Secunia

Some vulnerabilities have been reported in the Linux kernel, which can be exploited by malicious, local users and potentially malicious people to cause a DoS (Denial of Service).

1) An error within the handling of keyrings makes it possible to crash the kernel when destroying a keyring that wasn't properly instantiated. This can be exploited by attempting to add a keyring that doesn't have an empty payload.

2) An error within the error handling path for the "KEYCTL_JOIN_SESSION_KEYRING" operation when attempting to join a key management session may cause the session management semaphore to not be released. This can be exploited by attempting to add a new session keyring.

3) Some errors in the in-kernel zlib routines can be exploited to cause a DoS via specially crafted input.

4) An error in the driver for compressed ISO file systems can be exploited to crash the kernel when e.g. a malicious CD-ROM with a specially crafted compressed ISO image is mounted.

5) A array type error in the "ipt_recent.c" netfilter module when calling "memset()" on the "last_pkts" array may cause the kernel to crash via certain attacks. e.g. SSH brute force. This only affects 64-bit platforms.

Solution
Update to version 2.6.12.5.
Further details available in Customer Area

Provided and/or discovered by
1-2) David Howells
4) Tim Yamin
5) Juergen Kreileder

Changelog
Further details available in Customer Area

Original Advisory
Kernel.org:
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5

Debian:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322237

Juergen Kreileder:
http://blog.blackdown.de/2005/05/09/fixing-the-ipt_recent-netfilter-module/

Deep Links
Links available in Customer Area