereference and immediate hang.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1298
http://lkml.org/lkml/2009/11/25/104
(* Security fix *)

a/kernel-generic-smp-2.6.29.6_smp-i686-3.txz: Rebuilt.
Patched CVE-2009-1298.
(* Security fix *)

a/kernel-huge-2.6.29.6-i486-3.txz: Rebuilt.
Patched CVE-2009-1298.
(* Security fix *)

a/kernel-huge-smp-2.6.29.6_smp-i686-3.txz: Rebuilt.
Patched CVE-2009-1298.
(* Security fix *)

a/kernel-modules-2.6.29.6-i486-3.txz: Rebuilt.

a/kernel-modules-smp-2.6.29.6_smp-i686-3.txz: Rebuilt.

d/kernel-headers-2.6.29.6_smp-x86-3.txz: Rebuilt.

k/kernel-source-2.6.29.6_smp-noarch-3.txz: Rebuilt.
Patched CVE-2009-1298, and included the diff in /usr/src/linux-2.6.29.6.
(* Security fix *)

extra/linux-2.6.29.6-nosmp-sdk/kernel-headers-2.6.29.6-x86-3.txz: Rebuilt.

extra/linux-2.6.29.6-nosmp-sdk/linux-2.6.29.6-smp-to-nosmp.diff.gz: Rebuilt.

kernels/*: Rebuilt.
Patched CVE-2009-1298.
(* Security fix *)