[kernel-sec-discuss] r532 - in patch-tracking: . retired
Dann Frazier
dannf at costa.debian.org
Mon Aug 14 02:25:00 UTC 2006
Author: dannf
Date: 2006-08-14 02:24:50 +0000 (Mon, 14 Aug 2006)
New Revision: 532
Added:
patch-tracking/retired/
patch-tracking/retired/CVE-2002-0429
patch-tracking/retired/CVE-2003-0001
patch-tracking/retired/CVE-2003-0018
patch-tracking/retired/CVE-2003-0127
patch-tracking/retired/CVE-2003-0187
patch-tracking/retired/CVE-2003-0244
patch-tracking/retired/CVE-2003-0246
patch-tracking/retired/CVE-2003-0247
patch-tracking/retired/CVE-2003-0248
patch-tracking/retired/CVE-2003-0364
patch-tracking/retired/CVE-2003-0418
patch-tracking/retired/CVE-2003-0461
patch-tracking/retired/CVE-2003-0462
patch-tracking/retired/CVE-2003-0464
patch-tracking/retired/CVE-2003-0465
patch-tracking/retired/CVE-2003-0467
patch-tracking/retired/CVE-2003-0476
patch-tracking/retired/CVE-2003-0501
patch-tracking/retired/CVE-2003-0550
patch-tracking/retired/CVE-2003-0551
patch-tracking/retired/CVE-2003-0552
patch-tracking/retired/CVE-2003-0643
patch-tracking/retired/CVE-2003-0699
patch-tracking/retired/CVE-2003-0700
patch-tracking/retired/CVE-2003-0961
patch-tracking/retired/CVE-2003-0984
patch-tracking/retired/CVE-2003-0985
patch-tracking/retired/CVE-2003-1040
patch-tracking/retired/CVE-2004-0003
patch-tracking/retired/CVE-2004-0010
patch-tracking/retired/CVE-2004-0077
patch-tracking/retired/CVE-2004-0109
patch-tracking/retired/CVE-2004-0133
patch-tracking/retired/CVE-2004-0136
patch-tracking/retired/CVE-2004-0138
patch-tracking/retired/CVE-2004-0177
patch-tracking/retired/CVE-2004-0178
patch-tracking/retired/CVE-2004-0181
patch-tracking/retired/CVE-2004-0228
patch-tracking/retired/CVE-2004-0229
patch-tracking/retired/CVE-2004-0394
patch-tracking/retired/CVE-2004-0415
patch-tracking/retired/CVE-2004-0427
patch-tracking/retired/CVE-2004-0447
patch-tracking/retired/CVE-2004-0491
patch-tracking/retired/CVE-2004-0495
patch-tracking/retired/CVE-2004-0496
patch-tracking/retired/CVE-2004-0497
patch-tracking/retired/CVE-2004-0535
patch-tracking/retired/CVE-2004-0554
patch-tracking/retired/CVE-2004-0565
patch-tracking/retired/CVE-2004-0587
patch-tracking/retired/CVE-2004-0596
patch-tracking/retired/CVE-2004-0619
patch-tracking/retired/CVE-2004-0626
patch-tracking/retired/CVE-2004-0685
patch-tracking/retired/CVE-2004-0790
patch-tracking/retired/CVE-2004-0812
patch-tracking/retired/CVE-2004-0814
patch-tracking/retired/CVE-2004-0816
patch-tracking/retired/CVE-2004-0883
patch-tracking/retired/CVE-2004-0887
patch-tracking/retired/CVE-2004-0949
patch-tracking/retired/CVE-2004-1016
patch-tracking/retired/CVE-2004-1017
patch-tracking/retired/CVE-2004-1056
patch-tracking/retired/CVE-2004-1057
patch-tracking/retired/CVE-2004-1058
patch-tracking/retired/CVE-2004-1068
patch-tracking/retired/CVE-2004-1069
patch-tracking/retired/CVE-2004-1070
patch-tracking/retired/CVE-2004-1071
patch-tracking/retired/CVE-2004-1072
patch-tracking/retired/CVE-2004-1073
patch-tracking/retired/CVE-2004-1137
patch-tracking/retired/CVE-2004-1144
patch-tracking/retired/CVE-2004-1151
patch-tracking/retired/CVE-2004-1190
patch-tracking/retired/CVE-2004-1234
patch-tracking/retired/CVE-2004-1235
patch-tracking/retired/CVE-2004-1237
patch-tracking/retired/CVE-2004-1333
patch-tracking/retired/CVE-2004-1334
patch-tracking/retired/CVE-2004-1335
patch-tracking/retired/CVE-2004-1337
patch-tracking/retired/CVE-2004-2013
patch-tracking/retired/CVE-2004-2302
patch-tracking/retired/CVE-2004-2536
patch-tracking/retired/CVE-2004-2607
patch-tracking/retired/CVE-2004-2660
patch-tracking/retired/CVE-2005-0001
patch-tracking/retired/CVE-2005-0003
patch-tracking/retired/CVE-2005-0090
patch-tracking/retired/CVE-2005-0091
patch-tracking/retired/CVE-2005-0092
patch-tracking/retired/CVE-2005-0135
patch-tracking/retired/CVE-2005-0136
patch-tracking/retired/CVE-2005-0137
patch-tracking/retired/CVE-2005-0176
patch-tracking/retired/CVE-2005-0177
patch-tracking/retired/CVE-2005-0178
patch-tracking/retired/CVE-2005-0180
patch-tracking/retired/CVE-2005-0204
patch-tracking/retired/CVE-2005-0207
patch-tracking/retired/CVE-2005-0209
patch-tracking/retired/CVE-2005-0210
patch-tracking/retired/CVE-2005-0384
patch-tracking/retired/CVE-2005-0400
patch-tracking/retired/CVE-2005-0449
patch-tracking/retired/CVE-2005-0528
patch-tracking/retired/CVE-2005-0529
patch-tracking/retired/CVE-2005-0530
patch-tracking/retired/CVE-2005-0531
patch-tracking/retired/CVE-2005-0532
patch-tracking/retired/CVE-2005-0736
patch-tracking/retired/CVE-2005-0749
patch-tracking/retired/CVE-2005-0750
patch-tracking/retired/CVE-2005-0756
patch-tracking/retired/CVE-2005-0757
patch-tracking/retired/CVE-2005-0767
patch-tracking/retired/CVE-2005-0815
patch-tracking/retired/CVE-2005-0839
patch-tracking/retired/CVE-2005-0867
patch-tracking/retired/CVE-2005-0916
patch-tracking/retired/CVE-2005-1041
patch-tracking/retired/CVE-2005-1263
patch-tracking/retired/CVE-2005-1368
patch-tracking/retired/CVE-2005-1369
patch-tracking/retired/CVE-2005-1589
patch-tracking/retired/CVE-2005-1761
patch-tracking/retired/CVE-2005-1762
patch-tracking/retired/CVE-2005-1763
patch-tracking/retired/CVE-2005-1764
patch-tracking/retired/CVE-2005-1765
patch-tracking/retired/CVE-2005-1767
patch-tracking/retired/CVE-2005-1768
patch-tracking/retired/CVE-2005-1913
patch-tracking/retired/CVE-2005-2098
patch-tracking/retired/CVE-2005-2099
patch-tracking/retired/CVE-2005-2100
patch-tracking/retired/CVE-2005-2456
patch-tracking/retired/CVE-2005-2457
patch-tracking/retired/CVE-2005-2458
patch-tracking/retired/CVE-2005-2459
patch-tracking/retired/CVE-2005-2490
patch-tracking/retired/CVE-2005-2492
patch-tracking/retired/CVE-2005-2548
patch-tracking/retired/CVE-2005-2553
patch-tracking/retired/CVE-2005-2555
patch-tracking/retired/CVE-2005-2708
patch-tracking/retired/CVE-2005-2709
patch-tracking/retired/CVE-2005-2800
patch-tracking/retired/CVE-2005-2801
patch-tracking/retired/CVE-2005-2872
patch-tracking/retired/CVE-2005-2973
patch-tracking/retired/CVE-2005-3053
patch-tracking/retired/CVE-2005-3055
patch-tracking/retired/CVE-2005-3106
patch-tracking/retired/CVE-2005-3107
patch-tracking/retired/CVE-2005-3108
patch-tracking/retired/CVE-2005-3109
patch-tracking/retired/CVE-2005-3110
patch-tracking/retired/CVE-2005-3119
patch-tracking/retired/CVE-2005-3179
patch-tracking/retired/CVE-2005-3180
patch-tracking/retired/CVE-2005-3181
patch-tracking/retired/CVE-2005-3257
patch-tracking/retired/CVE-2005-3271
patch-tracking/retired/CVE-2005-3272
patch-tracking/retired/CVE-2005-3273
patch-tracking/retired/CVE-2005-3274
patch-tracking/retired/CVE-2005-3275
patch-tracking/retired/CVE-2005-3276
patch-tracking/retired/CVE-2005-3356
patch-tracking/retired/CVE-2005-3358
patch-tracking/retired/CVE-2005-3359
patch-tracking/retired/CVE-2005-3623
patch-tracking/retired/CVE-2005-3783
patch-tracking/retired/CVE-2005-3784
patch-tracking/retired/CVE-2005-3805
patch-tracking/retired/CVE-2005-3806
patch-tracking/retired/CVE-2005-3807
patch-tracking/retired/CVE-2005-3808
patch-tracking/retired/CVE-2005-3809
patch-tracking/retired/CVE-2005-3810
patch-tracking/retired/CVE-2005-3847
patch-tracking/retired/CVE-2005-3848
patch-tracking/retired/CVE-2005-3857
patch-tracking/retired/CVE-2005-3858
patch-tracking/retired/CVE-2005-4351
patch-tracking/retired/CVE-2005-4352
patch-tracking/retired/CVE-2005-4605
patch-tracking/retired/CVE-2005-4618
patch-tracking/retired/CVE-2005-4635
patch-tracking/retired/CVE-2005-4639
patch-tracking/retired/CVE-2006-0035
patch-tracking/retired/CVE-2006-0036
patch-tracking/retired/CVE-2006-0037
patch-tracking/retired/CVE-2006-0038
patch-tracking/retired/CVE-2006-0039
patch-tracking/retired/CVE-2006-0095
patch-tracking/retired/CVE-2006-0096
patch-tracking/retired/CVE-2006-0456
patch-tracking/retired/CVE-2006-0457
patch-tracking/retired/CVE-2006-0482
patch-tracking/retired/CVE-2006-0554
patch-tracking/retired/CVE-2006-0555
patch-tracking/retired/CVE-2006-0557
patch-tracking/retired/CVE-2006-0558
patch-tracking/retired/CVE-2006-0741
patch-tracking/retired/CVE-2006-0742
patch-tracking/retired/CVE-2006-0744
patch-tracking/retired/CVE-2006-1055
patch-tracking/retired/CVE-2006-1056
patch-tracking/retired/CVE-2006-1066
patch-tracking/retired/CVE-2006-1242
patch-tracking/retired/CVE-2006-1342
patch-tracking/retired/CVE-2006-1368
patch-tracking/retired/CVE-2006-1522
patch-tracking/retired/CVE-2006-1523
patch-tracking/retired/CVE-2006-1524
patch-tracking/retired/CVE-2006-1525
patch-tracking/retired/CVE-2006-1527
patch-tracking/retired/CVE-2006-1857
patch-tracking/retired/CVE-2006-1858
patch-tracking/retired/CVE-2006-1859
patch-tracking/retired/CVE-2006-1860
patch-tracking/retired/CVE-2006-1863
patch-tracking/retired/CVE-2006-1864
patch-tracking/retired/CVE-2006-2271
patch-tracking/retired/CVE-2006-2272
patch-tracking/retired/CVE-2006-2274
patch-tracking/retired/CVE-2006-2451
patch-tracking/retired/CVE-2006-3626
Removed:
patch-tracking/CVE-2002-0429
patch-tracking/CVE-2003-0001
patch-tracking/CVE-2003-0018
patch-tracking/CVE-2003-0127
patch-tracking/CVE-2003-0187
patch-tracking/CVE-2003-0244
patch-tracking/CVE-2003-0246
patch-tracking/CVE-2003-0247
patch-tracking/CVE-2003-0248
patch-tracking/CVE-2003-0364
patch-tracking/CVE-2003-0418
patch-tracking/CVE-2003-0461
patch-tracking/CVE-2003-0462
patch-tracking/CVE-2003-0464
patch-tracking/CVE-2003-0465
patch-tracking/CVE-2003-0467
patch-tracking/CVE-2003-0476
patch-tracking/CVE-2003-0501
patch-tracking/CVE-2003-0550
patch-tracking/CVE-2003-0551
patch-tracking/CVE-2003-0552
patch-tracking/CVE-2003-0643
patch-tracking/CVE-2003-0699
patch-tracking/CVE-2003-0700
patch-tracking/CVE-2003-0961
patch-tracking/CVE-2003-0984
patch-tracking/CVE-2003-0985
patch-tracking/CVE-2003-1040
patch-tracking/CVE-2004-0003
patch-tracking/CVE-2004-0010
patch-tracking/CVE-2004-0077
patch-tracking/CVE-2004-0109
patch-tracking/CVE-2004-0133
patch-tracking/CVE-2004-0136
patch-tracking/CVE-2004-0138
patch-tracking/CVE-2004-0177
patch-tracking/CVE-2004-0178
patch-tracking/CVE-2004-0181
patch-tracking/CVE-2004-0228
patch-tracking/CVE-2004-0229
patch-tracking/CVE-2004-0394
patch-tracking/CVE-2004-0415
patch-tracking/CVE-2004-0427
patch-tracking/CVE-2004-0447
patch-tracking/CVE-2004-0491
patch-tracking/CVE-2004-0495
patch-tracking/CVE-2004-0496
patch-tracking/CVE-2004-0497
patch-tracking/CVE-2004-0535
patch-tracking/CVE-2004-0554
patch-tracking/CVE-2004-0565
patch-tracking/CVE-2004-0587
patch-tracking/CVE-2004-0596
patch-tracking/CVE-2004-0619
patch-tracking/CVE-2004-0626
patch-tracking/CVE-2004-0685
patch-tracking/CVE-2004-0790
patch-tracking/CVE-2004-0812
patch-tracking/CVE-2004-0814
patch-tracking/CVE-2004-0816
patch-tracking/CVE-2004-0883
patch-tracking/CVE-2004-0887
patch-tracking/CVE-2004-0949
patch-tracking/CVE-2004-1016
patch-tracking/CVE-2004-1017
patch-tracking/CVE-2004-1056
patch-tracking/CVE-2004-1057
patch-tracking/CVE-2004-1058
patch-tracking/CVE-2004-1068
patch-tracking/CVE-2004-1069
patch-tracking/CVE-2004-1070
patch-tracking/CVE-2004-1071
patch-tracking/CVE-2004-1072
patch-tracking/CVE-2004-1073
patch-tracking/CVE-2004-1137
patch-tracking/CVE-2004-1144
patch-tracking/CVE-2004-1151
patch-tracking/CVE-2004-1190
patch-tracking/CVE-2004-1234
patch-tracking/CVE-2004-1235
patch-tracking/CVE-2004-1237
patch-tracking/CVE-2004-1333
patch-tracking/CVE-2004-1334
patch-tracking/CVE-2004-1335
patch-tracking/CVE-2004-1337
patch-tracking/CVE-2004-2013
patch-tracking/CVE-2004-2302
patch-tracking/CVE-2004-2536
patch-tracking/CVE-2004-2607
patch-tracking/CVE-2004-2660
patch-tracking/CVE-2005-0001
patch-tracking/CVE-2005-0003
patch-tracking/CVE-2005-0090
patch-tracking/CVE-2005-0091
patch-tracking/CVE-2005-0092
patch-tracking/CVE-2005-0135
patch-tracking/CVE-2005-0136
patch-tracking/CVE-2005-0137
patch-tracking/CVE-2005-0176
patch-tracking/CVE-2005-0177
patch-tracking/CVE-2005-0178
patch-tracking/CVE-2005-0180
patch-tracking/CVE-2005-0204
patch-tracking/CVE-2005-0207
patch-tracking/CVE-2005-0209
patch-tracking/CVE-2005-0210
patch-tracking/CVE-2005-0384
patch-tracking/CVE-2005-0400
patch-tracking/CVE-2005-0449
patch-tracking/CVE-2005-0528
patch-tracking/CVE-2005-0529
patch-tracking/CVE-2005-0530
patch-tracking/CVE-2005-0531
patch-tracking/CVE-2005-0532
patch-tracking/CVE-2005-0736
patch-tracking/CVE-2005-0749
patch-tracking/CVE-2005-0750
patch-tracking/CVE-2005-0756
patch-tracking/CVE-2005-0757
patch-tracking/CVE-2005-0767
patch-tracking/CVE-2005-0815
patch-tracking/CVE-2005-0839
patch-tracking/CVE-2005-0867
patch-tracking/CVE-2005-0916
patch-tracking/CVE-2005-1041
patch-tracking/CVE-2005-1263
patch-tracking/CVE-2005-1368
patch-tracking/CVE-2005-1369
patch-tracking/CVE-2005-1589
patch-tracking/CVE-2005-1761
patch-tracking/CVE-2005-1762
patch-tracking/CVE-2005-1763
patch-tracking/CVE-2005-1764
patch-tracking/CVE-2005-1765
patch-tracking/CVE-2005-1767
patch-tracking/CVE-2005-1768
patch-tracking/CVE-2005-1913
patch-tracking/CVE-2005-2098
patch-tracking/CVE-2005-2099
patch-tracking/CVE-2005-2100
patch-tracking/CVE-2005-2456
patch-tracking/CVE-2005-2457
patch-tracking/CVE-2005-2458
patch-tracking/CVE-2005-2459
patch-tracking/CVE-2005-2490
patch-tracking/CVE-2005-2492
patch-tracking/CVE-2005-2548
patch-tracking/CVE-2005-2553
patch-tracking/CVE-2005-2555
patch-tracking/CVE-2005-2708
patch-tracking/CVE-2005-2709
patch-tracking/CVE-2005-2800
patch-tracking/CVE-2005-2801
patch-tracking/CVE-2005-2872
patch-tracking/CVE-2005-2973
patch-tracking/CVE-2005-3053
patch-tracking/CVE-2005-3055
patch-tracking/CVE-2005-3106
patch-tracking/CVE-2005-3107
patch-tracking/CVE-2005-3108
patch-tracking/CVE-2005-3109
patch-tracking/CVE-2005-3110
patch-tracking/CVE-2005-3119
patch-tracking/CVE-2005-3179
patch-tracking/CVE-2005-3180
patch-tracking/CVE-2005-3181
patch-tracking/CVE-2005-3257
patch-tracking/CVE-2005-3271
patch-tracking/CVE-2005-3272
patch-tracking/CVE-2005-3273
patch-tracking/CVE-2005-3274
patch-tracking/CVE-2005-3275
patch-tracking/CVE-2005-3276
patch-tracking/CVE-2005-3356
patch-tracking/CVE-2005-3358
patch-tracking/CVE-2005-3359
patch-tracking/CVE-2005-3623
patch-tracking/CVE-2005-3783
patch-tracking/CVE-2005-3784
patch-tracking/CVE-2005-3805
patch-tracking/CVE-2005-3806
patch-tracking/CVE-2005-3807
patch-tracking/CVE-2005-3808
patch-tracking/CVE-2005-3809
patch-tracking/CVE-2005-3810
patch-tracking/CVE-2005-3847
patch-tracking/CVE-2005-3848
patch-tracking/CVE-2005-3857
patch-tracking/CVE-2005-3858
patch-tracking/CVE-2005-4351
patch-tracking/CVE-2005-4352
patch-tracking/CVE-2005-4605
patch-tracking/CVE-2005-4618
patch-tracking/CVE-2005-4635
patch-tracking/CVE-2005-4639
patch-tracking/CVE-2006-0035
patch-tracking/CVE-2006-0036
patch-tracking/CVE-2006-0037
patch-tracking/CVE-2006-0038
patch-tracking/CVE-2006-0039
patch-tracking/CVE-2006-0095
patch-tracking/CVE-2006-0096
patch-tracking/CVE-2006-0456
patch-tracking/CVE-2006-0457
patch-tracking/CVE-2006-0482
patch-tracking/CVE-2006-0554
patch-tracking/CVE-2006-0555
patch-tracking/CVE-2006-0557
patch-tracking/CVE-2006-0558
patch-tracking/CVE-2006-0741
patch-tracking/CVE-2006-0742
patch-tracking/CVE-2006-0744
patch-tracking/CVE-2006-1055
patch-tracking/CVE-2006-1056
patch-tracking/CVE-2006-1066
patch-tracking/CVE-2006-1242
patch-tracking/CVE-2006-1342
patch-tracking/CVE-2006-1368
patch-tracking/CVE-2006-1522
patch-tracking/CVE-2006-1523
patch-tracking/CVE-2006-1524
patch-tracking/CVE-2006-1525
patch-tracking/CVE-2006-1527
patch-tracking/CVE-2006-1857
patch-tracking/CVE-2006-1858
patch-tracking/CVE-2006-1859
patch-tracking/CVE-2006-1860
patch-tracking/CVE-2006-1863
patch-tracking/CVE-2006-1864
patch-tracking/CVE-2006-2271
patch-tracking/CVE-2006-2272
patch-tracking/CVE-2006-2274
patch-tracking/CVE-2006-2451
patch-tracking/CVE-2006-3626
Log:
retire issues that:
1) sarge is no longer vulnerable to
2) upstream >= 2.6.17.x has a fix
3) have no ubuntu kernels listed
these issues could still use some polishing - listing of patch names used,
fixed versions marked, etc - but they no longer need to be tracked
Deleted: patch-tracking/CVE-2002-0429
===================================================================
--- patch-tracking/CVE-2002-0429 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2002-0429 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,30 +0,0 @@
-Candidate: CVE-2002-0429
-References:
- CONFIRM:http://linux.bkbits.net:8080/linux-2.4/cset@3dd4f4b1MbvSSVddY8E_Yx0bGPux8w?nav=index.html|src/|src/arch|src/arch/i386|src/arch/i386/kernel|related/arch/i386/kernel/entry.S
- BUGTRAQ:20020308 linux <=2.4.18 x86 traps.c problem
- CONFIRM:http://www.openwall.com/linux/
- DEBIAN:DSA-311
- DEBIAN:DSA-312
- DEBIAN:DSA-332
- DEBIAN:DSA-336
- DEBIAN:DSA-442
- REDHAT:RHSA-2002:158
- BID:4259
- XF:linux-ibcs-lcall-process(8420)
-Description:
- The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local
- users to kill arbitrary processes via a a binary compatibility interface (lcall).
-Notes:
-Bugs:
-upstream: released (2.4.20)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: released (2.4.19-4.woody3)
-2.4.18-woody-security: released (2.4.18-6)
-2.4.17-woody-security: released (2.4.17-1woody1)
-2.4.16-woody-security: released (2.4.16-1woody3)
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
-2.4.18-woody-security-hppa: released (62.4)
Deleted: patch-tracking/CVE-2003-0001
===================================================================
--- patch-tracking/CVE-2003-0001 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2003-0001 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,39 +0,0 @@
-Candidate: CVE-2003-0001
-References:
- ATSTAKE:A010603-1
- URL:http://www.atstake.com/research/advisories/2003/a010603-1.txt
- BUGTRAQ:20030110 More information regarding Etherleak
- URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104222046632243&w=2
- VULNWATCH:20030110 More information regarding Etherleak
- URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.html
- MISC:http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf
- CERT-VN:VU#412115
- URL:http://www.kb.cert.org/vuls/id/412115
- REDHAT:RHSA-2003:025
- URL:http://www.redhat.com/support/errata/RHSA-2003-025.html
- OVAL:OVAL2665
- URL:http://oval.mitre.org/oval/definitions/data/oval2665.html
-Description:
- Multiple ethernet Network Interface Card (NIC) device drivers do not pad
- frames with null bytes, which allows remote attackers to obtain information
- from previous packets or kernel memory by using malformed packets, as
- demonstrated by Etherleak.
-Notes:
- dannf> A number of drivers had to be fixed, but when looking to see where this
- dannf> patch had been applied, I just tracked the de600.c file changes. My
- dannf> assumption is that all of the other drivers got fixed at the same time.
- .
- dannf> I've e-mailed the security team + mdz, asking for a patch
-Bugs:
-upstream: released (2.4.21-pre4)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: needed
-2.4.18-woody-security: released (2.4.18-7)
-2.4.17-woody-security: released (2.4.17-1woody1)
-2.4.16-woody-security: needed
-2.4.17-woody-security-hppa: needed
-2.4.17-woody-security-ia64: needed
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2003-0018
===================================================================
--- patch-tracking/CVE-2003-0018 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2003-0018 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,39 +0,0 @@
-Candidate: CVE-2003-0018
-References:
- DEBIAN:DSA-358
- DEBIAN:DSA-423
- MANDRAKE:MDKSA-2003:014
- REDHAT:RHSA-2003:025
- BID:6763
- XF:linux-odirect-information-leak(11249)
-Description:
- Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the
- O_DIRECT feature, which allows local attackers with write privileges to
- read portions of previously deleted files, or cause file system
- corruption.
-Notes:
- dannf> It looks like the fix that was used in woody is to diable
- dannf> O_DIRECT. Is this the upstream fix?
- dannf> http://linux.bkbits.net:8080/linux-2.4/cset@3da0af3a87N78_-K9uAzGF_5cLsRkA?nav=index.html|tags|ChangeSet@..1.717.1.11
- dannf> I've asked hch via e-mail
- .
- dannf> and here's his response:
- .
- The big O_DIRECT issues we had a while ago involved redoing large parts of
- the locking so it's definitily not the patch above. It was fixed in 2.4.2x
- for x = 2 or 3 IIRC. The 2.5.27 kernels in sarge ff are definitly okay.
- .
- dannf> Therefore, I'm marking >= sarge kernels N/A
-Bugs:
-upstream:
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: released (2.4.19-4.woody3)
-2.4.18-woody-security: released (2.4.18-10)
-2.4.17-woody-security: released (2.4.17-1woody4)
-2.4.16-woody-security: released (2.4.16-1woody3)
-2.4.17-woody-security-hppa: released (32.5)
-2.4.17-woody-security-ia64: released (011226.14.1)
-2.4.18-woody-security-hppa: released (62.4)
Deleted: patch-tracking/CVE-2003-0127
===================================================================
--- patch-tracking/CVE-2003-0127 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2003-0127 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,63 +0,0 @@
-Candidate: CVE-2003-0127
-References:
- VULNWATCH:20030317 Fwd: Ptrace hole / Linux 2.2.25
- URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0134.html
- REDHAT:RHSA-2003:098
- URL:http://rhn.redhat.com/errata/RHSA-2003-098.html
- REDHAT:RHSA-2003:088
- URL:http://rhn.redhat.com/errata/RHSA-2003-088.html
- SUSE:SuSE-SA:2003:021
- ENGARDE:ESA-20030318-009
- DEBIAN:DSA-270
- URL:http://www.debian.org/security/2003/dsa-270
- DEBIAN:DSA-276
- URL:http://www.debian.org/security/2003/dsa-276
- DEBIAN:DSA-311
- URL:http://www.debian.org/security/2003/dsa-311
- DEBIAN:DSA-312
- URL:http://www.debian.org/security/2003/dsa-312
- DEBIAN:DSA-332
- URL:http://www.debian.org/security/2003/dsa-332
- DEBIAN:DSA-336
- URL:http://www.debian.org/security/2003/dsa-336
- DEBIAN:DSA-423
- URL:http://www.debian.org/security/2004/dsa-423
- DEBIAN:DSA-495
- URL:http://www.debian.org/security/2004/dsa-495
- MANDRAKE:MDKSA-2003:038
- URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:038
- MANDRAKE:MDKSA-2003:039
- URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:039
- CALDERA:CSSA-2003-020.0
- URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-020.0.txt
- ENGARDE:ESA-20030515-017
- URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105301461726555&w=2
- REDHAT:RHSA-2003:145
- URL:http://www.redhat.com/support/errata/RHSA-2003-145.html
- GENTOO:GLSA-200303-17
- URL:http://security.gentoo.org/glsa/glsa-200303-17.xml
- CERT-VN:VU#628849
- URL:http://www.kb.cert.org/vuls/id/628849
- OVAL:OVAL254
- URL:http://oval.mitre.org/oval/definitions/data/oval254.html
-Description:
- The kernel module loader in Linux kernel 2.2.x before 2.2.25, and
- 2.4.x before 2.4.21, allows local users to gain root privileges by
- using ptrace to attach to a child process that is spawned by the
- kernel.
-Notes:
- Changeset comments say "Linux 2.5 is not believed to be vulnerable.",
- so marking this issue as N/A for 2.6.
-Bugs:
-upstream: released (2.4.21-pre6)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: released (2.4.19-4.woody2)
-2.4.18-woody-security: released (2.4.18-7)
-2.4.17-woody-security: released (2.4.17-1woody1)
-2.4.16-woody-security: released (2.4.16-1woody2)
-2.4.17-woody-security-hppa: released (32.5)
-2.4.17-woody-security-ia64: released (011226.14.1)
-2.4.18-woody-security-hppa: released (62.4)
Deleted: patch-tracking/CVE-2003-0187
===================================================================
--- patch-tracking/CVE-2003-0187 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2003-0187 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,26 +0,0 @@
-Candidate: CVE-2003-0187
-References:
- http://marc.theaimsgroup.com/?l=bugtraq&m=105986028426824&w=2
- http://oval.mitre.org/oval/definitions/data/oval260.html
-Description:
- The connection tracking core of Netfilter for Linux 2.4.20, with
- CONFIG_IP_NF_CONNTRACK enabled or the ip_conntrack module loaded, allows remote
- attackers to cause a denial of service (resource consumption) due to an
- inconsistency with Linux 2.4.20's support of linked lists, which causes
- Netfilter to fail to identify connections with an UNCONFIRMED status and
- use large timeouts.
-Notes:
- This was fixed before 2.6.0:
- http://linux.bkbits.net:8080/linux-2.6/cset@3e631f9evO15b8EcYa8btEi07F2mYQ?nav=index.html|src/|src/include|src/include/linux|src/include/linux/netfilter_ipv4|related/include/linux/netfilter_ipv4/ip_conntrack.h
-Bugs:
-upstream: released (2.4.21)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2003-0244
===================================================================
--- patch-tracking/CVE-2003-0244 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2003-0244 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,51 +0,0 @@
-Candidate: CVE-2003-0244
-References:
- VULNWATCH:20030517 Algorithmic Complexity Attacks and the Linux Networking Code
- URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0073.html
- MISC:http://www.enyo.de/fw/security/notes/linux-dst-cache-dos.html
- MISC:http://marc.theaimsgroup.com/?l=linux-kernel&m=104956079213417
- REDHAT:RHSA-2003:145
- URL:http://www.redhat.com/support/errata/RHSA-2003-145.html
- REDHAT:RHSA-2003:147
- URL:http://www.redhat.com/support/errata/RHSA-2003-147.html
- REDHAT:RHSA-2003:172
- URL:http://www.redhat.com/support/errata/RHSA-2003-172.html
- ENGARDE:ESA-20030515-017
- URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105301461726555&w=2
- DEBIAN:DSA-311
- URL:http://www.debian.org/security/2003/dsa-311
- DEBIAN:DSA-312
- URL:http://www.debian.org/security/2003/dsa-312
- DEBIAN:DSA-332
- URL:http://www.debian.org/security/2003/dsa-332
- DEBIAN:DSA-336
- URL:http://www.debian.org/security/2003/dsa-336
- DEBIAN:DSA-442
- URL:http://www.debian.org/security/2004/dsa-442
- MANDRAKE:MDKSA-2003:066
- URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:066
- MANDRAKE:MDKSA-2003:074
- URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:074
- BUGTRAQ:20030618 [slackware-security] 2.4.21 kernels available (SSA:2003-168-01)
- URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105595901923063&w=2
- OVAL:OVAL261
- URL:http://oval.mitre.org/oval/definitions/data/oval261.html
-Description:
- The route cache implementation in Linux 2.4, and the Netfilter IP conntrack
- module, allows remote attackers to cause a denial of service (CPU consumption)
- via packets with forged source addresses that cause a large number of hash
- table collisions.
-Notes:
-Bugs:
-upstream: released (2.4.21-rc2)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: released
-2.4.18-woody-security: released (2.4.18-8)
-2.4.17-woody-security: released (2.4.17-1woody1)
-2.4.16-woody-security: released (2.4.16-1woody3)
-2.4.17-woody-security-hppa: released (32.5)
-2.4.17-woody-security-ia64: released (011226.14.1)
-2.4.18-woody-security-hppa: released (62.4)
Deleted: patch-tracking/CVE-2003-0246
===================================================================
--- patch-tracking/CVE-2003-0246 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2003-0246 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,51 +0,0 @@
-Candidate: CVE-2003-0246
-References:
- REDHAT:RHSA-2003:172
- URL:http://www.redhat.com/support/errata/RHSA-2003-172.html
- REDHAT:RHSA-2003:147
- URL:http://www.redhat.com/support/errata/RHSA-2003-147.html
- ENGARDE:ESA-20030515-017
- URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105301461726555&w=2
- DEBIAN:DSA-311
- URL:http://www.debian.org/security/2003/dsa-311
- DEBIAN:DSA-312
- URL:http://www.debian.org/security/2003/dsa-312
- DEBIAN:DSA-332
- URL:http://www.debian.org/security/2003/dsa-332
- DEBIAN:DSA-336
- URL:http://www.debian.org/security/2003/dsa-336
- DEBIAN:DSA-442
- URL:http://www.debian.org/security/2004/dsa-442
- MANDRAKE:MDKSA-2003:066
- URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:066
- MANDRAKE:MDKSA-2003:074
- URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:074
- TURBO:TLSA-2003-41
- URL:http://www.turbolinux.com/security/TLSA-2003-41.txt
- VULNWATCH:20030520 Linux 2.4 kernel ioperm vuln
- URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0076.html
- OVAL:OVAL278
- URL:http://oval.mitre.org/oval/definitions/data/oval278.html
-Description:
- The ioperm system call in Linux kernel 2.4.20 and earlier does not properly
- restrict privileges, which allows local users to gain read or write access to
- certain I/O ports.
-Notes:
- It looks like the patch originally included in woody was just a one line
- change; whereas there were two larger patches that went upstream. I'm
- moving our trees forward to the upstream one.
- .
- Patch is x86 only.
-Bugs:
-upstream: released (2.4.21-rc4)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: released (2.4.19-4.woody3)
-2.4.18-woody-security: pending (2.4.18-14.5)
-2.4.17-woody-security: released (2.4.17-1woody4)
-2.4.16-woody-security: released (2.4.16-1woody3)
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: released (011226.14.1)
-2.4.18-woody-security-hppa: N/A
Deleted: patch-tracking/CVE-2003-0247
===================================================================
--- patch-tracking/CVE-2003-0247 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2003-0247 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,43 +0,0 @@
-Candidate: CVE-2003-0247
-References:
- REDHAT:RHSA-2003:187
- URL:http://www.redhat.com/support/errata/RHSA-2003-187.html
- REDHAT:RHSA-2003:195
- URL:http://www.redhat.com/support/errata/RHSA-2003-195.html
- REDHAT:RHSA-2003:198
- URL:http://www.redhat.com/support/errata/RHSA-2003-198.html
- DEBIAN:DSA-311
- URL:http://www.debian.org/security/2003/dsa-311
- DEBIAN:DSA-312
- URL:http://www.debian.org/security/2003/dsa-312
- DEBIAN:DSA-332
- URL:http://www.debian.org/security/2003/dsa-332
- DEBIAN:DSA-336
- URL:http://www.debian.org/security/2003/dsa-336
- DEBIAN:DSA-442
- URL:http://www.debian.org/security/2004/dsa-442
- MANDRAKE:MDKSA-2003:066
- URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:066
- MANDRAKE:MDKSA-2003:074
- URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:074
- TURBO:TLSA-2003-41
- URL:http://www.turbolinux.com/security/TLSA-2003-41.txt
- OVAL:OVAL284
- URL:http://oval.mitre.org/oval/definitions/data/oval284.html
-Description:
- Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows
- attackers to cause a denial of service ("kernel oops").
-Notes:
-Bugs:
-upstream: released (2.4.21-rc3)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: released (2.4.19-4.woody3)
-2.4.18-woody-security: released (2.4.18-9)
-2.4.17-woody-security: released (2.4.17-1woody1)
-2.4.16-woody-security: released (2.4.16-1woody3)
-2.4.17-woody-security-hppa: released (32.5)
-2.4.17-woody-security-ia64: released (011226.14.1)
-2.4.18-woody-security-hppa: released (62.4)
Deleted: patch-tracking/CVE-2003-0248
===================================================================
--- patch-tracking/CVE-2003-0248 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2003-0248 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,43 +0,0 @@
-Candidate: CVE-2003-0248
-References:
- REDHAT:RHSA-2003:187
- URL:http://www.redhat.com/support/errata/RHSA-2003-187.html
- REDHAT:RHSA-2003:195
- URL:http://www.redhat.com/support/errata/RHSA-2003-195.html
- DEBIAN:DSA-311
- URL:http://www.debian.org/security/2003/dsa-311
- DEBIAN:DSA-312
- URL:http://www.debian.org/security/2003/dsa-312
- DEBIAN:DSA-332
- URL:http://www.debian.org/security/2003/dsa-332
- DEBIAN:DSA-336
- URL:http://www.debian.org/security/2003/dsa-336
- DEBIAN:DSA-442
- URL:http://www.debian.org/security/2004/dsa-442
- MANDRAKE:MDKSA-2003:066
- URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:066
- MANDRAKE:MDKSA-2003:074
- URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:074
- TURBO:TLSA-2003-41
- URL:http://www.turbolinux.com/security/TLSA-2003-41.txt
- OVAL:OVAL292
- URL:http://oval.mitre.org/oval/definitions/data/oval292.html
-Description:
- The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state
- registers via a malformed address.
-Notes:
- dannf> I think this is the patch:
- dannf> http://linux.bkbits.net:8080/linux-2.4/cset@3f293760h0HL1XxaPHNYxPXmpO1k8g?nav=index.html|src/|src/arch|src/arch/i386|src/arch/i386/kernel|related/arch/i386/kernel/i387.c
-Bugs:
-upstream: released (2.4.22-pre10)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: released (2.4.19-4.woody3)
-2.4.18-woody-security: released (2.4.18-9)
-2.4.17-woody-security: released (2.4.17-1woody1)
-2.4.16-woody-security: released (2.4.16-1woody3)
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: released (011226.14.1)
-2.4.18-woody-security-hppa: N/A
Deleted: patch-tracking/CVE-2003-0364
===================================================================
--- patch-tracking/CVE-2003-0364 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2003-0364 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,41 +0,0 @@
-Candidate: CVE-2003-0364
-References:
- REDHAT:RHSA-2003:187
- URL:http://www.redhat.com/support/errata/RHSA-2003-187.html
- REDHAT:RHSA-2003:195
- URL:http://www.redhat.com/support/errata/RHSA-2003-195.html
- REDHAT:RHSA-2003:198
- URL:http://www.redhat.com/support/errata/RHSA-2003-198.html
- DEBIAN:DSA-311
- URL:http://www.debian.org/security/2003/dsa-311
- DEBIAN:DSA-312
- URL:http://www.debian.org/security/2003/dsa-312
- DEBIAN:DSA-332
- URL:http://www.debian.org/security/2003/dsa-332
- DEBIAN:DSA-336
- URL:http://www.debian.org/security/2003/dsa-336
- DEBIAN:DSA-442
- URL:http://www.debian.org/security/2004/dsa-442
- TURBO:TLSA-2003-41
- URL:http://www.turbolinux.com/security/TLSA-2003-41.txt
- OVAL:OVAL295
- URL:http://oval.mitre.org/oval/definitions/data/oval295.html
-Description:
- The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote
- attackers to cause a denial of service (CPU consumption) via certain packets that
- cause a large number of hash table collisions.
-Notes:
-Bugs:
-upstream: released (2.4.21-rc7)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.2.20-woody-security: released (2.2.20-5woody2)
-2.4.19-woody-security: released (2.4.19-4.woody3)
-2.4.18-woody-security: released (2.4.18-9)
-2.4.17-woody-security: released (2.4.17-1woody1)
-2.4.16-woody-security: released (2.4.16-1woody3)
-2.4.17-woody-security-hppa: released (32.5)
-2.4.17-woody-security-ia64: released (011226.14.1)
-2.4.18-woody-security-hppa: released (62.4)
Deleted: patch-tracking/CVE-2003-0418
===================================================================
--- patch-tracking/CVE-2003-0418 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2003-0418 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,22 +0,0 @@
-Candidate: CVE-2003-0418
-References:
- http://marc.theaimsgroup.com/?l=bugtraq&m=105519179005065&w=2
- http://www.cartel-securite.fr/pbiondi/adv/CARTSA-20030314-icmpleak.txt
- http://www.kb.cert.org/vuls/id/471084
-Description:
- The Linux 2.0 kernel IP stack does not properly calculate the size of an ICMP
- citation, which causes it to include portions of unauthorized memory in ICMP
- error responses.
-Notes:
-Bugs:
-upstream:
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2003-0461
===================================================================
--- patch-tracking/CVE-2003-0461 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2003-0461 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,37 +0,0 @@
-Candidate: CVE-2003-0461
-References:
- MISC:http://rsbac.dyndns.org/pipermail/rsbac/2002-May/000162.html
- REDHAT:RHSA-2003:238
- URL:http://www.redhat.com/support/errata/RHSA-2003-238.html
- REDHAT:RHSA-2004:188
- URL:http://www.redhat.com/support/errata/RHSA-2004-188.html
- DEBIAN:DSA-358
- URL:http://www.debian.org/security/2004/dsa-358
- DEBIAN:DSA-423
- URL:http://www.debian.org/security/2004/dsa-423
- OVAL:OVAL304
- URL:http://oval.mitre.org/oval/definitions/data/oval304.html
- OVAL:OVAL997
- URL:http://oval.mitre.org/oval/definitions/data/oval997.html
- Description:
- /proc/tty/driver/serial in Linux 2.4.x reveals the exact number
- of characters used in serial links, which could allow local users
- to obtain potentially sensitive information such as the length of
- passwords.
-Notes:
- dannf> Here's the patches I used:
- http://linux.bkbits.net:8080/linux-2.4/cset@41a6020dX1GoVx_Eydy1jUOqc11tpw?nav=index.html|src/|src/fs|src/fs/proc|related/fs/proc/proc_tty.c
- http://linux.bkbits.net:8080/linux-2.4/cset@41aca810DvutJ8aEj43OuUqJ4e1EIw?nav=index.html|src/|src/include|src/include/linux|related/include/linux/proc_fs.h
-Bugs:
-upstream: released (2.4.29-pre2, 2.6.1)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: released (2.4.27-1) [025_proc_tty_security.diff]
-2.4.19-woody-security: released (2.4.19-4.woody3)
-2.4.18-woody-security: released (2.4.18-10)
-2.4.17-woody-security: released (2.4.17-1woody4)
-2.4.16-woody-security: released (2.4.16-1woody3)
-2.4.17-woody-security-hppa: released (32.5)
-2.4.17-woody-security-ia64: released (011226.14.1)
-2.4.18-woody-security-hppa: released (62.4)
Deleted: patch-tracking/CVE-2003-0462
===================================================================
--- patch-tracking/CVE-2003-0462 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2003-0462 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,48 +0,0 @@
-Candidate: CVE-2003-0462
-References:
- REDHAT:RHSA-2003:198
- URL:http://www.redhat.com/support/errata/RHSA-2003-198.html
- REDHAT:RHSA-2003:238
- URL:http://www.redhat.com/support/errata/RHSA-2003-238.html
- DEBIAN:DSA-358
- URL:http://www.debian.org/security/2004/dsa-358
- DEBIAN:DSA-423
- URL:http://www.debian.org/security/2004/dsa-423
- OVAL:OVAL309
- URL:http://oval.mitre.org/oval/definitions/data/oval309.html
-Description:
- A race condition in the way env_start and env_end pointers are
- initialized in the execve system call and used in fs/proc/base.c
- on Linux 2.4 allows local users to cause a denial of service
- (crash).
-Notes:
- The fix for 2.4 went into a larger patch:
- http://linux.bkbits.net:8080/linux-2.4/cset@41c68e9bogrpceA9rUJa-xHwBd-P6g?nav=index.html|src/|src/fs|src/fs/proc|related/fs/proc/base.c
- However, the patch for 2.6 is much simpler:
- http://linux.bkbits.net:8080/linux-2.6/cset@3ff1101fZfOZMtqtcvKc_s-agJpLrQ?nav=index.html|src/|src/fs|src/fs/proc|related/fs/proc/base.c
- Unfortunately, it doesn't apply cleanly to 2.4. It looks like
- the fix included in 2.4.18-10 just re-typed len in
- proc_pid_environ; while in 2.6 len was also retyped in
- proc_pid_cmdline. Only the former deals with evn_end/env_start
- pointers and the latter doesn't apply cleanly to 2.4, so I'm
- just making the proc_pid_environ change.
- .
- hrm.. maybe there was an earlier patch to 2.4; the above 2.4
- patch didn't go in till 2.4.29, yet it looks like this was
- already fixed in our 2.4.27 .orig.tar.gz
- .
- jmm> I assume this was fixed upstream in 2.4.22-pre10?
- jmm> o Fix /proc/self security issue
-Bugs:
-upstream: released (2.6.1), released (2.4.22-pre10)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: released (2.4.19-4.woody3)
-2.4.18-woody-security: released (2.4.18-10)
-2.4.17-woody-security: released (2.4.17-1woody4)
-2.4.16-woody-security: released (2.4.16-1woody3)
-2.4.17-woody-security-hppa: released (32.5)
-2.4.17-woody-security-ia64: released (011226.14.1)
-2.4.18-woody-security-hppa: released (62.4)
Deleted: patch-tracking/CVE-2003-0464
===================================================================
--- patch-tracking/CVE-2003-0464 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2003-0464 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,28 +0,0 @@
-Candidate: CVE-2003-0464
-References:
- http://www.redhat.com/support/errata/RHSA-2003-238.html
- http://oval.mitre.org/oval/definitions/data/oval311.html
-Description:
- The RPC code in Linux kernel 2.4 sets the reuse flag when sockets are created,
- which could allow local users to bind to UDP ports that are used by privileged
- services such as nfsd.
-Notes:
- I couldn't locate the patches RedHat & SuSE used, but Connectiva apparently
- just #if 0'd out the sock->sk->reuse = 1; line in svcsock.c:svc_create_socket.
- Upstream didn't disable it altogether; just for UDP
- http://linux.bkbits.net:8080/linux-2.4/cset@3f1bdcc9r8An_GKkjlXeHBYDYOY11A?nav=index.html|src/|src/net|src/net/sunrpc|related/net/sunrpc/svcsock.c
- I'm guessing this is a UDP-only problem, so that is probably the fix we want.
- .
- This fix was in before 2.6.0.
-Bugs:
-upstream: released (2.4.22-pre8)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
Deleted: patch-tracking/CVE-2003-0465
===================================================================
--- patch-tracking/CVE-2003-0465 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2003-0465 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,35 +0,0 @@
-Candidate: CVE-2003-0465
-References:
- CONFIRM:http://marc.theaimsgroup.com/?l=linux-kernel&m=105796021120436&w=2
- CONFIRM:http://marc.theaimsgroup.com/?l=linux-kernel&m=105796415223490&w=2
- REDHAT:RHSA-2004:188
- URL:http://www.redhat.com/support/errata/RHSA-2004-188.html
-Description:
- The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad
- the buffer on architectures other than x86, as opposed to the expected
- behavior of strncpy as implemented in libc, which could lead to
- information leaks.
-Notes:
- 2.4.27-8 fixes s390x, ppc64 and s390 but leaves mips & alpha unfixed.
- .
- horms> N.B. This bug appears to be minor at best
- horms> http://marc.theaimsgroup.com/?l=linux-kernel&m=105796021120436&w=2
- .
- dannf> Since this is minor, I'm gonna consider the existing patch "good enough"
- dannf> and mark the 2.4 issues as complete.
- jmm> Alan Cox wrote in above URL that these will be addressed during the 2.5
- jmm> cycle, so I guess it's pretty safe to make all the 2.6 kernels as fixed
- jmm> The ramifications are minor anyway
-Bugs:
-upstream:
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: released (2.4.27-8)
-2.4.19-woody-security: released (2.4.19-4.woody3)
-2.4.18-woody-security: needed
-2.4.17-woody-security: released (2.4.17-1woody4)
-2.4.16-woody-security: released (2.4.16-1woody3)
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
-2.4.18-woody-security-hppa: N/A
Deleted: patch-tracking/CVE-2003-0467
===================================================================
--- patch-tracking/CVE-2003-0467 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2003-0467 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,26 +0,0 @@
-Candidate: CVE-2003-0467
-References:
- http://marc.theaimsgroup.com/?l=bugtraq&m=105985703724758&w=2
-Description:
- Unknown vulnerability in ip_nat_sack_adjust of Netfilter in Linux kernels
- 2.4.20, and some 2.5.x, when CONFIG_IP_NF_NAT_FTP or CONFIG_IP_NF_NAT_IRC is
- enabled, or the ip_nat_ftp or ip_nat_irc modules are loaded, allows remote
- attackers to cause a denial of service (crash) in systems using NAT, possibly
- due to an integer signedness error.
-Notes:
- http://linux.bkbits.net:8080/linux-2.4/cset@3ea42919d7UMn5WVhEYYcN5hnvM6fA?nav=index.html|src/|src/net|src/net/ipv4|src/net/ipv4/netfilter|related/net/ipv4/netfilter/ip_nat_helper.c
- .
- Looks like this was fixed before 2.6.0:
- http://linux.bkbits.net:8080/linux-2.6/cset@3eb76c8aWimEpZAEU5Xbu-LPK-NxeA?nav=index.html|src/|src/net|src/net/ipv4|src/net/ipv4/netfilter|related/net/ipv4/netfilter/ip_nat_helper.c
-Bugs:
-upstream: released (2.4.21-rc1)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
Deleted: patch-tracking/CVE-2003-0476
===================================================================
--- patch-tracking/CVE-2003-0476 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2003-0476 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,38 +0,0 @@
-Candidate: CVE-2003-0476
-References:
- BUGTRAQ:20030626 Linux 2.4.x execve() file read race vulnerability
- URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105664924024009&w=2
- MANDRAKE:MDKSA-2003:074
- URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:074
- REDHAT:RHSA-2003:238
- URL:http://www.redhat.com/support/errata/RHSA-2003-238.html
- REDHAT:RHSA-2003:368
- URL:http://www.redhat.com/support/errata/RHSA-2003-368.html
- REDHAT:RHSA-2003:408
- URL:http://www.redhat.com/support/errata/RHSA-2003-408.html
- SUSE:SuSE-SA:2003:034
- DEBIAN:DSA-358
- URL:http://www.debian.org/security/2004/dsa-358
- DEBIAN:DSA-423
- URL:http://www.debian.org/security/2004/dsa-423
- OVAL:OVAL327
- URL:http://oval.mitre.org/oval/definitions/data/oval327.html
-Description:
- The execve system call in Linux 2.4.x records the file
- descriptor of the executable process in the file table of the
- calling process, which allows local users to gain read access to
- restricted file descriptors.
-Notes:
-Bugs:
-upstream: released (2.4.22-pre4, 2.6.1)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: released (2.4.19-4.woody3)
-2.4.18-woody-security: released (2.4.18-10)
-2.4.17-woody-security: released (2.4.17-1woody4)
-2.4.16-woody-security: released (2.4.16-1woody3)
-2.4.17-woody-security-hppa: released (32.5)
-2.4.17-woody-security-ia64: released (011226.14.1)
-2.4.18-woody-security-hppa: released (62.4)
Deleted: patch-tracking/CVE-2003-0501
===================================================================
--- patch-tracking/CVE-2003-0501 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2003-0501 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,34 +0,0 @@
-Candidate: CVE-2003-0501
-References:
- BUGTRAQ:20030620 Linux /proc sensitive information disclosure
- URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105621758104242
- REDHAT:RHSA-2003:198
- URL:http://www.redhat.com/support/errata/RHSA-2003-198.html
- REDHAT:RHSA-2003:238
- URL:http://www.redhat.com/support/errata/RHSA-2003-238.html
- SUSE:SuSE-SA:2003:034
- DEBIAN:DSA-358
- URL:http://www.debian.org/security/2004/dsa-358
- DEBIAN:DSA-423
- URL:http://www.debian.org/security/2004/dsa-423
- OVAL:OVAL328
- URL:http://oval.mitre.org/oval/definitions/data/oval328.html
-Description:
- The /proc filesystem in Linux allows local users to obtain
- sensitive information by opening various entries in /proc/self
- before executing a setuid program, which causes the program to
- fail to change the ownership and permissions of those entries.
-Notes:
-Bugs:
-upstream: released (2.4.22-pre10)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: released (2.4.19-4.woody3)
-2.4.18-woody-security: released (2.4.18-10)
-2.4.17-woody-security: released (2.4.17-1woody4)
-2.4.16-woody-security: released (2.4.16-1woody3)
-2.4.17-woody-security-hppa: released (32.5)
-2.4.17-woody-security-ia64: released (011226.14.1)
-2.4.18-woody-security-hppa: released (62.4)
Deleted: patch-tracking/CVE-2003-0550
===================================================================
--- patch-tracking/CVE-2003-0550 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2003-0550 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,27 +0,0 @@
-Candidate: CVE-2003-0550
-References:
- REDHAT:RHSA-2003:238
- URL:http://www.redhat.com/support/errata/RHSA-2003-238.html
- DEBIAN:DSA-358
- URL:http://www.debian.org/security/2004/dsa-358
- DEBIAN:DSA-423
- URL:http://www.debian.org/security/2004/dsa-423
- OVAL:OVAL380
- URL:http://oval.mitre.org/oval/definitions/data/oval380.html
-Description:
- The STP protocol, as enabled in Linux 2.4.x, does not provide sufficient
- security by design, which allows attackers to modify the bridge topology.
-Notes:
-Bugs:
-upstream: released (2.4.22-pre3)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: released (2.4.19-4.woody3)
-2.4.18-woody-security: released (2.4.18-10)
-2.4.17-woody-security: released (2.4.17-1woody4)
-2.4.16-woody-security: released (2.4.16-1woody3)
-2.4.17-woody-security-hppa: released (32.5)
-2.4.17-woody-security-ia64: released (011226.14.1)
-2.4.18-woody-security-hppa: released (62.4)
Deleted: patch-tracking/CVE-2003-0551
===================================================================
--- patch-tracking/CVE-2003-0551 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2003-0551 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,29 +0,0 @@
-Candidate: CVE-2003-0551
-References:
- REDHAT:RHSA-2003:198
- URL:http://www.redhat.com/support/errata/RHSA-2003-198.html
- REDHAT:RHSA-2003:238
- URL:http://www.redhat.com/support/errata/RHSA-2003-238.html
- DEBIAN:DSA-358
- URL:http://www.debian.org/security/2004/dsa-358
- DEBIAN:DSA-423
- URL:http://www.debian.org/security/2004/dsa-423
- OVAL:OVAL384
- URL:http://oval.mitre.org/oval/definitions/data/oval384.html
-Description:
- The STP protocol implementation in Linux 2.4.x does not properly verify
- certain lengths, which could allow attackers to cause a denial of service.
-Notes:
-Bugs:
-upstream: released (2.4.22-pre3)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: released (2.4.19-4.woody3)
-2.4.18-woody-security: released (2.4.18-10)
-2.4.17-woody-security: released (2.4.17-1woody4)
-2.4.16-woody-security: released (2.4.16-1woody3)
-2.4.17-woody-security-hppa: released (32.5)
-2.4.17-woody-security-ia64: released (011226.14.1)
-2.4.18-woody-security-hppa: released (62.4)
Deleted: patch-tracking/CVE-2003-0552
===================================================================
--- patch-tracking/CVE-2003-0552 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2003-0552 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,29 +0,0 @@
-Candidate: CVE-2003-0552
-References:
- REDHAT:RHSA-2003:198
- URL:http://www.redhat.com/support/errata/RHSA-2003-198.html
- REDHAT:RHSA-2003:238
- URL:http://www.redhat.com/support/errata/RHSA-2003-238.html
- DEBIAN:DSA-358
- URL:http://www.debian.org/security/2004/dsa-358
- DEBIAN:DSA-423
- URL:http://www.debian.org/security/2004/dsa-423
- OVAL:OVAL385
- URL:http://oval.mitre.org/oval/definitions/data/oval385.html
-Description:
- Linux 2.4.x allows remote attackers to spoof the bridge Forwarding table
- via forged packets whose source addresses are the same as the target.
-Notes:
-Bugs:
-upstream: released (2.4.22-pre3)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: released (2.4.19-4.woody3)
-2.4.18-woody-security: released (2.4.18-10)
-2.4.17-woody-security: released (2.4.17-1woody4)
-2.4.16-woody-security: released (2.4.16-1woody3)
-2.4.17-woody-security-hppa: released (32.5)
-2.4.17-woody-security-ia64: released (011226.14.1)
-2.4.18-woody-security-hppa: released (62.4)
Deleted: patch-tracking/CVE-2003-0643
===================================================================
--- patch-tracking/CVE-2003-0643 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2003-0643 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,26 +0,0 @@
-Candidate: CVE-2003-0643
-References:
- http://www.ultramonkey.org/bugs/cve/CAN-2003-0643.shtml
- http://www.ultramonkey.org/bugs/cve-patch/CAN-2003-0643.patch
- http://gentoo.kems.net/gentoo-x86-portage/sys-kernel/gentoo-sources/ChangeLog
- http://mirror.clarkson.edu/pub/distributions/gentoo-portage/sys-kernel/wolk-sources/ChangeLog
- http://ftp.belnet.be/linux/gentoo-portage/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.CAN-2003-0643.patch
-Description:
- Integer signedness error in the Linux Socket Filter implementation (filter.c)
- in Linux 2.4.3-pre3 to 2.4.22-pre10 allows attackers to cause a denial of
- service (crash).
-Notes:
- Fixed before 2.6.0:
- http://linux.bkbits.net:8080/linux-2.4/cset@3f216072qjoeL8BVUjH-swPkd1CRgA?nav=index.html|src/|src/net|src/net/core|related/net/core/filter.c
-Bugs:
-upstream: released (2.4.22-pre10)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
Deleted: patch-tracking/CVE-2003-0699
===================================================================
--- patch-tracking/CVE-2003-0699 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2003-0699 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,25 +0,0 @@
-Candidate: CVE-2003-0699
-References:
- http://www.redhat.com/support/errata/RHSA-2003-198.html
- http://www.redhat.com/support/errata/RHSA-2003-238.html
- http://oval.mitre.org/oval/definitions/data/oval387.html
-Description:
- The C-Media PCI sound driver in Linux before 2.4.21 does not use the get_user
- function to access userspace, which crosses security boundaries and may
- facilitate the exploitation of vulnerabilities, a different vulnerability than
- CVE-2003-0700.
-Notes:
- Fixed before 2.6.0. 2.4 patch:
- http://linux.bkbits.net:8080/linux-2.4/cset@3eb6f77bdzIdwwIbhYPVK6Cu16OhBQ?nav=index.html|src/|src/drivers|src/drivers/sound|related/drivers/sound/cmpci.c
-Bugs:
-upstream: released (2.4.21-rc2)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
Deleted: patch-tracking/CVE-2003-0700
===================================================================
--- patch-tracking/CVE-2003-0700 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2003-0700 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,25 +0,0 @@
-Candidate: CVE-2003-0700
-References:
- http://www.redhat.com/support/errata/RHSA-2003-238.html
- http://www.redhat.com/support/errata/RHSA-2004-044.html
- http://oval.mitre.org/oval/definitions/data/oval401.html
-Description:
- The C-Media PCI sound driver in Linux before 2.4.22 does not use the get_user
- function to access userspace in certain conditions, which crosses security
- boundaries and may facilitate the exploitation of vulnerabilities, a different
- vulnerability than CVE-2003-0699.
-Notes:
- Fixed before 2.6.0. 2.4 patch:
- http://linux.bkbits.net:8080/linux-2.4/cset@3f0350ec7Wnpix3ihDCUMMnS-czskg?nav=index.html|src/|src/drivers|src/drivers/sound|related/drivers/sound/cmpci.c
-Bugs:
-upstream: released (2.4.22-pre3)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
Deleted: patch-tracking/CVE-2003-0961
===================================================================
--- patch-tracking/CVE-2003-0961 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2003-0961 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,68 +0,0 @@
-Candidate: CVE-2003-0961
-References:
- BUGTRAQ:20031204 [iSEC] Linux kernel do_brk() vulnerability details
- URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107064798706473&w=2
- MISC:http://isec.pl/papers/linux_kernel_do_brk.pdf
- REDHAT:RHSA-2003:368
- URL:http://www.redhat.com/support/errata/RHSA-2003-368.html
- REDHAT:RHSA-2003:389
- URL:http://www.redhat.com/support/errata/RHSA-2003-389.html
- DEBIAN:DSA-403
- URL:http://www.debian.org/security/2003/dsa-403
- DEBIAN:DSA-417
- URL:http://www.debian.org/security/2004/dsa-417
- DEBIAN:DSA-423
- URL:http://www.debian.org/security/2004/dsa-423
- DEBIAN:DSA-433
- URL:http://www.debian.org/security/2004/dsa-433
- DEBIAN:DSA-439
- URL:http://www.debian.org/security/2004/dsa-439
- DEBIAN:DSA-440
- URL:http://www.debian.org/security/2004/dsa-440
- DEBIAN:DSA-442
- URL:http://www.debian.org/security/2004/dsa-442
- DEBIAN:DSA-450
- URL:http://www.debian.org/security/2004/dsa-450
- DEBIAN:DSA-470
- URL:http://www.debian.org/security/2004/dsa-470
- DEBIAN:DSA-475
- URL:http://www.debian.org/security/2004/dsa-475
- MANDRAKE:MDKSA-2003:110
- URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:110
- CONECTIVA:CLA-2003:796
- URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000796
- SUSE:SuSE-SA:2003:049
- URL:http://www.novell.com/linux/security/advisories/2003_049_kernel.html
- BUGTRAQ:20031204 Hot fix for do_brk bug
- URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107064830206816&w=2
- BUGTRAQ:20040112 SmoothWall Project Security Advisory SWP-2004:001
- URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107394143105081&w=2
- CERT-VN:VU#301156
- URL:http://www.kb.cert.org/vuls/id/301156
- SECUNIA:10328
- URL:http://secunia.com/advisories/10328
- SECUNIA:10329
- URL:http://secunia.com/advisories/10329
- SECUNIA:10330
- URL:http://secunia.com/advisories/10330
- SECUNIA:10333
- URL:http://secunia.com/advisories/10333
- SECUNIA:10338
- URL:http://secunia.com/advisories/10338
-Description:
- Integer overflow in the do_brk function for the brk system call in Linux
- kernel 2.4.22 and earlier allows local users to gain root privileges.
-Notes:
-Bugs:
-upstream: released (2.4.23-pre7)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: released (2.4.19-4.woody1)
-2.4.18-woody-security: released (2.4.18-14)
-2.4.17-woody-security: released (2.4.17-1woody2)
-2.4.16-woody-security: released (2.4.16-1woody2)
-2.4.17-woody-security-hppa: released (32.3)
-2.4.17-woody-security-ia64: released (011226.14.1)
-2.4.18-woody-security-hppa: released (62.2)
Deleted: patch-tracking/CVE-2003-0984
===================================================================
--- patch-tracking/CVE-2003-0984 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2003-0984 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,47 +0,0 @@
-Candidate: CVE-2003-0984
-References:
- SUSE:SuSE-SA:2003:049
- URL:http://www.novell.com/linux/security/advisories/2003_049_kernel.html
- CONECTIVA:CLA-2004:799
- URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000799
- ENGARDE:ESA-20040105-001
- URL:http://www.linuxsecurity.com/advisories/engarde_advisory-3904.html
- REDHAT:RHSA-2003:417
- URL:http://www.redhat.com/support/errata/RHSA-2003-417.html
- REDHAT:RHSA-2004:188
- URL:http://www.redhat.com/support/errata/RHSA-2004-188.html
- MANDRAKE:MDKSA-2004:001
- URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:001
- BUGTRAQ:20040112 SmoothWall Project Security Advisory SWP-2004:001
- URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107394143105081&w=2
- XF:linux-rtc-memory-leak(13943)
- URL:http://xforce.iss.net/xforce/xfdb/13943
- OVAL:OVAL1013
- URL:http://oval.mitre.org/oval/definitions/data/oval1013.html
- OVAL:OVAL859
- URL:http://oval.mitre.org/oval/definitions/data/oval859.html
-Description:
- Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not
- properly initialize their structures, which could leak kernel data to user
- space.
-Notes:
- backport from dilinger; though it isn't quite what appears to have gone
- upstream:
- http://linux.bkbits.net:8080/linux-2.4/cset@3fd7827aNFUTifwp7_u4babSUA8Bkg?nav=index.html|src/|src/drivers|src/drivers/sbus|src/drivers/sbus/char|related/drivers/sbus/char/rtc.c
- http://linux.bkbits.net:8080/linux-2.4/cset@3ff8697bFIYfsvIbsqw27h6C_rbCEA?nav=index.html|src/|src/drivers|src/drivers/sbus|src/drivers/sbus/char|related/drivers/sbus/char/rtc.c
- jmm> This was fixed upstream in 2.4.24-rc1:
- jmm> | <trini:mvista.com>:
- jmm> | o /dev/rtc can leak parts of kernel memory to unpriviledged users
-Bugs:
-upstream: released (2.4.24-rc1, 2.6.2)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: released (2.4.19-4.woody3)
-2.4.18-woody-security: released (2.4.18-14.4)
-2.4.17-woody-security: released (2.4.17-1woody4)
-2.4.16-woody-security: released (2.4.16-1woody3)
-2.4.17-woody-security-hppa: released (32.5)
-2.4.17-woody-security-ia64: released (011226.18)
-2.4.18-woody-security-hppa: released (62.4)
Deleted: patch-tracking/CVE-2003-0985
===================================================================
--- patch-tracking/CVE-2003-0985 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2003-0985 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,55 +0,0 @@
-Candidate: CVE-2003-0985
-References:
- BUGTRAQ:20040105 Linux kernel mremap vulnerability
- MISC:http://isec.pl/vulnerabilities/isec-0013-mremap.txt
- BUGTRAQ:20040105 Linux kernel do_mremap() proof-of-concept exploit code
- BUGTRAQ:20040106 Linux mremap bug correction
- DEBIAN:DSA-423
- DEBIAN:DSA-450
- SUSE:SuSE-SA:2004:001
- SUSE:SuSE-SA:2004:003
- CONECTIVA:CLA-2004:799
- ENGARDE:ESA-20040105-001
- REDHAT:RHSA-2003:416
- REDHAT:RHSA-2003:417
- REDHAT:RHSA-2003:418
- REDHAT:RHSA-2003:419
- DEBIAN:DSA-413
- DEBIAN:DSA-417
- DEBIAN:DSA-427
- DEBIAN:DSA-439
- DEBIAN:DSA-440
- DEBIAN:DSA-442
- DEBIAN:DSA-470
- DEBIAN:DSA-475
- IMMUNIX:IMNX-2004-73-001-01
- MANDRAKE:MDKSA-2004:001
- SGI:20040102-01-U
- TRUSTIX:2004-0001
- BUGTRAQ:20040107 [slackware-security] Kernel security update (SSA:2004-006-01)
- BUGTRAQ:20040108 [slackware-security] Slackware 8.1 kernel security update (SSA:2004-008-01)
- BUGTRAQ:20040112 SmoothWall Project Security Advisory SWP-2004:001
- XF:linux-domremap-gain-privileges(14135)
- OSVDB:3315
- OVAL:OVAL860
- OVAL:OVAL867
-Description:
- The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21
- does not properly perform bounds checks, which allows local users to
- cause a denial of service and possibly gain privileges by causing a
- remapping of a virtual memory area (VMA) to create a zero length VMA,
- a different vulnerability than CAN-2004-0077.
-Notes:
-Bugs:
-upstream: released (2.4.24-rc1), released (2.6.1)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: released (2.4.19-4.woody1)
-2.4.18-woody-security: released (2.4.18-14.1)
-2.4.17-woody-security: released (2.4.17-1woody2)
-2.4.16-woody-security: released (2.4.16-1woody2)
-2.4.17-woody-security-hppa: released (32.3, 62.3)
-2.4.17-woody-security-ia64: released (011226.15)
-2.4.18-woody-security-hppa: released (62.2)
Deleted: patch-tracking/CVE-2003-1040
===================================================================
--- patch-tracking/CVE-2003-1040 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2003-1040 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,29 +0,0 @@
-Candidate: CVE-2003-1040
-References:
- ftp://patches.sgi.com/support/free/security/advisories/20040204-01-U.asc
- http://www.novell.com/linux/security/advisories/2003_049_kernel.html
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000820
- http://www.redhat.com/support/errata/RHSA-2004-065.html
- http://www.redhat.com/support/errata/RHSA-2004-069.html
- http://www.redhat.com/support/errata/RHSA-2004-106.html
- http://www.redhat.com/support/errata/RHSA-2004-188.html
- http://linux.bkbits.net:8080/linux-2.4/diffs/kernel/kmod.c@1.6?nav=index.html|src/|src/kernel|hist/kernel/kmod.c
- http://xforce.iss.net/xforce/xfdb/15577
-Description:
- kmod in the Linux kernel does not set its uid, suid, gid, or sgid to 0, which
- allows local users to cause a denial of service (crash) by sending certain
- signals to kmod.
-Notes:
- fixed before 2.6 released
-Bugs:
-upstream: released (2.4.23)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: needed
-2.4.18-woody-security: needed
-2.4.17-woody-security: needed
-2.4.16-woody-security: needed
-2.4.17-woody-security-hppa: needed
-2.4.17-woody-security-ia64: needed
Deleted: patch-tracking/CVE-2004-0003
===================================================================
--- patch-tracking/CVE-2004-0003 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-0003 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,90 +0,0 @@
-Candidate: CVE-2004-0003
-References:
- CONFIRM:http://www.linuxcompatible.org/print25630.html
- DEBIAN:DSA-479
- URL:http://www.debian.org/security/2004/dsa-479
- DEBIAN:DSA-480
- URL:http://www.debian.org/security/2004/dsa-480
- DEBIAN:DSA-481
- URL:http://www.debian.org/security/2004/dsa-481
- DEBIAN:DSA-482
- URL:http://www.debian.org/security/2004/dsa-482
- DEBIAN:DSA-489
- URL:http://www.debian.org/security/2004/dsa-489
- DEBIAN:DSA-491
- URL:http://www.debian.org/security/2004/dsa-491
- DEBIAN:DSA-495
- URL:http://www.debian.org/security/2004/dsa-495
- MANDRAKE:MDKSA-2004:029
- URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:029
- REDHAT:RHSA-2004:044
- URL:http://www.redhat.com/support/errata/RHSA-2004-044.html
- REDHAT:RHSA-2004:065
- URL:http://www.redhat.com/support/errata/RHSA-2004-065.html
- REDHAT:RHSA-2004:106
- URL:http://www.redhat.com/support/errata/RHSA-2004-106.html
- REDHAT:RHSA-2004:166
- URL:http://www.redhat.com/support/errata/RHSA-2004-166.html
- SUSE:SuSE-SA:2004:005
- URL:http://www.novell.com/linux/security/advisories/2004_05_linux_kernel.html
- TURBO:TLSA-2004-14
- URL:http://www.turbolinux.com/security/2004/TLSA-2004-14.txt
- CIAC:O-082
- URL:http://www.ciac.org/ciac/bulletins/o-082.shtml
- CIAC:O-121
- URL:http://www.ciac.org/ciac/bulletins/o-121.shtml
- CIAC:O-126
- URL:http://www.ciac.org/ciac/bulletins/o-126.shtml
- CIAC:O-127
- URL:http://www.ciac.org/ciac/bulletins/o-127.shtml
- CIAC:O-145
- URL:http://www.ciac.org/ciac/bulletins/o-145.shtml
- BID:9570
- URL:http://www.securityfocus.com/bid/9570
- SECUNIA:10782
- URL:http://secunia.com/advisories/10782
- SECUNIA:10911
- URL:http://secunia.com/advisories/10911
- SECUNIA:10912
- URL:http://secunia.com/advisories/10912
- SECUNIA:11202
- URL:http://secunia.com/advisories/11202
- SECUNIA:11361
- URL:http://secunia.com/advisories/11361
- SECUNIA:11362
- URL:http://secunia.com/advisories/11362
- SECUNIA:11369
- URL:http://secunia.com/advisories/11369
- SECUNIA:11370
- URL:http://secunia.com/advisories/11370
- SECUNIA:11376
- URL:http://secunia.com/advisories/11376
- SECUNIA:11464
- URL:http://secunia.com/advisories/11464
- SECUNIA:11891
- URL:http://secunia.com/advisories/11891
- SECUNIA:12075
- URL:http://secunia.com/advisories/12075
- OVAL:OVAL1017
- URL:http://oval.mitre.org/oval/definitions/data/oval1017.html
- OVAL:OVAL834
- URL:http://oval.mitre.org/oval/definitions/data/oval834.html
- XF:linux-r128-gain-priviliges(15029)
- URL:http://xforce.iss.net/xforce/xfdb/15029
-Description:
- Unknown vulnerability in Linux kernel before 2.4.22 allows local users to
- gain privileges, related to "R128 DRI limits checking."
-Notes:
-Bugs:
-upstream: released (2.4.26-rc4, 2.6.4)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: released (2.4.19-4.woody2)
-2.4.18-woody-security: released (2.4.18-14.3)
-2.4.17-woody-security: released (2.4.17-1woody3)
-2.4.16-woody-security: released (2.4.16-1woody2)
-2.4.17-woody-security-hppa: released (32.4, 62.3)
-2.4.17-woody-security-ia64: released (011226.17)
-2.4.18-woody-security-hppa: released (62.3)
Deleted: patch-tracking/CVE-2004-0010
===================================================================
--- patch-tracking/CVE-2004-0010 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-0010 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,17 +0,0 @@
-Candidate: CVE-2004-0010
-References:
-Description:
-Notes:
-Bugs:
-upstream: released (2.4.25-pre7), released (2.6.3)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: released (2.4.19-4.woody2)
-2.4.18-woody-security: released (2.4.18-14.3)
-2.4.17-woody-security: released (2.4.17-1woody3)
-2.4.16-woody-security: released (2.4.16-1woody2)
-2.4.17-woody-security-hppa: released (32.4, 62.3)
-2.4.17-woody-security-ia64: released (011226.17)
-2.4.18-woody-security-hppa: released (62.3)
Deleted: patch-tracking/CVE-2004-0077
===================================================================
--- patch-tracking/CVE-2004-0077 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-0077 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,58 +0,0 @@
-Candidate: CVE-2004-0077
-References:
- BUGTRAQ:20040218 Second critical mremap() bug found in all Linux kernels
- VULNWATCH:20040218 Second critical mremap() bug found in all Linux kernels
- MISC:http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt
- CONECTIVA:CLA-2004:820
- DEBIAN:DSA-438
- DEBIAN:DSA-439
- DEBIAN:DSA-440
- DEBIAN:DSA-441
- DEBIAN:DSA-442
- DEBIAN:DSA-444
- DEBIAN:DSA-450
- DEBIAN:DSA-453
- DEBIAN:DSA-454
- DEBIAN:DSA-456
- DEBIAN:DSA-466
- DEBIAN:DSA-470
- DEBIAN:DSA-514
- DEBIAN:DSA-475
- REDHAT:RHSA-2004:065
- REDHAT:RHSA-2004:066
- REDHAT:RHSA-2004:069
- REDHAT:RHSA-2004:106
- SLACKWARE:SSA:2004-049
- SUSE:SuSE-SA:2004:005
- TRUSTIX:2004-0007
- TRUSTIX:2004-0008
- GENTOO:GLSA-200403-02
- CERT-VN:VU#981222
- XF:linux-mremap-gain-privileges(15244)
- BID:9686
- OSVDB:3986
- OVAL:OVAL825
- OVAL:OVAL837
-Description:
- The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4
- to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the
- do_munmap function when the maximum number of VMA descriptors is exceeded,
- which allows local users to gain root privileges, a different vulnerability
- than CAN-2003-0985.
-Notes:
- dannf> we think these are the patches:
- 2.6: http://www.kernel.org/git/?p=linux/kernel/git/tglx/history.git;a=commitdiff;h=59287e5eef8d33dcd842852a898b43a81fe0b2c2
- 2.4: http://linux.bkbits.net:8080/linux-2.4/cset@40327d9fxQLz7BU9yAATPsFlWiSG0A?nav=index.html|src/|src/mm|related/mm/mremap.c
-Bugs:
-upstream: released (2.4.25-rc4, 2.6.3)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: released (2.4.19-4.woody1)
-2.4.18-woody-security: released (2.4.18-14.2)
-2.4.17-woody-security: released (2.4.17-1woody2)
-2.4.16-woody-security: released (2.4.16-1woody2)
-2.4.17-woody-security-hppa: released (32.3, 62.3)
-2.4.17-woody-security-ia64: released (011226.16)
-2.4.18-woody-security-hppa: released (62.2)
Deleted: patch-tracking/CVE-2004-0109
===================================================================
--- patch-tracking/CVE-2004-0109 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-0109 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,17 +0,0 @@
-Candidate:
-References:
-Description:
-Notes:
-Bugs:
-upstream: released (2.4.26-rc4), released (2.6.6)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: released (2.4.19-4.woody2)
-2.4.18-woody-security: released (2.4.18-14.3)
-2.4.17-woody-security: released (2.4.17-1woody3)
-2.4.16-woody-security: released (2.4.16-1woody2)
-2.4.17-woody-security-hppa: released (32.4, 62.3)
-2.4.17-woody-security-ia64: released (011226.17)
-2.4.18-woody-security-hppa: released (62.3)
Deleted: patch-tracking/CVE-2004-0133
===================================================================
--- patch-tracking/CVE-2004-0133 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-0133 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,30 +0,0 @@
-Candidate: CVE-2004-0133
-References:
- http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html
- http://security.gentoo.org/glsa/glsa-200407-02.xml
- http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:029
- ftp://patches.sgi.com/support/free/security/advisories/20040405-01-U.asc
- http://marc.theaimsgroup.com/?l=bugtraq&m=108213675028441&w=2
- http://www.securityfocus.com/bid/10151
- http://secunia.com/advisories/11362
- http://xforce.iss.net/xforce/xfdb/15901
-Description:
- The XFS file system code in Linux 2.4.x has an information leak in which
- in-memory data is written to the device for the XFS file system, which
- allows local users to obtain sensitive information by reading the raw device.
-Notes:
- jmm> Woody is not affected, as XFS was only added to the kernel in 2.4.25
- dannf> I never did find the actual patch - upstream fixed versions are
- dannf> based on the securityfocus page above.
-Bugs:
-upstream: released (2.4.26-rc2, 2.6.5)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2004-0136
===================================================================
--- patch-tracking/CVE-2004-0136 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-0136 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,47 +0,0 @@
-Candidate: CVE-2004-0136
-References:
- REDHAT:RHSA-2004:549
- URL:http://www.redhat.com/support/errata/RHSA-2004-549.html
- SGI:20040601-01-P
- URL:ftp://patches.sgi.com/support/free/security/advisories/20040601-01-P.asc
- XF:irix-mapelf32exec-dos(16416)
- URL:http://xforce.iss.net/xforce/xfdb/16416
- BID:10547
- URL:http://www.securityfocus.com/bid/10547
-Description:
- The mapelf32exec function call in IRIX 6.5.20 through 6.5.24 allows local
- users to cause a denial of service (system crash) via a "corrupted binary."
-Notes:
- Strange description, but I think this is actually a Linux issue; note the
- RedHat URLs above.
- dannf> I think I've traced this issue back to a flawed bug report, and that
- dannf> this is really CAN-2004-0138.
- + mitre references a RedHat advisory for this, RHSA-2004:504-13
- + RHSA-2004:504-13 does in fact reference CVE-2004-0136
- + RedHat notes that their fixed src.rpm is kernel-2.4.18-e.52.src.rpm
- + The changelog in the spec file in the above .src.rpm contains the following
- entry:
- * Tue Nov 16 2004 Jim Paradis <jparadis at redhat.com>
- - Fixes for security holes in binfmt_elf loader (Dave Anderson,
- Jim Paradis), bugs 127916, 134876
- + https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127916 references
- CVE-2004-0136, but the patches it links to are the fixes for
- CVE-2004-0138
- jmm> Red Hat accidentally used CVE-2004-0138 for this in an advisory, pulling
- jmm> over the entries from it
- jmm> I've verified that the fix from
- jmm> http://linux.bkbits.net:8080/linux-2.4/gnupatch@4021346f79nBb-4X_usRikR3Iyb4Vg
- jmm> is included in 2.6.8, thus marking 2.6.8 and linux-2.6 N/A
-Bugs:
-upstream: released (2.4.25-rc1)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: released (2.4.19-4.woody3)
-2.4.18-woody-security: released (2.4.18-14.4)
-2.4.17-woody-security: released (2.4.17-1woody4)
-2.4.16-woody-security: released (2.4.16-1woody3)
-2.4.17-woody-security-hppa: released (32.5)
-2.4.17-woody-security-ia64: released (011226.18)
-2.4.18-woody-security-hppa: released (62.4)
Deleted: patch-tracking/CVE-2004-0138
===================================================================
--- patch-tracking/CVE-2004-0138 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-0138 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,24 +0,0 @@
-Candidate: CVE-2004-0138
-References:
-Description:
-Notes:
- Still marked **RESERVED**
- dannf> However, it was already fixed in woody, whose changelog says:
- * Applied patch by Chris Wright to denial of service in the ELF loader
- when the interpreter architecture doesn't match the current one
- <http://linux.bkbits.net:8080/linux-2.4/cset@4021346f79nBb-4X_usRikR3Iyb4Vg>
- [fs/binfmt_elf.c, CAN-2004-0138]
- jmm> This was a previous Red Hat internal name for CVE-2004-0136, so
- jmm> Red hat advisories, which fix this are in fact for CVE-2004-0136
-Bugs:
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
-2.4.18-woody-security-hppa: N/A
Deleted: patch-tracking/CVE-2004-0177
===================================================================
--- patch-tracking/CVE-2004-0177 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-0177 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,29 +0,0 @@
-Candidate: CVE-2004-0177
-References:
-Description:
-Notes:
- jmm> This is resolved by the following patch by tytso:
- jmm>--- kernel-source-2.4.18-2.4.18.orig/fs/jbd/journal.c
- jmm>+++ kernel-source-2.4.18-2.4.18/fs/jbd/journal.c
- jmm>@@ -671,6 +671,7 @@
- jmm>
- jmm> bh = getblk(journal->j_dev, blocknr, journal->j_blocksize);
- jmm> lock_buffer(bh);
- jmm>+ memset(bh->b_data, 0, journal->j_blocksize);
- jmm> BUFFER_TRACE(bh, "return this buffer");
- jmm> return journal_add_journal_head(bh);
- jmm> }
- jmm> This fix is present in 2.4.27 and 2.6.8, so marking them and l-2.6 N/A
-Bugs:
-upstream: released (2.4.26-pre4)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: released (2.4.19-4.woody2)
-2.4.18-woody-security: released (2.4.18-14.3)
-2.4.17-woody-security: released (2.4.17-1woody3)
-2.4.16-woody-security: released (2.4.16-1woody2)
-2.4.17-woody-security-hppa: released (32.4, 62.3)
-2.4.17-woody-security-ia64: released (011226.17)
-2.4.18-woody-security-hppa: released (62.3)
Deleted: patch-tracking/CVE-2004-0178
===================================================================
--- patch-tracking/CVE-2004-0178 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-0178 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,41 +0,0 @@
-Candidate: CVE-2004-0178
-References:
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846
- http://www.debian.org/security/2004/dsa-479
- http://www.debian.org/security/2004/dsa-480
- http://www.debian.org/security/2004/dsa-481
- http://www.debian.org/security/2004/dsa-482
- http://www.debian.org/security/2004/dsa-489
- http://www.debian.org/security/2004/dsa-491
- http://www.debian.org/security/2004/dsa-495
- http://security.gentoo.org/glsa/glsa-200407-02.xml
- http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:029
- http://www.redhat.com/support/errata/RHSA-2004-413.html
- http://www.redhat.com/support/errata/RHSA-2004-437.html
- ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc
- http://linux.bkbits.net:8080/linux-2.4/cset@404ce5967rY2Ryu6Z_uNbYh643wuFA
- http://www.ciac.org/ciac/bulletins/o-121.shtml
- http://www.ciac.org/ciac/bulletins/o-127.shtml
- http://www.ciac.org/ciac/bulletins/o-193.shtml
- http://www.securityfocus.com/bid/9985
- http://xforce.iss.net/xforce/xfdb/15868
-Description:
- The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x
- before 2.4.26, when operating in 16 bit mode, does not properly
- handle certain sample sizes, which allows local users to cause a
- denial of service (crash) via a sample with an odd number of bytes.
-Notes:
- jmm> I've verified that above patch is included in 2.6.8
-Bugs:
-upstream: released (2.4.26-pre3)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: released (2.4.19-4.woody2)
-2.4.18-woody-security: released (2.4.18-14.3)
-2.4.17-woody-security: released (2.4.17-1woody3)
-2.4.16-woody-security: released (2.4.16-1woody2)
-2.4.17-woody-security-hppa: released (32.4, 62.3)
-2.4.17-woody-security-ia64: released (011226.17)
-2.4.18-woody-security-hppa: released (62.3)
Deleted: patch-tracking/CVE-2004-0181
===================================================================
--- patch-tracking/CVE-2004-0181 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-0181 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,28 +0,0 @@
-Candidate: CVE-2004-0181
-References:
- http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html
- http://security.gentoo.org/glsa/glsa-200407-02.xml
- http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:029
- http://marc.theaimsgroup.com/?l=bugtraq&m=108213675028441&w=2
- http://www.turbolinux.com/security/2004/TLSA-2004-14.txt
- http://www.securityfocus.com/bid/10143
- http://xforce.iss.net/xforce/xfdb/15902
-Description:
- The JFS file system code in Linux 2.4.x has an information leak in which
- in-memory data is written to the device for the JFS file system, which allows
- local users to obtain sensitive information by reading the raw device.
-Notes:
- jmm> JFS was merged into the 2.4 kernel in 2.4.20-pre4 and into 2.6 at 2.6.5-rc2,
- jmm> so I'm marking all versions N/A
-Bugs:
-upstream: released (2.4.26-pre5), released (2.6.5-rc2)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2004-0228
===================================================================
--- patch-tracking/CVE-2004-0228 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-0228 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,34 +0,0 @@
-Candidate: CVE-2004-0228
-References:
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000852
- http://www.redhat.com/archives/fedora-announce-list/2004-April/msg00010.html
- http://security.gentoo.org/glsa/glsa-200407-02.xml
- http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:050
- http://www.novell.com/linux/security/advisories/2004_10_kernel.html
- http://secunia.com/advisories/11429
- http://secunia.com/advisories/11464
- http://secunia.com/advisories/11486
- http://secunia.com/advisories/11491
- http://secunia.com/advisories/11683
- http://xforce.iss.net/xforce/xfdb/15951
-Description:
- Integer signedness error in the cpufreq proc handler (cpufreq_procctl) in
- Linux kernel 2.6 allows local users to gain privileges.
-Notes:
- jmm> 2.4 does not have cpufreq
- jmm> In 2.6 the affected code has changed to drivers/cpufreq/cpufreq_userspace.c
- jmm> I've verified that the isolated patch from
- jmm> http://www.ultramonkey.org/bugs/cve-patch/CAN-2004-0228.patch
- jmm> is included in 2.6.8
-Bugs:
-upstream:
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2004-0229
===================================================================
--- patch-tracking/CVE-2004-0229 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-0229 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,17 +0,0 @@
-Candidate: CVE-2004-0229
-References:
-Description:
-Notes:
- jmm> 2.4 is not affected by this problem.
-Bugs:
-upstream: released (2.6.6)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2004-0394
===================================================================
--- patch-tracking/CVE-2004-0394 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-0394 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,40 +0,0 @@
-Candidate: CVE-2004-0394
-References:
- CONECTIVA:CLA-2004:846
- URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846
- GENTOO:GLSA-200407-02
- URL:http://security.gentoo.org/glsa/glsa-200407-02.xml
- MANDRAKE:MDKSA-2004:037
- URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:037
- MLIST:[fedora-announce] 20040422 Fedora alert FEDORA-2004-111 (kernel)
- URL:http://lwn.net/Articles/81773/
- ENGARDE:ESA-20040428-004
- URL:http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html
- SGI:20040504-01-U
- URL:ftp://patches.sgi.com/support/free/security/advisories/20040504-01-U.asc
- SGI:20040505-01-U
- URL:ftp://patches.sgi.com/support/free/security/advisories/20040505-01-U.asc
- SUSE:SuSE-SA:2004:010
- URL:http://www.novell.com/linux/security/advisories/2004_10_kernel.html
- XF:linux-panic-bo(15953)
- URL:http://xforce.iss.net/xforce/xfdb/15953
-Description:
- A "potential" buffer overflow exists in the panic() function in Linux 2.4.x,
- although it may not be exploitable due to the functionality of panic.
-Notes:
- jmm> I've verified 2.6.8 to contain the correct vsnprintf() call
- jmm> For 2.4 it's fixed in 2.4.32, but unfixed in 2.4.27. I'm marking it
- jmm> needed, although I guess it's not exploitable
-Bugs:
-upstream: released (2.4.28-pre1)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: released (2.4.27-1)
-2.4.19-woody-security: released (2.4.19-4.woody3)
-2.4.18-woody-security: released (2.4.18-14.4)
-2.4.17-woody-security: released (2.4.17-1woody4)
-2.4.16-woody-security: released (2.4.16-1woody3)
-2.4.17-woody-security-hppa: released (32.5)
-2.4.17-woody-security-ia64: released (011226.18)
-2.4.18-woody-security-hppa: released (62.4)
Deleted: patch-tracking/CVE-2004-0415
===================================================================
--- patch-tracking/CVE-2004-0415 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-0415 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,43 +0,0 @@
-Candidate: CVE-2004-0415
-References:
- CONECTIVA:CLA-2004:879
- URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000879
- GENTOO:GLSA-200408-24
- URL:http://www.gentoo.org/security/en/glsa/glsa-200408-24.xml
- MANDRAKE:MDKSA-2004:087
- URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:087
- REDHAT:RHSA-2004:413
- URL:http://www.redhat.com/support/errata/RHSA-2004-413.html
- REDHAT:RHSA-2004:418
- URL:http://www.redhat.com/support/errata/RHSA-2004-418.html
- SGI:20040804-01-U
- URL:ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc
- XF:linux-pointer-info-disclosure(16877)
- URL:http://xforce.iss.net/xforce/xfdb/16877
-Description:
- Linux kernel does not properly convert 64-bit file offset pointers to 32 bits,
- which allows local users to access portions of kernel memory.
-Notes:
- dannf> Based on the 2.4.27 changelog, I think this is the 2.4 fix:
- http://linux.bkbits.net:8080/linux-2.4/cset@411064f7uz3rKDb73dEb4vCqbjEIdw?nav=index.html|src/|src/drivers|src/drivers/char|related/drivers/char/i8k.c
- and
- http://linux.bkbits.net:8080/linux-2.4/cset@41113629fBqsXgKVAey-EzhZOkS2Lw?nav=index.html|src/|src/net|src/net/atm|related/net/atm/br2684.c
- Which doesn't look like it ever made 2.6.
- .
- dannf> I've asked Al Viro & Marcelo for more info
- dannf> Marcelo says:
- 2.6 avoids the file offset race by having a copy of it at the high
- level VFS functions, its safe.
-Bugs:
-upstream: released (2.4.27-rc5)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2004-0427
===================================================================
--- patch-tracking/CVE-2004-0427 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-0427 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,71 +0,0 @@
-Candidate: CVE-2004-0427
-References:
- MLIST:[linux-kernel] 20040408 [PATCH]: 2.4/2.6 do_fork() error path memory leak
- URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=108139073506983&w=2
- CONECTIVA:CLA-2004:846
- URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846
- ENGARDE:ESA-20040428-004
- FEDORA:FEDORA-2004-111
- URL:http://fedoranews.org/updates/FEDORA-2004-111.shtml
- GENTOO:GLSA-200407-02
- URL:http://security.gentoo.org/glsa/glsa-200407-02.xml
- MANDRAKE:MDKSA-2004:037
- URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:037
- REDHAT:RHSA-2004:255
- URL:http://www.redhat.com/support/errata/RHSA-2004-255.html
- REDHAT:RHSA-2004:260
- URL:http://www.redhat.com/support/errata/RHSA-2004-260.html
- REDHAT:RHSA-2004:327
- URL:http://www.redhat.com/support/errata/RHSA-2004-327.html
- SGI:20040504-01-U
- URL:ftp://patches.sgi.com/support/free/security/advisories/20040504-01-U.asc
- SGI:20040505-01-U
- URL:ftp://patches.sgi.com/support/free/security/advisories/20040505-01-U.asc
- SUSE:SuSE-SA:2004:010
- URL:http://www.novell.com/linux/security/advisories/2004_10_kernel.html
- TURBO:TLSA-2004-14
- URL:http://www.turbolinux.com/security/2004/TLSA-2004-14.txt
- MISC:http://linux.bkbits.net:8080/linux-2.4/cset@407bf20eDeeejm8t36_tpvSE-8EFHA
- MISC:http://linux.bkbits.net:8080/linux-2.6/cset@407b1217x4jtqEkpFW2g_-RcF0726A
- CIAC:O-164
- URL:http://www.ciac.org/ciac/bulletins/o-164.shtml
- BID:10221
- URL:http://www.securityfocus.com/bid/10221
- SECUNIA:11429
- URL:http://secunia.com/advisories/11429
- SECUNIA:11464
- URL:http://secunia.com/advisories/11464
- SECUNIA:11486
- URL:http://secunia.com/advisories/11486
- SECUNIA:11541
- URL:http://secunia.com/advisories/11541
- SECUNIA:11861
- URL:http://secunia.com/advisories/11861
- SECUNIA:11891
- URL:http://secunia.com/advisories/11891
- SECUNIA:11892
- URL:http://secunia.com/advisories/11892
- OVAL:OVAL2819
- URL:http://oval.mitre.org/oval/definitions/data/oval2819.html
- XF:linux-dofork-memory-leak(16002)
- URL:http://xforce.iss.net/xforce/xfdb/16002
-Description:
- The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before 2.6.6,
- does not properly decrement the mm_count counter when an error occurs after
- the mm_struct for a child process has been activated, which triggers a memory
- leak that allows local users to cause a denial of service (memory exhaustion)
- via the clone (CLONE_VM) system call.
-Notes:
-Bugs:
-upstream: released (2.4.26, 2.6.6)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: released (2.4.19-4.woody3)
-2.4.18-woody-security: released (2.4.18-14.4)
-2.4.17-woody-security: released (2.4.17-1woody4)
-2.4.16-woody-security: released (2.4.16-1woody3)
-2.4.17-woody-security-hppa: released (32.5)
-2.4.17-woody-security-ia64: released (011226.18)
-2.4.18-woody-security-hppa: released (62.4)
Deleted: patch-tracking/CVE-2004-0447
===================================================================
--- patch-tracking/CVE-2004-0447 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-0447 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,38 +0,0 @@
-Candidate: CVE-2004-0447
-References:
- MLIST:[owl-users] 20040619 Linux 2.4.26-ow2
- URL:http://archives.neohapsis.com/archives/linux/owl/2004-q2/0038.html
- GENTOO:GLSA-200407-16
- URL:http://security.gentoo.org/glsa/glsa-200407-16.xml
- REDHAT:RHSA-2004:413
- URL:http://www.redhat.com/support/errata/RHSA-2004-413.html
- SGI:20040804-01-U
- URL:ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc
- CIAC:O-193
- URL:http://www.ciac.org/ciac/bulletins/o-193.shtml
- BID:10783
- URL:http://www.securityfocus.com/bid/10783
- XF:linux-ia64-dos(16661)
- URL:http://xforce.iss.net/xforce/xfdb/16661
-Description:
- Unknown vulnerability in Linux before 2.4.26 for IA64 allows local users to
- cause a denial of service, with unknown impact. NOTE: due to a typo, this
- issue was accidentally assigned CVE-2004-0477. This is the proper candidate to
- use for the Linux local DoS.
-Notes:
- jmm> I've verified that the patch from David Mosberger available at
- jmm> http://marc.theaimsgroup.com/?l=linux-ia64&m=108026377907667&w=2
- jmm> is included in stock 2.4.27 and 2.6.8, so it's N/A.
-Bugs:
-upstream:
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: released (2.4.19-4.woody3)
-2.4.18-woody-security: released (2.4.18-14.4)
-2.4.17-woody-security: released (2.4.17-1woody4)
-2.4.16-woody-security: released (2.4.16-1woody3)
-2.4.17-woody-security-hppa: released (32.5)
-2.4.17-woody-security-ia64: released (011226.18)
-2.4.18-woody-security-hppa: released (62.4)
Deleted: patch-tracking/CVE-2004-0491
===================================================================
--- patch-tracking/CVE-2004-0491 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-0491 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,28 +0,0 @@
-Candidate: CVE-2004-0491
-References:
- CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=126411
- MLIST:[linux-kernel] 20040402 Re: disable-cap-mlock
- URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=108087017610947&w=2
- OVAL:OVAL1117
- URL:http://oval.mitre.org/oval/definitions/data/oval1117.html
-Description:
- The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not properly
- maintain the mlock page count when one process unlocks pages that belong to
- another process, which allows local users to mlock more memory than specified
- by the rlimit.
-Notes:
- dannf> It doesn't look like the code in linux-2.4.21-mlock.patch was ever
- dannf> accepted upstream in 2.4 or 2.6, so it doesn't apply to us.
-Bugs:
-upstream: N/A
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
-2.4.18-woody-security-hppa: N/A
Deleted: patch-tracking/CVE-2004-0495
===================================================================
--- patch-tracking/CVE-2004-0495 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-0495 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,49 +0,0 @@
-Candidate: CVE-2004-0495
-References:
- CONECTIVA:CLA-2004:845
- URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000845
- CONECTIVA:CLA-2004:846
- URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846
- FEDORA:FEDORA-2004-186
- URL:http://lwn.net/Articles/91155/
- GENTOO:GLSA-200407-02
- URL:http://security.gentoo.org/glsa/glsa-200407-02.xml
- MANDRAKE:MDKSA-2004:066
- URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:066
- REDHAT:RHSA-2004:255
- URL:http://www.redhat.com/support/errata/RHSA-2004-255.html
- REDHAT:RHSA-2004:260
- URL:http://www.redhat.com/support/errata/RHSA-2004-260.html
- SUSE:SUSE-SA:2004:020
- URL:http://www.novell.com/linux/security/advisories/2004_20_kernel.html
- OVAL:OVAL2961
- URL:http://oval.mitre.org/oval/definitions/data/oval2961.html
- XF:linux-drivers-gain-privileges(16449)
- URL:http://xforce.iss.net/xforce/xfdb/16449
- BID:10566
- URL:http://www.securityfocus.com/bid/10566
-Description:
- Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users
- to gain privileges or access kernel memory, as found by the Sparse source code
- checking tool.
-Notes:
- dannf> 2.4 patches:
- http://linux.bkbits.net:8080/linux-2.4/cset@40d972a19cY-Al1qQickpmg8z_gxmg?nav=index.html|src/|src/net|src/net/decnet|related/net/decnet/dn_dev.c
- http://linux.bkbits.net:8080/linux-2.4/cset@40d97303iUWCFF5wizAKNT5CC5ctJg?nav=index.html|src/|src/drivers|src/drivers/sound|related/drivers/sound/mpu401.c
- http://linux.bkbits.net:8080/linux-2.4/cset@40d973835aLERLaEv4dP6Hjw31Nn5A?nav=index.html|src/|src/drivers|src/drivers/sound|related/drivers/sound/msnd.h
- http://linux.bkbits.net:8080/linux-2.4/cset@40d973d9FCCgP1ZDVGknBTDKgDXw6w?nav=index.html|src/|src/drivers|src/drivers/sound|related/drivers/sound/pss.c
- http://linux.bkbits.net:8080/linux-2.4/cset@40d9743al24lCKKm8wbRs-S_2CgWTA?nav=index.html|src/|src/drivers|src/drivers/net|src/drivers/net/wireless|related/drivers/net/wireless/airo.c
- http://linux.bkbits.net:8080/linux-2.4/cset@40d975a2Ttlhd2amhkcgbfzndDMUZA?nav=index.html|src/|src/drivers|src/drivers/acpi|related/drivers/acpi/asus_acpi.c
-Bugs:
-upstream: released (2.4.27-rc2, 2.6.7)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2004-0496
===================================================================
--- patch-tracking/CVE-2004-0496 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-0496 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,27 +0,0 @@
-Candidate: CVE-2004-0496
-References:
- http://www.novell.com/linux/security/advisories/2004_20_kernel.html
- http://xforce.iss.net/xforce/xfdb/16625
-Description:
- Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain
- privileges or access kernel memory, a different set of vulnerabilities than
- those identified in CVE-2004-0495, as found by the Sparse source code checking
- tool.
-Notes:
- dannf> I wasn't able to find the patches for this, but the description and
- dannf> vendor advisories only note 2.6, so I'm assuming these are 2.6-only.
- dannf> The description says this affects < 2.6.7. 2.6.7 contains a bunch
- dannf> of sparse fixes in the changelog, so I'll label upstream
- dannf> as fixed in 2.6.7.
-Bugs:
-upstream: released (2.6.7)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2004-0497
===================================================================
--- patch-tracking/CVE-2004-0497 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-0497 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,34 +0,0 @@
-Candidate: CVE-2004-0497
-References:
- CONECTIVA:CLA-2004:852
- URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000852
- MANDRAKE:MDKSA-2004:066
- URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:066
- REDHAT:RHSA-2004:354
- URL:http://www.redhat.com/support/errata/RHSA-2004-354.html
- REDHAT:RHSA-2004:360
- URL:http://www.redhat.com/support/errata/RHSA-2004-360.html
- SUSE:SUSE-SA:2004:020
- URL:http://www.novell.com/linux/security/advisories/2004_20_kernel.html
- XF:linux-fchown-groupid-modify(16599)
- URL:http://xforce.iss.net/xforce/xfdb/16599
-Description:
- Unknown vulnerability in Linux kernel 2.x may allow local users to modify the
- group ID of files, such as NFS exported files in kernel 2.4.
-Notes:
- Changelog shows fixed in 2.4.26-3
- 2.6 patch:
- http://linux.bkbits.net:8080/linux-2.6/cset@40e62e18vom8K1fHgbJfe1oQ6mdkkQ?nav=index.html|src/|src/fs|related/fs/attr.c
-Bugs:
-upstream: released (2.4.27, 2.6.8)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: released (2.4.27-1)
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2004-0535
===================================================================
--- patch-tracking/CVE-2004-0535 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-0535 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,45 +0,0 @@
-Candidate: CVE-2004-0535
-References:
- CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.4/testing/patch-2.4.27.log
- CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=125168
- CONECTIVA:CLA-2004:845
- URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000845
- FEDORA:FEDORA-2004-186
- URL:http://lwn.net/Articles/91155/
- GENTOO:GLSA-200407-02
- URL:http://security.gentoo.org/glsa/glsa-200407-02.xml
- MANDRAKE:MDKSA-2004:062
- URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:062
- REDHAT:RHSA-2004:413
- URL:http://www.redhat.com/support/errata/RHSA-2004-413.html
- REDHAT:RHSA-2004:418
- URL:http://www.redhat.com/support/errata/RHSA-2004-418.html
- SGI:20040804-01-U
- URL:ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc
- SUSE:SUSE-SA:2004:020
- URL:http://www.novell.com/linux/security/advisories/2004_20_kernel.html
- XF:linux-e1000-bo(16159)
- URL:http://xforce.iss.net/xforce/xfdb/16159
- BID:10352
- URL:http://www.securityfocus.com/bid/10352
-Description:
- The e1000 driver for Linux kernel 2.4.26 and earlier does not properly
- initialize memory before using it, which allows local users to read portions
- of kernel memory. NOTE: this issue was originally incorrectly reported as a
- "buffer overflow" by some sources.
-Notes:
- Patch:
- http://linux.bkbits.net:8080/linux-2.6/cset@4084025a6AP3ORKQ7iaTFCmOGvTJXw?nav=index.html|src/|src/drivers|src/drivers/net|src/drivers/net/e1000|related/drivers/net/e1000/e1000_ethtool.c
-Bugs:
-upstream: released (2.4.27, 2.6.6)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: needed
-2.4.18-woody-security-hppa: N/A
Deleted: patch-tracking/CVE-2004-0554
===================================================================
--- patch-tracking/CVE-2004-0554 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-0554 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,55 +0,0 @@
-Candidate: CVE-2004-0554
-References:
- MISC:http://gcc.gnu.org/bugzilla/show_bug.cgi?id=15905
- MISC:http://linuxreviews.org/news/2004-06-11_kernel_crash/index.html
- MLIST:[linux-kernel] 20040609 timer + fpu stuff locks my console race
- URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=108681568931323&w=2
- CONECTIVA:CLA-2004:845
- URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000845
- ENGARDE:ESA-20040621-005
- URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108793699910896&w=2
- FEDORA:FEDORA-2004-186
- URL:http://lwn.net/Articles/91155/
- GENTOO:GLSA-200407-02
- URL:http://security.gentoo.org/glsa/glsa-200407-02.xml
- MANDRAKE:MDKSA-2004:062
- URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:062
- REDHAT:RHSA-2004:255
- URL:http://www.redhat.com/support/errata/RHSA-2004-255.html
- REDHAT:RHSA-2004:260
- URL:http://www.redhat.com/support/errata/RHSA-2004-260.html
- SUSE:SuSE-SA:2004:017
- URL:http://www.novell.com/linux/security/advisories/2004_17_kernel.html
- TRUSTIX:2004-0034
- URL:http://www.trustix.net/errata/2004/0034/
- BUGTRAQ:20040620 TSSA-2004-011 - kernel
- URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108786114032681&w=2
- CERT-VN:VU#973654
- URL:http://www.kb.cert.org/vuls/id/973654
- OVAL:OVAL2915
- URL:http://oval.mitre.org/oval/definitions/data/oval2915.html
- XF:linux-dos(16412)
- URL:http://xforce.iss.net/xforce/xfdb/16412
- BID:10566
- URL:http://www.securityfocus.com/bid/10566
-Description:
- Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of
- service (system crash), possibly via an infinite loop that triggers a signal
- handler with a certain sequence of fsave and frstor instructions, as
- originally demonstrated using a "crash.c" program.
-Notes:
- jmm> I don't know at which version this was merged, but I've verified that
- jmm> the stock 2.4.27 and 2.6.8 contain the fix
-Bugs: 261521
-upstream:
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: released (2.4.19-4.woody3)
-2.4.18-woody-security: released (2.4.18-14.4)
-2.4.17-woody-security: released (2.4.17-1woody4)
-2.4.16-woody-security: released (2.4.16-1woody3)
-2.4.17-woody-security-hppa: released (32.5)
-2.4.17-woody-security-ia64: released (011226.18)
-2.4.18-woody-security-hppa: released (62.4)
Deleted: patch-tracking/CVE-2004-0565
===================================================================
--- patch-tracking/CVE-2004-0565 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-0565 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,31 +0,0 @@
-Candidate: CVE-2004-0565
-References:
- MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124734
- MLIST:[owl-users] 20040619 Linux 2.4.26-ow2
- URL:http://archives.neohapsis.com/archives/linux/owl/2004-q2/0038.html
- MANDRAKE:MDKSA-2004:066
- URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:066
- XF:linux-ia64-info-disclosure(16644)
- URL:http://xforce.iss.net/xforce/xfdb/16644
-Description:
- Floating point information leak in the context switch code for Linux 2.4.x
- only checks the MFH bit but does not verify the FPH owner, which allows local
- users to read register values of other processes by setting the MFH bit.
-Notes:
- jmm> I've verified that the check for FPH ownership is included in stock 2.6.8:
- jmm> # define switch_to(prev,next,last) do { \
- jmm> if (ia64_psr(ia64_task_regs(prev))->mfh && ia64_is_local_fpu_owner(prev)) {
- jmm> So it's N/A, but I don't know at which time it was fixed upstream
-Bugs:
-upstream: released (2.4.27)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: released (2.4.19-4.woody3)
-2.4.18-woody-security: released (2.4.18-14.4)
-2.4.17-woody-security: released (2.4.17-1woody4)
-2.4.16-woody-security: released (2.4.16-1woody3)
-2.4.17-woody-security-hppa: released (32.5)
-2.4.17-woody-security-ia64: released (011226.18)
-2.4.18-woody-security-hppa: released (62.4)
Deleted: patch-tracking/CVE-2004-0587
===================================================================
--- patch-tracking/CVE-2004-0587 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-0587 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,42 +0,0 @@
-Candidate: CVE-2004-0587
-References:
- FEDORA:FEDORA-2004-186
- URL:http://lwn.net/Articles/91155/
- MANDRAKE:MDKSA-2004:066
- URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:066
- REDHAT:RHSA-2004:413
- URL:http://www.redhat.com/support/errata/RHSA-2004-413.html
- REDHAT:RHSA-2004:418
- URL:http://www.redhat.com/support/errata/RHSA-2004-418.html
- SGI:20040804-01-U
- URL:ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc
- SUSE:SuSE-SA:2004:010
- URL:http://www.novell.com/linux/security/advisories/2004_10_kernel.html
- BID:10279
- URL:http://www.securityfocus.com/bid/10279
- SECTRACK:1010057
- URL:http://securitytracker.com/id?1010057
- XF:suse-hbaapinode-dos(16062)
- URL:http://xforce.iss.net/xforce/xfdb/16062
-Description:
- Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Linux
- allows local users to cause a denial of service.
-Notes:
- 2.4.26-3 has the note:
- CVE-2004-0587 code is not present, not vulnerable
- So the question is, did the code get added when we moved to 2.4.27, and
- was it still vulnerable?
- dannf> Nope; qla2xxx isn't in 2.4.27
-Bugs:
-upstream:
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: needed
-2.4.18-woody-security-hppa: N/A
Deleted: patch-tracking/CVE-2004-0596
===================================================================
--- patch-tracking/CVE-2004-0596 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-0596 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,25 +0,0 @@
-Candidate: CVE-2004-0596
-References:
- CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@40d4aa72hPLWy-jMLr0eJAXMxHcNZg
- XF:linux-eql-dos(16694)
- URL:http://xforce.iss.net/xforce/xfdb/16694
- BID:10730
- URL:http://www.securityfocus.com/bid/10730
-Description:
- The Equalizer Load-balancer for serial network interfaces (eql.c) in Linux
- kernel 2.6.x up to 2.6.7 allows local users to cause a denial of service via a
- non-existent device name that triggers a null dereference.
-Notes:
-Bugs:
-upstream: released (2.4.27-rc2)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2004-0619
===================================================================
--- patch-tracking/CVE-2004-0619 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-0619 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,29 +0,0 @@
-Candidate: CVE-2004-0619
-References:
- http://marc.theaimsgroup.com/?l=bugtraq&m=108802653409053&w=2
- http://www.redhat.com/support/errata/RHSA-2004-549.html
- http://www.redhat.com/support/errata/RHSA-2005-283.html
- http://www.ciac.org/ciac/bulletins/p-047.shtml
- http://www.securityfocus.com/bid/10599
- http://secunia.com/advisories/11936
- http://xforce.iss.net/xforce/xfdb/16459
-Description:
- Integer overflow in the ubsec_keysetup function for Linux Broadcom 5820
- cryptonet driver allows local users to cause a denial of service (crash)
- and possibly execute arbitrary code via a negative add_dsa_buf_bytes
- variable, which leads to a buffer overflow.
-Notes:
- jmm> I've checked 2.6.8, 2.4.27 and 2.6.14, this is not included in the
- jmm> stock kernel, only in Red Hat's. I'm marking Woody N/A as well.
-Bugs:
-upstream: N/A
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2004-0626
===================================================================
--- patch-tracking/CVE-2004-0626 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-0626 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,28 +0,0 @@
-Candidate: CVE-2004-0626
-References:
- http://marc.theaimsgroup.com/?l=bugtraq&m=108861141304495&w=2
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000852
- http://lwn.net/Articles/91964/
- http://www.gentoo.org/security/en/glsa/glsa-200407-12.xml
- http://www.novell.com/linux/security/advisories/2004_20_kernel.html
- http://xforce.iss.net/xforce/xfdb/16554
-Description:
- The tcp_find_option function of the netfilter subsystem in Linux kernel 2.6,
- when using iptables and TCP options rules, allows remote attackers to cause a
- denial of service (CPU consumption by infinite loop) via a large option length
- that produces a negative integer after a casting operation to the char type.
-Notes:
- jmm> The bug was introduced during a rewrite of the code that accesses the skb's
- jmm> during earlier 2.6 kernels. 2.4 has the correct u_int8_t declaration.
-Bugs:
-upstream: released (2.6.8)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2004-0685
===================================================================
--- patch-tracking/CVE-2004-0685 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-0685 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,37 +0,0 @@
-Candidate: CVE-2004-0685
-References:
- FEDORA:FLSA:2336
- URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
- GENTOO:GLSA-200408-24
- URL:http://www.gentoo.org/security/en/glsa/glsa-200408-24.xml
- TRUSTIX:2004-0041
- URL:http://www.trustix.net/errata/2004/0041/
- CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127921
- CERT-VN:VU#981134
- URL:http://www.kb.cert.org/vuls/id/981134
- BID:10892
- URL:http://www.securityfocus.com/bid/10892
- XF:linux-usb-gain-privileges(16931)
- URL:http://xforce.iss.net/xforce/xfdb/16931
- MISC:http://www.securityspace.com/smysecure/catid.html?id=14580
-Description:
- Certain USB drivers in the Linux 2.4 kernel use the copy_to_user function on
- uninitialized structures, which could allow local users to obtain sensitive
- information by reading memory that was not cleared from previous usage.
-Notes:
- jmm> This was commited into the 2.5/2.6 version before in this changeset:
- jmm> http://linux.bkbits.net:8080/linux-2.6/cset@3f986b35LyBKc-OxB8G6k22oOjgYTQ
- jmm> So I'm marking all 2.6 versions N/A
-Bugs:
-upstream: released (2.4.27)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: released (2.4.19-4.woody3)
-2.4.18-woody-security: released (2.4.18-14.4)
-2.4.17-woody-security: released (2.4.17-1woody4)
-2.4.16-woody-security: released (2.4.16-1woody3)
-2.4.17-woody-security-hppa: released (32.5)
-2.4.17-woody-security-ia64: released (011226.18)
-2.4.18-woody-security-hppa: released (62.4)
Deleted: patch-tracking/CVE-2004-0790
===================================================================
--- patch-tracking/CVE-2004-0790 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-0790 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,45 +0,0 @@
-Candidate: CVE-2004-0790
-References:
- MISC:http://www.watersprings.org/pub/id/draft-gont-tcpm-icmp-attacks-03.txt
- MISC:http://www.uniras.gov.uk/niscc/docs/al-20050412-00308.html?lang=en
- MISC:http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html
- HP:HPSBTU01210
- URL:http://marc.theaimsgroup.com/?l=bugtraq&m=112861397904255&w=2
- HP:SSRT4743
- URL:http://marc.theaimsgroup.com/?l=bugtraq&m=112861397904255&w=2
- HP:SSRT4884
- URL:http://marc.theaimsgroup.com/?l=bugtraq&m=112861397904255&w=2
- MS:MS05-019
- URL:http://www.microsoft.com/technet/security/bulletin/ms05-019.mspx
- SUNALERT:57746
- URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-57746-1
- OVAL:OVAL3458
- URL:http://oval.mitre.org/oval/definitions/data/oval3458.html
- OVAL:OVAL1910
- URL:http://oval.mitre.org/oval/definitions/data/oval1910.html
- OVAL:OVAL4804
- URL:http://oval.mitre.org/oval/definitions/data/oval4804.html
-Description:
- Multiple TCP/IP and ICMP implementations allow remote attackers to cause a
- denial of service (reset TCP connections) via spoofed ICMP error messages, aka
- the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and
- CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065,
- CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that
- are SPLIT based on the underlying vulnerability. While CVE normally SPLITs
- based on vulnerability, the attack-based identifiers exist due to the variety
- and number of affected implementations and solutions that address the attacks
- instead of the underlying vulnerabilities.
-Notes:
-Bugs: 305655 305664
-upstream:
-linux-2.6.16:
-linux-2.6:
-2.6.8-sarge-security: released (2.6.8-16) [net-ipv4-icmp-quench.dpatch]
-2.4.27-sarge-security: released (2.4.27-10) [164_net-ipv4-icmp-quench.diff]
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2004-0812
===================================================================
--- patch-tracking/CVE-2004-0812 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-0812 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,37 +0,0 @@
-Candidate: CVE-2004-0812
-References:
- REDHAT:RHSA-2004:549
- URL:http://www.redhat.com/support/errata/RHSA-2004-549.html
- CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@3fad673ber4GuU7iWppydzNIyLntEQ
- CIAC:P-047
- URL:http://www.ciac.org/ciac/bulletins/p-047.shtml
- BID:11794
- URL:http://www.securityfocus.com/bid/11794
- SECUNIA:13359
- URL:http://secunia.com/advisories/13359
- XF:linux-tss-gain-privilege(18346)
- URL:http://xforce.iss.net/xforce/xfdb/18346
-Description:
- Unknown vulnerability in the Linux kernel before 2.4.23, on the AMD AMD64 and
- Intel EM64T architectures, associated with "setting up TSS limits," allows
- local users to cause a denial of service (crash) and possibly execute
- arbitrary code.
-Notes:
- jmm> I've verified that above bkbits fixed is included in 2.6.8, so I'm
- jmm> marking 2.6 N/A
- jmm> The vulnerable code doesn't seem to be present in 2.4.27. Plus, 2.4
- jmm> is unsupported for amd64 anyway, so I'm marking it N/A as well for
- jmm> the 2.4 kernels
-Bugs:
-upstream: released (2.6.0-test10)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
-2.4.18-woody-security-hppa: N/A
Deleted: patch-tracking/CVE-2004-0814
===================================================================
--- patch-tracking/CVE-2004-0814 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-0814 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,39 +0,0 @@
-Candidate: CVE-2004-0814
-References:
- BUGTRAQ:20041020 CVE-2004-0814: Linux terminal layer races
- URL:http://www.securityfocus.com/archive/1/379005
- CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=131672
- CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=133110
- FEDORA:FLSA:2336
- URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
- MANDRAKE:MDKSA-2005:022
- URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
- BUGTRAQ:20041214 [USN-38-1] Linux kernel vulnerabilities
- URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110306397320336&w=2
- BID:11491
- URL:http://www.securityfocus.com/bid/11491
- BID:11492
- URL:http://www.securityfocus.com/bid/11492
- XF:linux-tiocsetd-race-condition(17816)
- URL:http://xforce.iss.net/xforce/xfdb/17816
-Description:
- Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6.x
- before 2.6.9, allow (1) local users to obtain portions of kernel data via a
- TIOCSETD ioctl call to a terminal interface that is being accessed by another
- thread, or (2) remote attackers to cause a denial of service (panic) by
- switching from console to PPP line discipline, then quickly sending data that
- is received during the switch.
-Notes:
-Bugs:
-upstream: released (2.6.9)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: released (2.6.8-8) [tty-locking-fixes.dpatch, tty-locking-fixes2.dpatch, tty-locking-fixes3.dpatch, tty-locking-fixes4.dpatch, tty-locking-fixes5.dpatch, tty-locking-fixes6.dpatch, tty-locking-fixes7.dpatch, tty-locking-fixes8.dpatch]
-2.4.27-sarge-security: released (2.4.27-7) [093_tty_lockup.diff, 093_tty_lockup-2.diff, 115_tty_lockup-3.diff, 093-tty_lockup-3.diff]
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2004-0816
===================================================================
--- patch-tracking/CVE-2004-0816 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-0816 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,36 +0,0 @@
-Candidate: CVE-2004-0816
-References:
- MANDRAKE:MDKSA-2005:022
- URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
- SUSE:SUSE-SA:2004:037
- URL:http://www.novell.com/linux/security/advisories/2004_37_kernel.html
- BID:11488
- URL:http://www.securityfocus.com/bid/11488
- SECUNIA:11202
- URL:http://secunia.com/advisories/11202/
- XF:linux-ip-packet-dos(17800)
- URL:http://xforce.iss.net/xforce/xfdb/17800
-Description:
- Integer underflow in the firewall logging rules for iptables in Linux before
- 2.6.8 allows remote attackers to cause a denial of service (application crash)
- via a malformed IP packet.
-Notes:
- jmm> Quoting from http://groups.google.com/group/nz.comp/msg/71ec927b491f247d:
- jmm> The bug, discovered by Richard Hart, does not affect the 2.4 series kernel
- jmm> Quoting from http://www.novell.com/linux/security/advisories/2004_37_kernel.html:
- jmm> This problem has already been fixed in the 2.6.8 upstream Linux kernel,
- jmm> this update contains a backport of the fix.
- jmm> So I'm marking all kernels N/A
-Bugs:
-upstream:
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
-2.4.18-woody-security-hppa: N/A
Deleted: patch-tracking/CVE-2004-0883
===================================================================
--- patch-tracking/CVE-2004-0883 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-0883 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,49 +0,0 @@
-Candidate: CVE-2004-0883
-References:
- BUGTRAQ:20041117 Advisory 14/2004: Linux 2.x smbfs multiple remote vulnerabilities
- URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110072140811965&w=2
- MISC:http://security.e-matters.de/advisories/142004.html
- BUGTRAQ:20041118 [USN-30-1] Linux kernel vulnerabilities
- URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110082989725345&w=2
- FEDORA:FLSA:2336
- URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
- MANDRAKE:MDKSA-2005:022
- URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
- REDHAT:RHSA-2004:537
- URL:http://www.redhat.com/support/errata/RHSA-2004-537.html
- CERT-VN:VU#726198
- URL:http://www.kb.cert.org/vuls/id/726198
- SECUNIA:13232
- URL:http://secunia.com/advisories/13232/
- BID:11695
- URL:http://www.securityfocus.com/bid/11695
- XF:linux-smbprocreadxdata-dos(18135)
- URL:http://xforce.iss.net/xforce/xfdb/18135
- XF:linux-smb-response-dos(18134)
- URL:http://xforce.iss.net/xforce/xfdb/18134
- XF:linux-smbreceivetrans2-dos(18136)
- URL:http://xforce.iss.net/xforce/xfdb/18136
-Description:
- Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4
- and 2.6 allow remote samba servers to cause a denial of service (crash) or
- gain sensitive information from kernel memory via a samba server (1) returning
- more data than requested to the smb_proc_read function, (2) returning a data
- offset from outside the samba packet to the smb_proc_readX function, (3)
- sending a certain TRANS2 fragmented packet to the smb_receive_trans2 function,
- (4) sending a samba packet with a certain header size to the
- smb_proc_readX_data function, or (5) sending a certain packet based offset for
- the data in a packet to the smb_receive_trans2 function.
-Notes:
-Bugs:
-upstream: released (2.4.28-rc3), released (2.6.10)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: released (2.6.8-9) [smbfs-overflow-fixes-2.dpatch]
-2.4.27-sarge-security: released (2.4.27-6) [111-smb-client-overflow-fix-1.diff, 111-smb-client-overflow-fix-2.diff]
-2.4.19-woody-security: released (2.4.19-4.woody3)
-2.4.18-woody-security: released (2.4.18-14.4)
-2.4.17-woody-security: released (2.4.17-1woody4)
-2.4.16-woody-security: released (2.4.16-1woody3)
-2.4.17-woody-security-hppa: released (32.5)
-2.4.17-woody-security-ia64: released (011226.18)
-2.4.18-woody-security-hppa: released (62.4)
Deleted: patch-tracking/CVE-2004-0887
===================================================================
--- patch-tracking/CVE-2004-0887 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-0887 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,24 +0,0 @@
-Candidate: CVE-2004-0887
-References:
- http://www.novell.com/linux/security/advisories/2004_37_kernel.html
- http://www.securityfocus.com/bid/11489
- http://xforce.iss.net/xforce/xfdb/17801
-Description:
- SUSE Linux Enterprise Server 9 on the S/390 platform does not properly
- handle a certain privileged instruction, which allows local users to
- gain root privileges.
-Notes:
- dannf> 2.4 looks vulnerable; I've asked waldi's advice on applying it.
-Bugs:
-upstream:
-linux-2.6.16:
-linux-2.6:
-2.6.8-sarge-security: released (2.6.8-10) [s390-sacf-fix.dpatch]
-2.4.27-sarge-security: released (2.4.27-10sarge2) [206_s390-sacf-fix.diff]
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2004-0949
===================================================================
--- patch-tracking/CVE-2004-0949 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-0949 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,41 +0,0 @@
-Candidate: CVE-2004-0949
-References:
- BUGTRAQ:20041117 Advisory 14/2004: Linux 2.x smbfs multiple remote vulnerabilities
- URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110072140811965&w=2
- MISC:http://security.e-matters.de/advisories/142004.html
- FEDORA:FLSA:2336
- URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
- MANDRAKE:MDKSA-2005:022
- URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
- REDHAT:RHSA-2004:537
- URL:http://www.redhat.com/support/errata/RHSA-2004-537.html
- TRUSTIX:2004-0061
- URL:http://www.trustix.org/errata/2004/0061/
- UBUNTU:USN-30-1
- URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110082989725345&w=2
- XF:linux-smbrecvtrans2-memory-leak(18137)
- URL:http://xforce.iss.net/xforce/xfdb/18137
- BID:11695
- URL:http://www.securityfocus.com/bid/11695
- SECUNIA:13232
- URL:http://secunia.com/advisories/13232/
-Description:
- The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux
- kernel 2.4 and 2.6 does not properly handle the re-assembly of fragmented
- packets correctly, which could allow remote samba servers to (1) read
- arbitrary kernel information or (2) raise a counter value to an arbitrary
- number by sending the first part of the fragmented packet multiple times.
-Notes:
-Bugs:
-upstream: released (2.4.28-rc3), released (2.6.10)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: released (2.6.8-13) [smbfs-overrun.dpatch]
-2.4.27-sarge-security: released (2.4.27-6) [111-smb-client-overflow-fix-1.diff, 111-smb-client-overflow-fix-2.diff]
-2.4.19-woody-security: released (2.4.19-4.woody3)
-2.4.18-woody-security: released (2.4.18-14.4)
-2.4.17-woody-security: released (2.4.17-1woody4)
-2.4.16-woody-security: released (2.4.16-1woody3)
-2.4.17-woody-security-hppa: released (32.5)
-2.4.17-woody-security-ia64: released (011226.18)
-2.4.18-woody-security-hppa: released (62.4)
Deleted: patch-tracking/CVE-2004-1016
===================================================================
--- patch-tracking/CVE-2004-1016 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-1016 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,37 +0,0 @@
-Candidate: CVE-2004-1016
-References:
- VULNWATCH:20041214 Linux kernel scm_send local DoS
- MISC:http://isec.pl/vulnerabilities/isec-0019-scm.txt
- UBUNTU:USN-38-1
- URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110306397320336&w=2
- FEDORA:FLSA:2336
- URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
- MANDRAKE:MDKSA-2005:022
- URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
- REDHAT:RHSA-2004:689
- URL:http://www.redhat.com/support/errata/RHSA-2004-689.html
- XF:linux-scmsend-dos(18483)
- URL:http://xforce.iss.net/xforce/xfdb/18483
-Description:
- The scm_send function in the scm layer for Linux kernel 2.4.x up to 2.4.28,
- and 2.6.x up to 2.6.9, allows local users to cause a denial of service (system
- hang) via crafted auxiliary messages that are passed to the sendmsg function,
- which causes a deadlock condition.
-Notes:
- dannf> 2.4.27 has a reference to CVE-2004-1016 in the changelog, but it looks
- like it referred to the wrong issue - our 2.4.27 may still be
- vulnerable.
- dannf> on second review, those patches look correct
-Bugs:
-upstream:
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: released (2.6.8-11) [scm_send-dos-fix.dpatch, scm_send-dos-fix2.dpatch]
-2.4.27-sarge-security: released (2.4.27-7) [116-cmsg-validation-checks.patch, 118-cmsg-validation-checks-compat.patch]
-2.4.19-woody-security: released (2.4.19-4.woody3)
-2.4.18-woody-security: released (2.4.18-14.4)
-2.4.17-woody-security: released (2.4.17-1woody4)
-2.4.16-woody-security: released (2.4.16-1woody3)
-2.4.17-woody-security-hppa: released (32.5)
-2.4.17-woody-security-ia64: released (011226.18)
-2.4.18-woody-security-hppa: released (62.4)
Deleted: patch-tracking/CVE-2004-1017
===================================================================
--- patch-tracking/CVE-2004-1017 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-1017 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,28 +0,0 @@
-Candidate: CVS-2004-1017
-References:
- FEDORA:FLSA:2336
- URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
- REDHAT:RHSA-2004:689
- URL:http://www.redhat.com/support/errata/RHSA-2004-689.html
- XF:linux-ioedgeport-bo(18433)
- URL:http://xforce.iss.net/xforce/xfdb/18433
-Description:
- Multiple "overflows" in the io_edgeport driver for Linux kernel 2.4.x have
- unknown impact and unknown attack vectors.
-Notes:
- jmm> I've checked 2.6.14, but I didn't find the exact upstream version when
- jmm> this was fixed
- jmm> The fix is required for 2.6.8
-Bugs:
-upstream:
-linux-2.6.16:
-linux-2.6: released (2.4.31-rc1, 2.6.10)
-2.6.8-sarge-security: released (2.6.8-16sarge2) [io_edgeport_overflow.dpatch]
-2.4.27-sarge-security: released (2.4.27-9) [137_io_edgeport_overflow.diff]
-2.4.19-woody-security: released (2.4.19-4.woody3)
-2.4.18-woody-security: released (2.4.18-14.4)
-2.4.17-woody-security: released (2.4.17-1woody4)
-2.4.16-woody-security: released (2.4.16-1woody3)
-2.4.17-woody-security-hppa: released (32.5)
-2.4.17-woody-security-ia64: released (011226.18)
-2.4.18-woody-security-hppa: released (62.4)
Deleted: patch-tracking/CVE-2004-1056
===================================================================
--- patch-tracking/CVE-2004-1056 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-1056 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,28 +0,0 @@
-Candidate: CVE-2004-1056
-References:
- UBUNTU:USN-38-1
- URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110306397320336&w=2
- FEDORA:FLSA:2336
- URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
- REDHAT:RHSA-2005:092
- URL:http://www.redhat.com/support/errata/RHSA-2005-092.html
- XF:linux-i810-dma-dos(15972)
- URL:http://xforce.iss.net/xforce/xfdb/15972
-Description:
- Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does not properly
- check the DMA lock, which could allow remote attackers or local users to cause
- a denial of service (X Server crash) and possibly modify the video output.
-Notes:
-Bugs:
-upstream:
-linux-2.6.16:
-linux-2.6:
-2.6.8-sarge-security: released (2.6.8-11) [drm-locking-fixes.dpatch]
-2.4.27-sarge-security: released (2.4.27-8) [121_drm-locking-checks-1.diff, 121_drm-locking-checks-2.diff]
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2004-1057
===================================================================
--- patch-tracking/CVE-2004-1057 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-1057 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,28 +0,0 @@
-Candidate: CVE-2004-1057
-References:
- MISC:http://www.kernel.org/pub/linux/kernel/people/andrea/kernels/v2.4/2.4.23aa3/00_VM_IO-4
- REDHAT:RHSA-2005:016
- URL:http://www.redhat.com/support/errata/RHSA-2005-016.html
- CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=137821
- XF:linux-kernel-vmio-dos(19275)
- URL:http://xforce.iss.net/xforce/xfdb/19275
-Description:
- Multiple drivers in Linux kernel 2.4.19 and earlier do not properly mark
- memory with the VM_IO flag, which causes incorrect reference counts and may
- lead to a denial of service (kernel panic) when accessing freed kernel pages.
-Notes:
- dannf> I see the PageReserved() check in the 2.6 code, going back to 2.4.0
- dannf> so I'll mark 2.6 N/A
-Bugs:
-upstream:
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: released (2.4.27-10) [165_VM_IO.diff]
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2004-1058
===================================================================
--- patch-tracking/CVE-2004-1058 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-1058 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,29 +0,0 @@
-Candidate: CVE-2004-1058
-References:
- FEDORA:FLSA:152532
- URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532
- GENTOO:GLSA-200408-24
- URL:http://www.gentoo.org/security/en/glsa/glsa-200408-24.xml
- MANDRAKE:MDKSA-2005:022
- URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
- UBUNTU:USN-38-1
- URL:http://www.ubuntulinux.org/support/documentation/usn/usn-38-1
- XF:linux-spawning-race-condition(17151)
- URL:http://xforce.iss.net/xforce/xfdb/17151
-Description:
- Race condition in Linux kernel 2.6 allows local users to read the environment
- variables of another process that is still spawning via /proc/.../cmdline.
-Notes:
-Bugs:
-upstream: released (2.4.33-pre2)
-linux-2.6.16:
-linux-2.6:
-2.6.8-sarge-security: released (2.6.8-14) [proc-cmdline-mmput-leak.dpatch]
-2.4.27-sarge-security: released (2.4.27-10sarge2) [203_proc_pid_cmdline_race.diff]
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2004-1068
===================================================================
--- patch-tracking/CVE-2004-1068 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-1068 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,34 +0,0 @@
-Candidate: CVE-2004-1068
-References:
- BUGTRAQ:20041119 Addendum, recent Linux <= 2.4.27 vulnerabilities
- URL:http://www.securityfocus.com/archive/1/381689
- FEDORA:FLSA:2336
- URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
- MANDRAKE:MDKSA-2005:022
- URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
- REDHAT:RHSA-2004:537
- URL:http://www.redhat.com/support/errata/RHSA-2004-537.html
- BUGTRAQ:20041214 [USN-38-1] Linux kernel vulnerabilities
- URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110306397320336&w=2
- BID:11715
- URL:http://www.securityfocus.com/bid/11715
- XF:linux-afunix-race-condition(18230)
- URL:http://xforce.iss.net/xforce/xfdb/18230
-Description:
- A "missing serialization" error in the unix_dgram_recvmsg function in Linux
- 2.4.27 and earlier, and 2.6.x up to 2.6.9, allows local users to gain
- privileges via a race condition.
-Notes:
-Bugs:
-upstream: released (2.4.27, 2.6.9)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: released (2.6.8-11)
-2.4.27-sarge-security: released (2.4.27-7)
-2.4.19-woody-security: released (2.4.19-4.woody3)
-2.4.18-woody-security: released (2.4.18-14.4)
-2.4.17-woody-security: released (2.4.17-1woody4)
-2.4.16-woody-security: released (2.4.16-1woody3)
-2.4.17-woody-security-hppa: released (32.5)
-2.4.17-woody-security-ia64: released (011226.18)
-2.4.18-woody-security-hppa: released (62.4)
Deleted: patch-tracking/CVE-2004-1069
===================================================================
--- patch-tracking/CVE-2004-1069 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-1069 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,25 +0,0 @@
-Candidate: CVE-2004-1069
-References:
- http://marc.theaimsgroup.com/?l=linux-kernel&m=110045613004761
- http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
- http://marc.theaimsgroup.com/?l=bugtraq&m=110306397320336&w=2
- http://xforce.iss.net/xforce/xfdb/18312
-Description:
- Race condition in SELinux 2.6.x through 2.6.9 allows local users to
- cause a denial of service (kernel crash) via SOCK_SEQPACKET unix
- domain sockets, which are not properly handled in the sock_dgram_sendmsg
- function.
-Notes:
-Bugs:
-upstream:
-linux-2.6.16:
-linux-2.6:
-2.6.8-sarge-security: released (2.6.8-11)
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2004-1070
===================================================================
--- patch-tracking/CVE-2004-1070 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-1070 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,31 +0,0 @@
-Candidate: CVE-2004-1070
-References:
- MISC:http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt
- FEDORA:FLSA:2336
- URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
- MANDRAKE:MDKSA-2005:022
- URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
- REDHAT:RHSA-2004:549
- URL:http://www.redhat.com/support/errata/RHSA-2004-549.html
- XF:linux-elf-setuid-gain-privileges(18025)
- URL:http://xforce.iss.net/xforce/xfdb/18025
-Description:
- The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux
- kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8 , does not properly check
- return values from calls to the kernel_read function, which may allow local
- users to modify sensitive memory in a setuid program and execute arbitrary
- code.
-Notes:
-Bugs:
-upstream:
-linux-2.6.16:
-linux-2.6:
-2.6.8-sarge-security: released (2.6.8-9) [elf-loader-fixes.dpatch, elf-loader-fixes-the-return.dpatch]
-2.4.27-sarge-security: released (2.4.27-6) [097-elf_loader_overflow-1.diff, 097-elf_loader_overflow-2.diff, 097-elf_loader_overflow-3.diff, 097-elf_loader_overflow-4.diff]
-2.4.19-woody-security: released (2.4.19-4.woody3)
-2.4.18-woody-security: released (2.4.18-14.4)
-2.4.17-woody-security: released (2.4.17-1woody4)
-2.4.16-woody-security: released (2.4.16-1woody3)
-2.4.17-woody-security-hppa: released (32.5)
-2.4.17-woody-security-ia64: released (011226.18)
-2.4.18-woody-security-hppa: released (62.4)
Deleted: patch-tracking/CVE-2004-1071
===================================================================
--- patch-tracking/CVE-2004-1071 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-1071 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,30 +0,0 @@
-Candidate: CVE-2004-1071
-References:
- MISC:http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt
- FEDORA:FLSA:2336
- URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
- MANDRAKE:MDKSA-2005:022
- URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
- REDHAT:RHSA-2004:537
- URL:http://www.redhat.com/support/errata/RHSA-2004-537.html
- XF:linux-elf-setuid-gain-privileges(18025)
- URL:http://xforce.iss.net/xforce/xfdb/18025
-Description:
- The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and
- 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap
- function, which causes an incorrect mapped image and may allow local users to
- execute arbitrary code.
-Notes:
-Bugs:
-upstream:
-linux-2.6.16:
-linux-2.6:
-2.6.8-sarge-security: released (2.6.8-9) [elf-loader-fixes.dpatch, elf-loader-fixes-the-return.dpatch]
-2.4.27-sarge-security: released (2.4.27-6) [097-elf_loader_overflow-1.diff, 097-elf_loader_overflow-2.diff, 097-elf_loader_overflow-3.diff, 097-elf_loader_overflow-4.diff]
-2.4.19-woody-security: released (2.4.19-4.woody3)
-2.4.18-woody-security: released (2.4.18-14.4)
-2.4.17-woody-security: released (2.4.17-1woody4)
-2.4.16-woody-security: released (2.4.16-1woody3)
-2.4.17-woody-security-hppa: released (32.5)
-2.4.17-woody-security-ia64: released (011226.18)
-2.4.18-woody-security-hppa: released (62.4)
Deleted: patch-tracking/CVE-2004-1072
===================================================================
--- patch-tracking/CVE-2004-1072 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-1072 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,33 +0,0 @@
-Candidate: CVE-2004-1072
-References:
- MISC:http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt
- FEDORA:FLSA:2336
- URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
- MANDRAKE:MDKSA-2005:022
- URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
- REDHAT:RHSA-2004:537
- URL:http://www.redhat.com/support/errata/RHSA-2004-537.html
- REDHAT:RHSA-2005:275
- URL:http://www.redhat.com/support/errata/RHSA-2005-275.html
- XF:linux-elf-setuid-gain-privileges(18025)
- URL:http://xforce.iss.net/xforce/xfdb/18025
-Description:
- The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and
- 2.6.x up to 2.6.8, may create an interpreter name string that is not NULL
- terminated, which could cause strings longer than PATH_MAX to be used, leading
- to buffer overflows that allow local users to cause a denial of service (hang)
- and possibly execute arbitrary code.
-Notes:
-Bugs:
-upstream:
-linux-2.6.16:
-linux-2.6:
-2.6.8-sarge-security: released (2.6.8-9) [elf-loader-fixes.dpatch, elf-loader-fixes-the-return.dpatch]
-2.4.27-sarge-security: released (2.4.27-6) [097-elf_loader_overflow-1.diff, 097-elf_loader_overflow-2.diff, 097-elf_loader_overflow-3.diff, 097-elf_loader_overflow-4.diff]
-2.4.19-woody-security: released (2.4.19-4.woody3)
-2.4.18-woody-security: released (2.4.18-14.4)
-2.4.17-woody-security: released (2.4.17-1woody4)
-2.4.16-woody-security: released (2.4.16-1woody3)
-2.4.17-woody-security-hppa: released (32.5)
-2.4.17-woody-security-ia64: released (011226.18)
-2.4.18-woody-security-hppa: released (62.4)
Deleted: patch-tracking/CVE-2004-1073
===================================================================
--- patch-tracking/CVE-2004-1073 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-1073 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,29 +0,0 @@
-Candidate: CVE-2004-1073
-References:
- MISC:http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt
- FEDORA:FLSA:2336
- URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
- MANDRAKE:MDKSA-2005:022
- URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
- REDHAT:RHSA-2004:549
- URL:http://www.redhat.com/support/errata/RHSA-2004-549.html
- XF:linux-elf-setuid-gain-privileges(18025)
- URL:http://xforce.iss.net/xforce/xfdb/18025
-Description:
- The open_exec function in the execve functionality (exec.c) in Linux kernel
- 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read
- non-readable ELF binaries by using the interpreter (PT_INTERP) functionality.
-Notes:
-Bugs:
-upstream:
-linux-2.6.16:
-linux-2.6:
-2.6.8-sarge-security: released (2.6.8-9) [elf-loader-fixes.dpatch, elf-loader-fixes-the-return.dpatch]
-2.4.27-sarge-security: released (2.4.27-6) [097-elf_loader_overflow-1.diff, 097-elf_loader_overflow-2.diff, 097-elf_loader_overflow-3.diff, 097-elf_loader_overflow-4.diff]
-2.4.19-woody-security: released (2.4.19-4.woody3)
-2.4.18-woody-security: released (2.4.18-14.4)
-2.4.17-woody-security: released (2.4.17-1woody4)
-2.4.16-woody-security: released (2.4.16-1woody3)
-2.4.17-woody-security-hppa: released (32.5)
-2.4.17-woody-security-ia64: released (011226.18)
-2.4.18-woody-security-hppa: released (62.4)
Deleted: patch-tracking/CVE-2004-1137
===================================================================
--- patch-tracking/CVE-2004-1137 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-1137 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,40 +0,0 @@
-Candidate: CVE-2004-1137
-References:
- VULNWATCH:20041214 Linux kernel IGMP vulnerabilities
- BUGTRAQ:20041214 Linux kernel IGMP vulnerabilities
- MISC:http://isec.pl/vulnerabilities/isec-0018-igmp.txt
- CONECTIVA:CLA-2005:930
- URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
- FEDORA:FLSA:2336
- URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
- MANDRAKE:MDKSA-2005:022
- URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
- REDHAT:RHSA-2005:092
- URL:http://www.redhat.com/support/errata/RHSA-2005-092.html
- BUGTRAQ:20041214 [USN-38-1] Linux kernel vulnerabilities
- URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110306397320336&w=2
- XF:linux-igmpmarksources-dos(18482)
- URL:http://xforce.iss.net/xforce/xfdb/18482
- XF:linux-ipmcsource-code-execution(18481)
- URL:http://xforce.iss.net/xforce/xfdb/18481
-Description:
- Multiple vulnerabilities in the IGMP functionality for Linux kernel 2.4.22 to
- 2.4.28, and 2.6.x to 2.6.9, allow local and remote attackers to cause a denial
- of service or execute arbitrary code via (1) the ip_mc_source function, which
- decrements a counter to -1, or (2) the igmp_marksources function, which does
- not properly validate IGMP message parameters and performs an out-of-bounds
- read.
-Notes:
-Bugs:
-upstream:
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: released (2.6.8-11) [igmp-src-list-fix.dpatch]
-2.4.27-sarge-security: released (2.4.27-7) [117-igmp-source-filter-fixes.patch]
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2004-1144
===================================================================
--- patch-tracking/CVE-2004-1144 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-1144 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,28 +0,0 @@
-Candidate: CVE-2004-1144
-References:
- REDHAT:RHSA-2004:689
- URL:http://www.redhat.com/support/errata/RHSA-2004-689.html
- SUSE:SUSE-SA:2004:046
- URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110376890429798&w=2
- XF:linux-32bit-emulation-gain-privileges(18686)
- URL:http://xforce.iss.net/xforce/xfdb/18686
-Description:
- Unknown vulnerability in the 32bit emulation code in Linux 2.4 on AMD64
- systems allows local users to gain privileges.
-Notes:
- jmm> 2.6 is not affected, see the comment by Andi Kleen from the patch:
- jmm> # The problem only occurs on 2.4 x86-64 kernels, 2.6 doesn't have this
- jmm> # hole because some unrelated changes in 2.5 fixed it as a side effect.
-Bugs:
-upstream:
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: released (2.4.27-9) [138_amd64_syscall_vuln.diff]
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2004-1151
===================================================================
--- patch-tracking/CVE-2004-1151 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-1151 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,29 +0,0 @@
-Candidate: CVE-2004-1151
-References:
- MLIST:[linux-kernel] 20041130 Buffer overrun in arch/x86_64/sys_ia32.c:sys32_ni_syscall()
- URL:http://www.ussg.iu.edu/hypermail/linux/kernel/0411.3/1467.html
- MISC:http://linux.bkbits.net:8080/linux-2.6/cset@1.2079
- MISC:http://linux.bkbits.net:8080/linux-2.6/gnupatch@41ae6af1cR3mJYlW6D8EHxCKSxuJiQ
- MANDRAKE:MDKSA-2005:022
- URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
- BUGTRAQ:20041214 [USN-38-1] Linux kernel vulnerabilities
- URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110306397320336&w=2
-Description:
- Multiple buffer overflows in the (1) sys32_ni_syscall and (2)
- sys32_vm86_warning functions in sys_ia32.c for Linux 2.6.x may allow local
- attackers to modify kernel memory and gain privileges.
-Notes:
- <= 2.4.27 doesn't look vulnerable, and we don't have 2.4/x86_64 anyway.
-Bugs:
-upstream: released (2.6.10)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: released (2.6.8-11) [arch-x86_64-sys32_ni-overflow.dpatch]
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
-2.4.18-woody-security-hppa: N/A
Deleted: patch-tracking/CVE-2004-1190
===================================================================
--- patch-tracking/CVE-2004-1190 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-1190 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,25 +0,0 @@
-Candidate: CVE-2004-1190
-References:
- http://www.novell.com/linux/security/advisories/2004_42_kernel.html
- http://xforce.iss.net/xforce/xfdb/18370
-Description:
- SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not
- properly check commands sent to CD devices that have been opened read-only,
- which could allow local users to conduct unauthorized write activities to
- modify the firmware of associated SCSI devices.
- .
- dannf> skipping for 2.4/sarge3 - not sure if 2.4 is affected, but we should
- revisit
-Notes:
-Bugs: 300162
-upstream: released (2.6.10)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: released (2.6.8-14) [scsi-ioctl-cmd-warned.dpatch, scsi-ioctl-remove-dup.dpatch, scsi-ioctl-permit.dpatch, SG_IO-cap.dpatch, SG_IO-safe-commands-2.dpatch, SG_IO-safe-commands-3.dpatch, SG_IO-safe-commands-5.dpatch]
-2.4.27-sarge-security: ignored (2.4.27-10sarge3)
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
Deleted: patch-tracking/CVE-2004-1234
===================================================================
--- patch-tracking/CVE-2004-1234 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-1234 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,36 +0,0 @@
-Candidate: CVE-2004-1234
-References:
- FEDORA:FLSA:2336
- URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
- REDHAT:RHSA-2004:689
- URL:http://www.redhat.com/support/errata/RHSA-2004-689.html
- CONFIRM:http://linux.bkbits.net:8080/linux-2.4/cset@4076466d_SqUm4azg4_v3FIG2-X6XQ
- CONFIRM:http://linux.bkbits.net:8080/linux-2.4/cset@4076466d_SqUm4azg4_v3FIG2-X6XQ
- CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=142965
- BID:12101
- URL:http://www.securityfocus.com/bid/12101
- XF:linux-loadelfbinary-dos(18687)
- URL:http://xforce.iss.net/xforce/xfdb/18687
-Description:
- load_elf_binary in Linux before 2.4.26 allows local users to cause a denial of
- service (system crash) via an ELF binary in which the interpreter is NULL.
-Notes:
- jmm> I don't know at which version this was merged into 2.6, but I've verified
- jmm> that above-mentioned fix is included in 2.6.8's binfmt_elf.c:
- jmm> out_free_dentry:
- jmm> allow_write_access(interpreter);
- jmm> if (interpreter)
- jmm> fput(interpreter);
-Bugs:
-upstream: released (2.4.26-rc3)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: released (2.4.19-4.woody3)
-2.4.18-woody-security: released (2.4.18-14.4)
-2.4.17-woody-security: released (2.4.17-1woody4)
-2.4.16-woody-security: released (2.4.16-1woody3)
-2.4.17-woody-security-hppa: released (32.5)
-2.4.17-woody-security-ia64: released (011226.18)
-2.4.18-woody-security-hppa: released (62.4)
Deleted: patch-tracking/CVE-2004-1235
===================================================================
--- patch-tracking/CVE-2004-1235 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-1235 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,44 +0,0 @@
-Candidate: CVE-2004-1235
-References:
- BUGTRAQ:20050107 Linux kernel sys_uselib local root vulnerability
- URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110512575901427&w=2
- MISC:http://isec.pl/vulnerabilities/isec-0021-uselib.txt
- CONECTIVA:CLA-2005:930
- URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
- FEDORA:FEDORA-2005-013
- URL:http://www.securityfocus.com/advisories/7806
- FEDORA:FEDORA-2005-014
- URL:http://www.securityfocus.com/advisories/7805
- FEDORA:FLSA:2336
- URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
- MANDRAKE:MDKSA-2005:022
- URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
- REDHAT:RHSA-2005:043
- URL:http://www.redhat.com/support/errata/RHSA-2005-043.html
- REDHAT:RHSA-2005:092
- URL:http://www.redhat.com/support/errata/RHSA-2005-092.html
- TRUSTIX:2005-0001
- URL:http://www.trustix.org/errata/2005/0001/
- CONFIRM:http://www.securityfocus.com/advisories/7804
- BID:12190
- URL:http://www.securityfocus.com/bid/12190
- XF:linux-uselib-gain-privileges(18800)
- URL:http://xforce.iss.net/xforce/xfdb/18800
-Description:
- Race condition in the (1) load_elf_library and (2) binfmt_aout function calls
- for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows
- local users to execute arbitrary code by manipulating the VMA descriptor.
-Notes:
-Bugs:
-upstream:
-linux-2.6.16:
-linux-2.6:
-2.6.8-sarge-security: released (2.6.8-12) [028-do_brk_security_fixes.dpatch]
-2.4.27-sarge-security: released (2.4.27-8) [122_sec_brk-locked.diff]
-2.4.19-woody-security: released (2.4.19-4.woody3)
-2.4.18-woody-security: released (2.4.18-14.4)
-2.4.17-woody-security: released (2.4.17-1woody4)
-2.4.16-woody-security: released (2.4.16-1woody3)
-2.4.17-woody-security-hppa: released (32.5)
-2.4.17-woody-security-ia64: released (011226.18)
-2.4.18-woody-security-hppa: released (62.4)
Deleted: patch-tracking/CVE-2004-1237
===================================================================
--- patch-tracking/CVE-2004-1237 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-1237 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,29 +0,0 @@
-Candidate: CVE-2004-1237
-References:
- http://www.redhat.com/support/errata/RHSA-2005-043.html
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=132245
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=141996
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=142091
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=142442
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=143886
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=144048
-Description:
- Unknown vulnerability in the system call filtering code in the audit
- subsystem for Red Hat Enterprise Linux 3 allows local users to cause
- a denial of service (system crash) via unknown vectors.
-Notes:
- jmm> What a remarkably concrete description :-)
- jmm> I found the Bugzilla entries above and this seems RHEL specific.
- jmm> I'm marking it at such, but please double-check someone
-Bugs:
-upstream: N/A
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2004-1333
===================================================================
--- patch-tracking/CVE-2004-1333 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-1333 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,33 +0,0 @@
-Candidate: CVE-2004-1333
-References:
- FULLDISC:20041215 fun with linux kernel
- URL:http://www.securitytrap.com/mail/full-disclosure/2004/Dec/0323.html
- MISC:http://www.guninski.com/where_do_you_want_billg_to_go_today_2.html
- FEDORA:FLSA:152532
- URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532
- SUSE:SUSE-SA:2005:018
- URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html
- UBUNTU:USN-47-1
- URL:http://www.ubuntulinux.org/support/documentation/usn/usn-47-1
- BID:11956
- URL:http://www.securityfocus.com/bid/11956
- XF:linux-vcresize-dos(18523)
- URL:http://xforce.iss.net/xforce/xfdb/18523
-Description:
- Integer overflow in the vc_resize function in the Linux kernel 2.4 and 2.6
- before 2.6.10 allows local users to cause a denial of service (kernel crash)
- via a short new screen value, which leads to a buffer overflow.
-Notes:
-Bugs:
-upstream: released (2.6.10)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: released (2.6.8-11) [vt-of-death.dpatch]
-2.4.27-sarge-security: released (2.4.27-9) [136_vc_resizing_overflow.diff]
-2.4.19-woody-security: released (2.4.19-4.woody3)
-2.4.18-woody-security: released (2.4.18-14.4)
-2.4.17-woody-security: released (2.4.17-1woody4)
-2.4.16-woody-security: released (2.4.16-1woody3)
-2.4.17-woody-security-hppa: released (32.5)
-2.4.17-woody-security-ia64: released (011226.18)
-2.4.18-woody-security-hppa: released (62.4)
Deleted: patch-tracking/CVE-2004-1334
===================================================================
--- patch-tracking/CVE-2004-1334 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-1334 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,26 +0,0 @@
-Candidate: CVE-2004-1334
-References:
- http://www.securitytrap.com/mail/full-disclosure/2004/Dec/0323.html
- http://marc.theaimsgroup.com/?l=bugtraq&m=110383108211524&w=2
- http://www.guninski.com/where_do_you_want_billg_to_go_today_2.html
- http://www.securityfocus.com/bid/11956
- http://xforce.iss.net/xforce/xfdb/18522
-Description:
- Integer overflow in the ip_options_get function in the Linux kernel before
- 2.6.10 allows local users to cause a denial of service (kernel crash) via a
- cmsg_len that contains a -1, which leads to a buffer overflow.
-Notes:
- dannf> This is a duplicate of CAN-2004-1016
-Bugs:
-upstream:
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: released (2.6.8-11) [scm_send-dos-fix.dpatch, scm_send-dos-fix2.dpatch]
-2.4.27-sarge-security: released (2.4.27-7) [116-cmsg-validation-checks.patch, 118-cmsg-validation-checks-compat.patch]
-2.4.19-woody-security: released (2.4.19-4.woody3)
-2.4.18-woody-security: released (2.4.18-14.4)
-2.4.17-woody-security: released (2.4.17-1woody4)
-2.4.16-woody-security: released (2.4.16-1woody3)
-2.4.17-woody-security-hppa: released (32.5)
-2.4.17-woody-security-ia64: released (011226.18)
-2.4.18-woody-security-hppa: released (62.4)
Deleted: patch-tracking/CVE-2004-1335
===================================================================
--- patch-tracking/CVE-2004-1335 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-1335 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,29 +0,0 @@
-Candidate: CVE-2004-1335
-References:
- FULLDISC:20041215 fun with linux kernel
- URL:http://www.securitytrap.com/mail/full-disclosure/2004/Dec/0323.html
- MISC:http://www.guninski.com/where_do_you_want_billg_to_go_today_2.html
- BUGTRAQ:20041215 [USN-47-1] Linux kernel vulnerabilities
- URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110383108211524&w=2
- BID:11956
- URL:http://www.securityfocus.com/bid/11956
- XF:linux-ipoptionsget-memory-leak(18524)
- URL:http://xforce.iss.net/xforce/xfdb/18524
-Description:
- Memory leak in the ip_options_get function in the Linux kernel before 2.6.10
- allows local users to cause a denial of service (memory consumption) by
- repeatedly calling the ip_cmsg_send function.
-Notes:
-Bugs:
-upstream: released (2.6.10)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: released (2.6.8-11) [fix-ip-options-leak.dpatch]
-2.4.27-sarge-security: released (2.4.27-9) [135_fix_ip_options_leak.diff]
-2.4.19-woody-security: released (2.4.19-4.woody3)
-2.4.18-woody-security: released (2.4.18-14.4)
-2.4.17-woody-security: released (2.4.17-1woody4)
-2.4.16-woody-security: released (2.4.16-1woody3)
-2.4.17-woody-security-hppa: released (32.5)
-2.4.17-woody-security-ia64: released (011226.18)
-2.4.18-woody-security-hppa: released (62.4)
Deleted: patch-tracking/CVE-2004-1337
===================================================================
--- patch-tracking/CVE-2004-1337 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-1337 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,29 +0,0 @@
-Candidate:
-References:
- BUGTRAQ:20041223 Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation
- URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110384535113035&w=2
- CONECTIVA:CLA-2005:930
- URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
- BID:12093
- URL:http://www.securityfocus.com/bid/12093
- XF:linux-security-module-gain-privileges(18673)
- URL:http://xforce.iss.net/xforce/xfdb/18673
-Description:
- The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 does not
- properly handle the credentials of a process that is launched before the
- module is loaded, which allows local users to gain privileges.
-Notes:
- dannf> This code isn't in <= 2.4.27
-Bugs:
-upstream: released (2.6.11)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: released (2.6.8-14) [025-track_dummy_capability.dpatch, 027-track_dummy_capability.dpatch]
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
-2.4.18-woody-security-hppa: N/A
Deleted: patch-tracking/CVE-2004-2013
===================================================================
--- patch-tracking/CVE-2004-2013 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-2013 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,28 +0,0 @@
-Candidate: CVE-2004-2013
-References:
- http://archives.neohapsis.com/archives/bugtraq/2004-05/0091.html
- http://lists.netsys.com/pipermail/full-disclosure/2004-May/021223.html
- http://marc.theaimsgroup.com/?l=bugtraq&m=108456230815842&w=2
- http://www.securityfocus.com/bid/10326
- http://xforce.iss.net/xforce/xfdb/16117
-Description:
- Integer overflow in the SCTP_SOCKOPT_DEBUG_NAME SCTP socket option in socket.c
- in the Linux kernel 2.4.25 and earlier allows local users to execute arbitrary
- code via an optlen value of -1, which causes kmalloc to allocate 0 bytes of
- memory.
-Notes:
- jmm> http://archives.neohapsis.com/archives/bugtraq/2004-05/0091.html
- jmm> The vulnerable socket option was removed entirely in 2.4.26 and 2.6.*,
- jmm> Woody could be affected, though
-Bugs:
-upstream: released (2.4.26)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
Deleted: patch-tracking/CVE-2004-2302
===================================================================
--- patch-tracking/CVE-2004-2302 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-2302 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,26 +0,0 @@
-Candidate: CVE-2004-2302
-References:
- http://linux.bkbits.net:8080/linux-2.6/cset%404186a4deVoR88JjTwMa3ZnIp-_YJsA
- http://kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.10-rc1/2.6.10-rc1-mm1/broken-out/fix-race-in-sysfs_read_file-and-sysfs_write_file.patch
- http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:218
- http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:219
- http://www.novell.com/linux/security/advisories/2005_44_kernel.html
-Description:
- Race condition in the sysfs_read_file and sysfs_write_file functions in Linux
- kernel before 2.6.10 allows local users to read kernel memory and cause a
- denial of service (crash) via large offsets in sysfs files.
-Notes:
- dannf> sysfs is only in 2.6, so marking 2.4 N/A
-Bugs: 322339
-upstream: released (2.6.10)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: released (2.6.8-16sarge1) [fs-sysfs-read-write-race.dpatch]
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
-2.4.18-woody-security-hppa: N/A
Deleted: patch-tracking/CVE-2004-2536
===================================================================
--- patch-tracking/CVE-2004-2536 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-2536 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,29 +0,0 @@
-Candidate: CVE-2004-2536
-References:
- http://www.ussg.iu.edu/hypermail/linux/kernel/0405.0/1242.html
- http://www.ussg.iu.edu/hypermail/linux/kernel/0405.0/1265.html
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.6
-Description:
- The exit_thread function (process.c) in Linux kernel 2.6 through
- 2.6.5 does not invalidate the per-TSS io_bitmap pointers if a
- process obtains IO access permissions from the ioperm function but
- does not drop those permissions when it exits, which allows other
- processes to access the per-TSS pointers, access restricted memory
- locations, and possibly gain privileges.
-Notes:
- Horms> Tested against kernel-image-2.4.27-2-686 2.4.27-11 which does not
- seem to exhibit the problem, although the code suggests it might. I guess
- its just a 2.6 problem. I marked 2.4.27 and the woody kernels N/A
-Bugs:
-upstream: released (2.6.6)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
-2.4.18-woody-security-hppa: N/A
Deleted: patch-tracking/CVE-2004-2607
===================================================================
--- patch-tracking/CVE-2004-2607 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-2607 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,31 +0,0 @@
-Candidate: CVE-2004-2607
-References:
- http://www.uwsg.iu.edu/hypermail/linux/kernel/0404.2/0313.html
- http://www.kernel.org/git/?p=linux/kernel/git/tglx/history.git;a=commitdiff;h=98cd917c1ac348d5cd94beabecc3011dcaa0a0f2
-Description:
- A numeric casting discrepancy in sdla_xfer in Linux kernel 2.6.x up to
- 2.6.5 and 2.4 up to 2.4.29-rc1 allows local users to read portions of
- kernel memory via a large len argument, which is received as an int but
- cast to a short, which prevents a read loop from filling a buffer.
-Notes:
- jmm> The referenced patch was applied by Jeff Garzik on 2004-04-16,
- jmm> 2.6.6 was released on 2004-05-09, so Sarge seems not affected, should
- jmm> be double-checked against the source though, but my bandwidth is currently
- jmm> too slim to download 2.6.8
- jmm>
- jmm> The fix below is for a completely different issue, I've split it out
- horms> Fix was included in 2.6.6. Checked source and 2.6.8 is not vulnerable
- horms> 2.4.27 is vulnerable, added fix to SVN. Woody is likely vulnerable
-Bugs:
-upstream: released (2.4.33-pre2), released (2.6.6)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: released (2.4.27-10sarge2) [200_net_sdla_xfer_leak.diff]
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2004-2660
===================================================================
--- patch-tracking/CVE-2004-2660 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2004-2660 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,18 +0,0 @@
-Candidate: CVE-2004-2660
-References:
-Description:
-Notes:
- jmm> This was only covered by MITRE in May 2006
- jmm> Vulnerable code not present in 2.4
-Bugs:
-upstream: released (2.6.10)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: needed
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2005-0001
===================================================================
--- patch-tracking/CVE-2005-0001 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-0001 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,43 +0,0 @@
-Candidate: CVE-2005-0001
-References:
- BUGTRAQ:20050112 Linux kernel i386 SMP page fault handler privilege escalation
- URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110554694522719&w=2
- FULLDISC:20050112 Linux kernel i386 SMP page fault handler privilege escalation
- URL:http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030826.html
- MISC:http://isec.pl/vulnerabilities/isec-0022-pagefault.txt
- CONECTIVA:CLA-2005:930
- URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
- FEDORA:FLSA:2336
- URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
- MANDRAKE:MDKSA-2005:022
- URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
- REDHAT:RHSA-2005:043
- URL:http://www.redhat.com/support/errata/RHSA-2005-043.html
- REDHAT:RHSA-2005:092
- URL:http://www.redhat.com/support/errata/RHSA-2005-092.html
- TRUSTIX:2005-0001
- URL:http://www.trustix.org/errata/2005/0001/
- BUGTRAQ:20050114 [USN-60-0] Linux kernel vulnerabilities
- URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110581146702951&w=2
- XF:linux-fault-handler-gain-privileges(18849)
- URL:http://xforce.iss.net/xforce/xfdb/18849
-Description:
- Race condition in the page fault handler (fault.c) for Linux kernel 2.2.x to
- 2.2.7, 2.4 to 2.4.29, and 2.6 to 2.6.10, when running on multiprocessor
- machines, allows local users to execute arbitrary code via concurrent threads
- that share the same virtual memory space and simultaneously request stack
- expansion.
-Notes:
-Bugs:
-upstream:
-linux-2.6.16:
-linux-2.6:
-2.6.8-sarge-security: released (2.6.8-13) [034-stack_resize_exploit.dpatch]
-2.4.27-sarge-security: released (2.4.27-8) [131_expand_stack_race.diff]
-2.4.19-woody-security: released (2.4.19-4.woody3)
-2.4.18-woody-security: released (2.4.18-14.4)
-2.4.17-woody-security: released (2.4.17-1woody4)
-2.4.16-woody-security: released (2.4.16-1woody3)
-2.4.17-woody-security-hppa: released (32.5)
-2.4.17-woody-security-ia64: released (011226.18)
-2.4.18-woody-security-hppa: released (62.4)
Deleted: patch-tracking/CVE-2005-0003
===================================================================
--- patch-tracking/CVE-2005-0003 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-0003 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,35 +0,0 @@
-Candidate: CVE-2005-0003
-References:
- CONFIRM:http://linux.bkbits.net:8080/linux-2.4/cset@41c36fb6q1Z68WUzKQFjJR-40Ev3tw
- MANDRAKE:MDKSA-2005:022
- URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
- REDHAT:RHSA-2005:043
- URL:http://www.redhat.com/support/errata/RHSA-2005-043.html
- SUSE:SUSE-SA:2005:018
- URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html
- TRUSTIX:2005-0001
- URL:http://www.trustix.org/errata/2005/0001/
- MISC:http://linux.bkbits.net:8080/linux-2.6/cset@41a6721cce-LoPqkzKXudYby_3TUmg
- BID:12261
- URL:http://www.securityfocus.com/bid/12261
- XF:linux-vma-gain-privileges(18886)
- URL:http://xforce.iss.net/xforce/xfdb/18886
-Description:
- The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit
- architectures, does not properly check for overlapping VMA (virtual memory
- address) allocations, which allows local users to cause a denial of service
- (system crash) or execute arbitrary code via a crafted ELF or a.out file.
-Notes:
-Bugs:
-upstream: released (2.6.10)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: released (2.6.8-11) [binfmt-huge-vma-dos2.dpatch]
-2.4.27-sarge-security: released (2.4.27-9) [145_insert_vm_struct-no-BUG.patch]
-2.4.19-woody-security: released (2.4.19-4.woody3)
-2.4.18-woody-security: released (2.4.18-14.4)
-2.4.17-woody-security: released (2.4.17-1woody4)
-2.4.16-woody-security: released (2.4.16-1woody3)
-2.4.17-woody-security-hppa: released (32.5)
-2.4.17-woody-security-ia64: released (011226.18)
-2.4.18-woody-security-hppa: released (62.4)
Deleted: patch-tracking/CVE-2005-0090
===================================================================
--- patch-tracking/CVE-2005-0090 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-0090 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,23 +0,0 @@
-Candidate: CVE-2005-0090
-References:
- A regression error in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split
- patch omits an "access check," which allows local users to cause a denial
- of service (crash).
-Description:
- http://www.redhat.com/support/errata/RHSA-2005-092.html
- http://www.securityfocus.com/bid/12599
- http://xforce.iss.net/xforce/xfdb/20618
-Notes:
- Red Hat specific vulnerability
-Bugs:
-upstream:
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2005-0091
===================================================================
--- patch-tracking/CVE-2005-0091 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-0091 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,23 +0,0 @@
-Candidate: CVE-2005-0091
-References:
- http://www.redhat.com/support/errata/RHSA-2005-092.html
- http://www.securityfocus.com/bid/12599
- http://xforce.iss.net/xforce/xfdb/20619
-Description:
- Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split
- patch, when using the hugemem kernel, allows local users to read and write to
- arbitrary kernel memory and gain privileges via certain syscalls.
-Notes:
- Red Hat specific.
-Bugs:
-upstream: N/A
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2005-0092
===================================================================
--- patch-tracking/CVE-2005-0092 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-0092 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,23 +0,0 @@
-Candidate: CVE-2005-0092
-References:
- http://www.redhat.com/support/errata/RHSA-2005-092.html
- http://www.securityfocus.com/bid/12599
- http://xforce.iss.net/xforce/xfdb/20620
-Description:
- Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split
- patch, when running on x86 with the hugemem kernel, allows local users to
- cause a denial of service (crash).
-Notes:
- Red Hat specific.
-Bugs:
-upstream: N/A
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2005-0135
===================================================================
--- patch-tracking/CVE-2005-0135 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-0135 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,29 +0,0 @@
-Candidate: CVE-2005-0135
-References:
- REDHAT:RHSA-2005:284
- URL:http://www.redhat.com/support/errata/RHSA-2005-284.html
- REDHAT:RHSA-2005:366
- URL:http://www.redhat.com/support/errata/RHSA-2005-366.html
- CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=148868
- CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@41f2beablXVnAs_6fznhhITh1j5hZg
- SECUNIA:15019
- URL:http://secunia.com/advisories/15019
-Description:
- The unw_unwind_to_user function in unwind.c on Itanium (ia64) architectures in
- Linux kernel 2.6 allows local users to cause a denial of service (system
- crash).
-Notes:
- dannf> This is fixed in kernel-patch-2.4.27-ia64
-Bugs:
-upstream: released (linux-2.4.29-ia64-050312.diff, 2.6.11)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: released (2.6.8-14) [ia64-unwind-fix.dpatch]
-2.4.27-sarge-security: released (2.4.27-10)
-2.4.19-woody-security: released (2.4.19-4.woody3)
-2.4.18-woody-security: released (2.4.18-14.4)
-2.4.17-woody-security: released (2.4.17-1woody4)
-2.4.16-woody-security: released (2.4.16-1woody3)
-2.4.17-woody-security-hppa: released (32.5)
-2.4.17-woody-security-ia64: released (011226.18)
-2.4.18-woody-security-hppa: released (62.4)
Deleted: patch-tracking/CVE-2005-0136
===================================================================
--- patch-tracking/CVE-2005-0136 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-0136 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,19 +0,0 @@
-Candidate: CVE-2005-0136
-References:
- ** RESERVED **
-Description:
-Notes:
- dannf> This is fixed in kernel-patch-2.4.27-ia64
-Bugs:
-upstream: released (linux-2.4.29-ia64-050312.diff, 2.6.11)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: released (2.6.8-14) [ia64-ptrace-fixes.dpatch, ia64-ptrace-speedup.dpatch]
-2.4.27-sarge-security: released (2.4.27-10)
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-0137
===================================================================
--- patch-tracking/CVE-2005-0137 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-0137 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,24 +0,0 @@
-Candidate: CVE-2005-0137
-References:
- REDHAT:RHSA-2005:284
- URL:http://www.redhat.com/support/errata/RHSA-2005-284.html
- REDHAT:RHSA-2005:293
- URL:http://www.redhat.com/support/errata/RHSA-2005-293.html
-Description:
- Linux kernel 2.6 on Itanium (ia64) architectures allows local users to cause a
- denial of service via a "missing Itanium syscall table entry."
-Notes:
- dannf> This is actually 2.4 specific - the mitre description is incorrect.
-Bugs:
-upstream: released (2.4.30-rc2)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: released (2.4.27-10) [165_arch-ia64-kernel-missing-sysctl.diff]
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-0176
===================================================================
--- patch-tracking/CVE-2005-0176 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-0176 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,28 +0,0 @@
-Candidate: CVE-2005-0176
-References:
- http://marc.theaimsgroup.com/?l=full-disclosure&m=110846102231365&w=2
- http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
- http://www.redhat.com/support/errata/RHSA-2005-092.html
- http://oval.mitre.org/oval/definitions/data/oval1225.html
- http://www.kernel.org/git/?p=linux/kernel/git/tglx/history.git;a=commit;h=2637792e3d9ae50079238615fd16384a0d393b30
-Description:
- The shmctl function in Linux 2.6.9 and earlier allows local users to unlock
- the memory of other processes, which could cause sensitive memory to be swapped
- to disk, which could allow it to be read by other users once it has been released.
-Notes:
- It appears that 2.6.8 and earlier are not vulnerable as prior to the
- following patch, local users could not effect lock or unlock
- http://www.kernel.org/git/?p=linux/kernel/git/tglx/history.git;a=commit;h=16698c49bbb42567c0bbc528d3820d18885e4642
- That is, only 2.6.10 is effected.
-Bugs:
-upstream:
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2005-0177
===================================================================
--- patch-tracking/CVE-2005-0177 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-0177 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,27 +0,0 @@
-Candidate: CVE-2005-0177
-References:
- CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@41e2bfbeOiXFga62XrBhzm7Kv9QDmQ
- CONECTIVA:CLA-2005:930
- URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
- REDHAT:RHSA-2005:092
- URL:http://www.redhat.com/support/errata/RHSA-2005-092.html
- BUGTRAQ:20050215 [USN-82-1] Linux kernel vulnerabilities
- URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=110846102231365&w=2
-Description:
- nls_ascii.c in Linux before 2.6.8.1 uses an incorrect table size, which allows
- attackers to cause a denial of service (kernel crash) via a buffer overflow.
-Notes:
- dannf> nls_ascii.c isn't in <= 2.4.27
-Bugs:
-upstream: released (2.6.8.1, 2.6.11)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: released (2.6.8-14) [nls-table-overflow.dpatch]
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
-2.4.18-woody-security-hppa: N/A
Deleted: patch-tracking/CVE-2005-0178
===================================================================
--- patch-tracking/CVE-2005-0178 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-0178 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,31 +0,0 @@
-Candidate: CVE-2005-0178
-References:
- CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@41ddda70CWJb5nNL71T4MOlG2sMG8A
- CONECTIVA:CLA-2005:930
- URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
- REDHAT:RHSA-2005:092
- URL:http://www.redhat.com/support/errata/RHSA-2005-092.html
- BUGTRAQ:20050215 [USN-82-1] Linux kernel vulnerabilities
- URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=110846102231365&w=2
-Description:
- Race condition in the setsid function in Linux before 2.6.8.1 allows local
- users to cause a denial of service (crash) and possibly access portions of
- kernel memory, related to TTY changes, locking, and semaphores.
-Notes:
- dannf> Alan Cox suggested that this is not a 2.4 issue:
- Alan> Is it actually needed for 2.4. In the 2.4 case your controlling tty is
- Alan> private not thread group so a setsid() can't race because you can't
- Alan> setsid in the same thread as is opening current->tty.
-Bugs:
-upstream: released (2.6.8.1, 2.6.11)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: released (2.6.8-14) [setsid-race.dpatch]
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
-2.4.18-woody-security-hppa: N/A
Deleted: patch-tracking/CVE-2005-0180
===================================================================
--- patch-tracking/CVE-2005-0180 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-0180 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,29 +0,0 @@
-Candidate: CVE-2005-0180
-References:
- http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030660.html
- http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
- http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:218
- http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:219
- http://www.redhat.com/support/errata/RHSA-2005-092.html
-Description:
- Multiple integer signedness errors in the sg_scsi_ioctl function in
- scsi_ioctl.c for Linux 2.6.x allow local users to read or modify kernel
- memory via negative integers in arguments to the scsi ioctl, which
- bypass a maximum length check before calling the copy_from_user and
- copy_to_user functions.
-Notes:
- jmm> The 2.4.27 version, scsi_ioctl_send_command(), is not affected, as
- jmm> intlen and outlen are unsigned ints
-Bugs:
-upstream:
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: released (2.6.8-12) [031-sg_scsi_ioctl_int_overflows.dpatch]
-2.4.27-sarge-security: N/A
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-0204
===================================================================
--- patch-tracking/CVE-2005-0204 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-0204 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,24 +0,0 @@
-Candidate: CVE-2005-0204
-References:
- REDHAT:RHSA-2005:092
- URL:http://www.redhat.com/support/errata/RHSA-2005-092.html
-Description:
- Linux kernel before 2.6.9, when running on the AMD64 and Intel EM64T
- architectures, allows local users to write to privileged IO ports via the OUTS
- instruction.
-Notes:
- jmm> 190_outs-2.diff had regressions
-Bugs: 296700
-upstream:
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: released (2.6.8-14) [outs.dpatch]
-2.4.27-sarge-security: released (2.4.27-9) [143_outs.diff]
-2.4.27-sid: released (2.4.27-12) [190_outs-2.diff]
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-0207
===================================================================
--- patch-tracking/CVE-2005-0207 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-0207 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,28 +0,0 @@
-Candidate: CVE-2005-0207
-References:
- CONECTIVA:CLA-2005:930
- URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000930
- SUSE:SUSE-SA:2005:003
- URL:http://www.securityfocus.com/advisories/7880
- BID:12330
- URL:http://www.securityfocus.com/bid/12330
- http://www.acm.cs.rpi.edu/~dilinger/patches/2.6.10/as2/linux-2.6.10-as2/026-nfs_o_direct_error.patch
- http://linux.bkbits.net:8080/linux-2.6/cset@41db2d65wbgJvuXTv4x9_quExW0vEA
-Description:
- Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows NFS
- clients to cause a denial of service via O_DIRECT.
-Notes:
- dannf> The vulnerable code doesn't exist in <= 2.4.27
-Bugs:
-upstream: released (2.6.11)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: released (2.6.8-14) [nfs-O_DIRECT-fix.dpatch]
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
-2.4.18-woody-security-hppa: N/A
Deleted: patch-tracking/CVE-2005-0209
===================================================================
--- patch-tracking/CVE-2005-0209 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-0209 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,26 +0,0 @@
-Candidate: CVE-2005-0209
-References:
- BUGTRAQ:20050315 [USN-95-1] Linux kernel vulnerabilities
- URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111091402626556&w=2
- CONECTIVA:CLA-2005:945
- URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000945
- SUSE:SUSE-SA:2005:018
- URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html
- http://oss.sgi.com/archives/netdev/2005-01/msg01072.html
-Description:
- Netfilter in Linux kernel 2.6.8.1 allows remote attackers to cause a denial of
- service (kernel crash) via crafted IP packet fragments.
-Notes:
-Bugs:
-upstream:
-linux-2.6.16:
-linux-2.6:
-2.6.8-sarge-security: released (2.6.8-14) [skb-reset-ip_summed.dpatch]
-2.4.27-sarge-security: released (2.4.27-9) [134_skb_reset_ip_summed.diff]
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-0210
===================================================================
--- patch-tracking/CVE-2005-0210 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-0210 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,26 +0,0 @@
-Candidate: CVE-2005-0210
-References:
- BUGTRAQ:20050315 [USN-95-1] Linux kernel vulnerabilities
- URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111091402626556&w=2
- CONECTIVA:CLA-2005:945
- URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000945
- SUSE:SUSE-SA:2005:018
- URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html
-Description:
- Netfilter in the Linux kernel 2.6.8.1 allows local users to cause a denial of
- service (memory consumption) via certain packet fragments that are reassembled
- twice, which causes a data structure to be allocated twice.
-Notes:
-Bugs:
-upstream:
-linux-2.6.16:
-linux-2.6:
-2.6.8-sarge-security: released (2.6.8-15) [ip_copy_metadata_leak.dpatch, ip6_copy_metadata_leak.dpatch]
-2.4.27-sarge-security: released (2.4.27-9) [146_ip6_copy_metadata_leak.diff, 147_ip_copy_metadata_leak.diff]
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-0384
===================================================================
--- patch-tracking/CVE-2005-0384 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-0384 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,32 +0,0 @@
-Candidate: CVE-2005-0384
-References:
- FEDORA:FLSA:152532
- URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532
- REDHAT:RHSA-2005:283
- URL:http://www.redhat.com/support/errata/RHSA-2005-283.html
- REDHAT:RHSA-2005:284
- URL:http://www.redhat.com/support/errata/RHSA-2005-284.html
- SUSE:SUSE-SA:2005:018
- URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html
- TRUSTIX:2005-0009
- URL:http://www.trustix.org/errata/2005/0009/
- UBUNTU:USN-95-1
- URL:http://www.ubuntulinux.org/support/documentation/usn/usn-95-1
-Description:
- Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 allows
- remote attackers to cause a denial of service (kernel crash) via a pppd
- client.
-Notes:
-Bugs:
-upstream:
-linux-2.6.16:
-linux-2.6:
-2.6.8-sarge-security: released (2.6.8-15) [drivers-net-ppp_async-fix-dos.dpatch]
-2.4.27-sarge-security: released (2.4.27-9) [153_ppp_async_dos.diff]
-2.4.19-woody-security: released (2.4.19-4.woody3)
-2.4.18-woody-security: released (2.4.18-14.4)
-2.4.17-woody-security: released (2.4.17-1woody4)
-2.4.16-woody-security: released (2.4.16-1woody3)
-2.4.17-woody-security-hppa: released (32.5)
-2.4.17-woody-security-ia64: released (011226.18)
-2.4.18-woody-security-hppa: released (62.4)
Deleted: patch-tracking/CVE-2005-0400
===================================================================
--- patch-tracking/CVE-2005-0400 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-0400 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,33 +0,0 @@
-Candidate: CVE-2005-0400
-References:
- BUGTRAQ:20050401 Information leak in the Linux kernel ext2 implementation
- URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111238764720696&w=2
- MISC:http://arkoon.net/advisories/ext2-make-empty-leak.txt
- FEDORA:FLSA:152532
- URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532
- UBUNTU:USN-103-1
- URL:http://www.ubuntulinux.org/support/documentation/usn/usn-103-1
- XF:kernel-ext2-information-disclosure(19866)
- URL:http://xforce.iss.net/xforce/xfdb/19866
- CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.6
- SECUNIA:14713
- URL:http://secunia.com/advisories/14713/
-Description:
- The ext2_make_empty function call in the Linux kernel before 2.6.11.6 does not
- properly initialize memory when creating a block for a new directory entry,
- which allows local users to obtain potentially sensitive information by
- reading the block.
-Notes:
-Bugs: 301799 303294
-upstream: released (2.6.11.6)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: released (2.6.8-16) [fs-ext2-info-leak.dpatch]
-2.4.27-sarge-security: released (2.4.27-10) [156_fs-ext2-info-leak.diff]
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-0449
===================================================================
--- patch-tracking/CVE-2005-0449 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-0449 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,21 +0,0 @@
-Candidate: CVE-2005-0449
-References:
- http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0449
- http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1e01441051dda3bb01c455b6e20bce6d00563\d82
- http://oss.sgi.com/archives/netdev/2005-01/msg01107.html
-Description:
- The netfilter/iptables module in Linux before 2.6.8.1 allows remote attackers to
- cause a denial of service (kernel crash) or bypass firewall rules via crafted
- packets, which are not properly handled by the skb_checksum_help function.
-Notes:
- ** CHANGES ABI **
- ipv4-fragment-queues-[1,2,2.1].dpatch are in sarge's 2.6.8.
- ipv4-fragment-queues-[3,4].dpatch are awaiting an ABI event
- .
- 150_private_fragment_queues-[1,2].diff are awaiting a 2.4.27 ABI event
-Bugs:
-upstream: released (2.6.8.1)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: released (2.6.8-16sarge2) [ipv4-fragment-queues-1.dpatch, ipv4-fragment-queues-2.dpatch, ipv4-fragment-queues-3.dpatch, ipv4-fragment-queues-4.dpatch]
-2.4.27-sarge-security: released (2.4.27-10sarge2) [150_private_fragment_queues-1.diff, 150_private_fragment_queues-2.diff]
Deleted: patch-tracking/CVE-2005-0528
===================================================================
--- patch-tracking/CVE-2005-0528 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-0528 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,29 +0,0 @@
-Candidate: CVE-2005-0528
-References:
-Description:
-Notes:
- From Joey's 2.4.18-14.4 changelog:
- * Applied patch by Andrea Arcangeli from 2.4.24 to fix privilege
- escalation in the mremap() syscall [mm/mremap.c, CAN-2004-nnnn]
- jmm> Isn't this CVE-2004-0077?
- dannf> Looks like this is a different issue. Joey's patch is here:
- http://klecker.debian.org/~joey/security/kernel/patches/patch.CAN-2005-0528.mremap
- dannf> But it doesn't look like mitre has released the details yet:
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0528
- jmm> The patch is merged as of 2.4.27, but I'm not sure at which exact version
- dannf> It looks like this would apply to 2.6, but isn't necessary because
- dannf> its already fixed in a different way. 2.6 checks for a 0 new_len
- dannf> earlier and errors out
- jmm> This turned out to be a dupe of CVE-2003-0985
-Bugs:
-upstream: N/A
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: released (2.4.19-4.woody3)
-2.4.18-woody-security: released (2.4.18-14.4)
-2.4.17-woody-security: released (2.4.17-1woody4)
-2.4.16-woody-security: released (2.4.16-1woody3)
-2.4.17-woody-security-hppa: released (32.5)
-2.4.17-woody-security-ia64: released (011226.18)
Deleted: patch-tracking/CVE-2005-0529
===================================================================
--- patch-tracking/CVE-2005-0529 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-0529 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,32 +0,0 @@
-Candidate: CVE-2005-0529
-References:
- FULLDISC:20050215 linux kernel 2.6 fun. windoze is a joke
- URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=110846727602817&w=2
- MISC:http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html
- CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@4201818eC6aMn0x3GY_9rw3ueb2ZWQ
- CONECTIVA:CLA-2005:930
- URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
- SUSE:SUSE-SA:2005:018
- URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html
- BUGTRAQ:20050315 [USN-95-1] Linux kernel vulnerabilities
- URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111091402626556&w=2
-Description:
- Linux kernel 2.6.10 and 2.6.11rc1-bk6 uses different size types for offset
- arguments to the proc_file_read and locks_read_proc functions, which leads to
- a heap-based buffer overflow when a signed comparison causes negative integers
- to be used in a positive context.
-Notes:
- dannf> 2.4 doesn't do the signed cast, so it shouldn't be vulnerable
-Bugs:
-upstream: released (2.6.11)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: released (2.6.8-14) [115-proc_file_read_nbytes_signedness_fix.dpatch]
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
-2.4.18-woody-security-hppa: N/A
Deleted: patch-tracking/CVE-2005-0530
===================================================================
--- patch-tracking/CVE-2005-0530 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-0530 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,39 +0,0 @@
-Candidate: CVE-2005-0530
-References:
- FULLDISC:20050215 linux kernel 2.6 fun. windoze is a joke
- URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=110846727602817&w=2
- MISC:http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html
- CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@420181322LZmhPTewcCOLkubGwOL3w
- CONECTIVA:CLA-2005:930
- URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
- SUSE:SUSE-SA:2005:018
- URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html
- BUGTRAQ:20050315 [USN-95-1] Linux kernel vulnerabilities
- URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111091402626556&w=2
-Description:
- Signedness error in the copy_from_read_buf function in n_tty.c for Linux
- kernel 2.6.10 and 2.6.11rc1 allows local users to read kernel memory via a
- negative argument.
-Notes:
- dannf> This doesn't affect 2.4:
- marcello> v2.4 does not suffer from the issue mentioned by Guninski because
- marcello> the first argument of the arithmetic comparison is not casted
- marcello> to a "signed" value:
- .
- marcello> n = min((ssize_t)*nr, n);
- .
- marcello> That was the problem in v2.6, where an unsigned value bigger than
- marcello> 2^31 would be treated as a negative signed.
-Bugs:
-upstream: released (2.6.11)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: released (2.6.8-14) [116-n_tty_copy_from_read_buf_signedness_fixes.dpatch]
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
-2.4.18-woody-security-hppa: N/A
Deleted: patch-tracking/CVE-2005-0531
===================================================================
--- patch-tracking/CVE-2005-0531 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-0531 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,21 +0,0 @@
-Candidate: CVE-2005-0531
-References:
- FULLDISC:20050215 linux kernel 2.6 fun. windoze is a joke
- URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=110846727602817&w=2
- MISC:http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html
- CONFIRM:http://linux.bkbits.net:8080/linux-2.6/gnupatch@4208e1fcfccuD-eH2OGM5mBhihmQ3A
- CONECTIVA:CLA-2005:930
- URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
- BUGTRAQ:20050315 [USN-95-1] Linux kernel vulnerabilities
- URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111091402626556&w=2
-Description:
- The atm_get_addr function in addr.c for Linux kernel 2.6.10 and 2.6.11 before
- 2.6.11-rc4 may allow local users to trigger a buffer overflow via negative
- arguments.
-Notes:
-Bugs:
-upstream: released (2.6.11-rc4)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: released (2.6.8-14) [123-atm_get_addr_signedness_fix.dpatch]
-2.4.27-sarge-security: released (2.4.27-9) [151_atm_get_addr_signedness_fix.diff]
Deleted: patch-tracking/CVE-2005-0532
===================================================================
--- patch-tracking/CVE-2005-0532 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-0532 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,30 +0,0 @@
-Candidate: CVE-2005-0532
-References:
- FULLDISC:20050215 linux kernel 2.6 fun. windoze is a joke
- URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=110846727602817&w=2
- MISC:http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html
- CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@42018227TkNpHlX6BefnItV_GqMmzQ
- SUSE:SUSE-SA:2005:018
- URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html
- BUGTRAQ:20050315 [USN-95-1] Linux kernel vulnerabilities
- URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111091402626556&w=2
-Description:
- The reiserfs_copy_from_user_to_file_region function in reiserfs/file.c for
- Linux kernel 2.6.10 and 2.6.11 before 2.6.11-rc4, when running on 64-bit
- architectures, may allow local users to trigger a buffer overflow as a result
- of casting discrepancies between size_t and int data types.
-Notes:
- dannf> Vulnerable code didn't exist in 2.4
-Bugs:
-upstream: released (2.6.11-rc3)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: released (2.6.8-14) [117-reiserfs_file_64bit_size_t_fixes.dpatch]
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
-2.4.18-woody-security-hppa: N/A
Deleted: patch-tracking/CVE-2005-0736
===================================================================
--- patch-tracking/CVE-2005-0736 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-0736 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,23 +0,0 @@
-Candidate: CVE-2005-0736
-References:
- http://lists.grok.org.uk/pipermail/full-disclosure/2005-March/032314.html
- http://linux.bkbits.net:8080/linux-2.6/cset@422dd06a1p5PsyFhoGAJseinjEq3ew?nav=index.html|ChangeSet@-1d
- http://www.novell.com/linux/security/advisories/2005_18_kernel.html
- http://www.ubuntulinux.org/support/documentation/usn/usn-95-1
- http://www.securityfocus.com/bid/12763
-Description:
- Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11
- allows local users to overwrite kernel memory via a large number of events.
-Notes: 2.4.* doesn't have epoll()
-Bugs:
-upstream: released (2.6.11.2)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2005-0749
===================================================================
--- patch-tracking/CVE-2005-0749 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-0749 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,29 +0,0 @@
-Candidate: CVE-2005-0749
-References:
- FEDORA:FLSA:152532
- URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532
- UBUNTU:USN-103-1
- URL:http://www.ubuntulinux.org/support/documentation/usn/usn-103-1
- CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.6
- SECUNIA:14713
- URL:http://secunia.com/advisories/14713/
- XF:kernel-loadelflibrary-dos(19867)
- URL:http://xforce.iss.net/xforce/xfdb/19867
-Description:
- The load_elf_library in the Linux kernel before 2.6.11.6 allows local users to
- cause a denial of service (kernel crash) via a crafted ELF library or
- executable, which causes a free of an invalid pointer.
-Notes:
-Bugs: 301799, 303498
-upstream: released (2.6.11.6)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: released (2.6.8-16) [fs-binfmt_elf-dos.dpatch]
-2.4.27-sarge-security: released (2.4.27-10) [158_fs-binfmt_elf-dos.diff]
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-0750
===================================================================
--- patch-tracking/CVE-2005-0750 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-0750 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,33 +0,0 @@
-Candidate: CVE-2005-0750
-References:
- BUGTRAQ:20050327 local root security bug in linux >= 2.4.6 <= 2.4.30-rc1 and 2.6.x.y <= 2.6.11.5
- URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111204562102633&w=2
- FULLDISC:20050327 local root security bug in linux >= 2.4.6 <= 2.4.30-rc1 and 2.6.x.y <= 2.6.11.5
- URL:http://lists.grok.org.uk/pipermail/full-disclosure/2005-March/032913.html
- FEDORA:FLSA:152532
- URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532
- REDHAT:RHSA-2005:283
- URL:http://www.redhat.com/support/errata/RHSA-2005-283.html
- REDHAT:RHSA-2005:284
- URL:http://www.redhat.com/support/errata/RHSA-2005-284.html
- XF:kernel-bluezsockcreate-integer-underflow(19844)
- URL:http://xforce.iss.net/xforce/xfdb/19844
-Description:
- The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6
- through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain
- privileges via (1) socket or (2) socketpair call with a negative protocol
- value.
-Notes:
-Bugs: 301799
-upstream: released (2.6.11.5)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: released (2.6.8-16) [net-bluetooth-signdness-fix.dpatch]
-2.4.27-sarge-security: released (2.4.27-10) [155_net-bluetooth-signdness-fix.diff]
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-0756
===================================================================
--- patch-tracking/CVE-2005-0756 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-0756 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,20 +0,0 @@
-Candidate: CVE-2005-0756
-References:
- http://www.ubuntulinux.org/support/documentation/usn/usn-137-1
-Description:
- ptrace 2.6.8.1 does not properly verify addresses on the amd64 platform,
- which allows local users to cause a denial of service (kernel crash).
-Notes:
-Bugs:
-upstream:
-linux-2.6.16:
-linux-2.6:
-2.6.8-sarge-security: released (2.6.8-16sarge1) [arch-x86_64-kernel-ptrace-canonical-rip-2.dpatch]
-2.4.27-sarge-security: released (2.4.27-10sarge1)
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-0757
===================================================================
--- patch-tracking/CVE-2005-0757 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-0757 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,22 +0,0 @@
-Candidate: CVE-2005-0757
-References:
-Description:
- source: Trawled out of Red Hat's kernel-2.4.21-32.0.1.EL.src.rpm by Horms
- inclusion: upstream code has been reworked and doesn't appear vulnerable
- descrition: on 64 bit architectures incorrect handling of xattr offsets
- may cause a local DoS
- revision date: Fri, 29 Jul 2005 12:04:57 +0900
-Notes:
-Bugs:
-upstream:
-2.4.27-sarge-security: released (2.4.27-10sarge1)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: released (2.6.8-16sarge1) [fs-ext3-64bit-offset.dpatch]
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-0767
===================================================================
--- patch-tracking/CVE-2005-0767 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-0767 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,23 +0,0 @@
-Candidate: CVE-2005-0767
-References:
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000945
- http://www.ubuntulinux.org/support/documentation/usn/usn-95-1
-Description:
- Race condition in the Radeon DRI driver for Linux kernel 2.6.8.1 allows
- local users with DRI privileges to execute arbitrary code as root.
-Notes:
- horms> For the record:
- horms> The patch seems to already be present in 2.6.11.
- horms> And the bug does not seem to be present in 2.4.27.
-Bugs: 297203
-upstream: released (2.6.11-rc4)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: released (2.6.8-15)
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2005-0815
===================================================================
--- patch-tracking/CVE-2005-0815 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-0815 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,29 +0,0 @@
-Candidate: CVE-2005-0815
-References:
- BUGTRAQ:20050317 Linux ISO9660 handling flaws
- URL:http://www.securityfocus.com/archive/1/393590
- CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.12-rc1
- FEDORA:FLSA:152532
- URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532
- BID:12837
- URL:http://www.securityfocus.com/bid/12837
- XF:kernel-iso9660-filesystem(19741)
- URL:http://xforce.iss.net/xforce/xfdb/19741
-Description:
- Multiple "range checking flaws" in the ISO9660 filesystem handler in Linux
- 2.6.11 and earlier may allow attackers to cause a denial of service or corrupt
- memory via a crafted filesystem.
-Notes:
-Bugs: 301799
-upstream: released (2.6.12-rc1)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: released (2.6.8-16) [fs-isofs-range-check-1.dpatch, fs-isofs-range-check-2.dpatch, fs-isofs-range-check-3.dpatch]
-2.4.27-sarge-security: released (2.4.27-10) [157_fs-isofs-range-check-1.diff, 157_fs-isofs-range-check-2.diff, 157_fs-isofs-range-check-3.diff]
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-0839
===================================================================
--- patch-tracking/CVE-2005-0839 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-0839 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,24 +0,0 @@
-Candidate: CVE-2005-0839
-References:
- MLIST:[linux-kernel] 20050301 Re: Breakage from patch: Only root should be able to set the N_MOUSE line discipline.
- URL:http://www.mail-archive.com/linux-kernel@vger.kernel.org/msg64704.html
- MISC:http://linux.bkbits.net:8080/linux-2.6/cset@41fa6464E1UuGu6zmketEYxm73KSyQ
-Description:
- Linux kernel 2.6 before 2.6.11 does not restrict access to the N_MOUSE line
- discipline for a TTY, which allows local users to gain privileges by injecting
- mouse or keyboard events into other user sessions.
-Notes:
- dannf> This file isn't in <= 2.4.27
-Bugs: 301372
-upstream: released (2.6.11)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: released (2.6.8-16) [drivers-input-serio-nmouse.dpatch]
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
-2.4.18-woody-security-hppa: N/A
Deleted: patch-tracking/CVE-2005-0867
===================================================================
--- patch-tracking/CVE-2005-0867 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-0867 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,23 +0,0 @@
-Candidate: CVE-2005-0867
-References:
- http://www.novell.com/linux/security/advisories/2005_18_kernel.html
-Description:
- Integer overflow in Linux kernel 2.6 allows local users to overwrite kernel
- memory by writing to a sysfs file.
-Notes:
- horms> The Debian Packages for 2.6.8 and 2.6.11 do not appear to
- horms> have this bug. 2.4.27 does not include sysfs, and thus
- horma> also does not have this bug.
- jmm> The patch for the vulnerability in question can be found in the BTS
-Bugs: 306137
-upstream:
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2005-0916
===================================================================
--- patch-tracking/CVE-2005-0916 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-0916 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,23 +0,0 @@
-Candidate: CVE-2005-0916
-References:
- http://groups-beta.google.com/group/linux.kernel/browse_thread/thread/13b43bd5783842f6/7ce3c5a514a497ab
- http://linux.bkbits.net:8080/linux-2.6/cset%404248c8c0es30_4YVdwa6vteKi7h_nw
- http://www.novell.com/linux/security/advisories/2005_50_kernel.html
-Description:
- AIO in the Linux kernel 2.6.11 on the PPC64 or IA64 architectures with
- CONFIG_HUGETLB_PAGE enabled allows local panic) via a process that executes
- the io_queue_init function but exits without running io_queue_release, which
- to fail.
-Notes:
-Bugs:
-upstream: released (2.6.12)
-linux-2.6.16:
-linux-2.6: released (2.6.12-1)
-2.6.8-sarge-security: released (2.6.8-16) [arch-ppc64-hugepage-aio-panic.dpatch]
-2.4.27-sarge-security: N/A
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
Deleted: patch-tracking/CVE-2005-1041
===================================================================
--- patch-tracking/CVE-2005-1041 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-1041 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,23 +0,0 @@
-Candidate: CVE-2005-1041
-References:
- http://marc.theaimsgroup.com/?l=bk-commits-head&m=111186506706769&w=2
-Description:
- The fib_seq_start function in fib_hash.c in Linux kernel allows local
- users to cause a denial of service (system crash) via /proc/net/route.
-Notes:
- horms> 2.4.27 is not effected by 304548 as the buggy code is a complete
- horms> rework for 2.6. I looked over the way that proc/route is handled
- horms> for 2.4.27, and it seems fine.
-Bugs: 304548
-upstream: released (2.6.11.5)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: released (2.6.8-16)
-2.4.27-sarge-security: N/A
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-1263
===================================================================
--- patch-tracking/CVE-2005-1263 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-1263 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,29 +0,0 @@
-Candidate: CVE-2005-1263
-References:
- BUGTRAQ:20050511 Linux kernel ELF core dump privilege elevation
- URL:http://www.securityfocus.com/archive/1/397966
- MISC:http://www.isec.pl/vulnerabilities/isec-0023-coredump.txt
- FRSIRT:ADV-2005-0524
- URL:http://www.frsirt.com/english/advisories/2005/0524
- OVAL:OVAL1122
- URL:http://oval.mitre.org/oval/definitions/data/oval1122.html
-Description:
- The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to
- 2.2.27-rc2, 2.4.x to 2.4.31-pre1, and 2.6.x to 2.6.12-rc4 allows local users
- to execute arbitrary code via an ELF binary that, in certain conditions
- involving the create_elf_tables function, causes a negative length argument
- to pass a signed integer comparison, leading to a buffer overflow.
-Notes:
-Bugs:
-upstream: released (2.2.27-rc2, 2.4.31-pre1, 2.6.12-rc4)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: released (2.6.8-16)
-2.4.27-sarge-security: released (2.4.27-10)
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-1368
===================================================================
--- patch-tracking/CVE-2005-1368 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-1368 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,24 +0,0 @@
-Candidate: CVE-2005-1368
-References:
- http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.8
- http://linux.bkbits.net:8080/linux-2.6/cset%40423078fafVa6mAyny23YZ87hDipmTw
-Description:
- The key_user_lookup function in security/keys/key.c in Linux kernel 2.6.10 to 2.6.11.8 may allow
- attackers to cause a denial of service (oops) via SMP.
-Notes:
- horms> The fix for CAN-2005-1368 is in SVN for 2.6.11.
- horms> The code that this bug manifests in is not present
- horms> in 2.6.8 or 2.4.27.
- jmm> The code in question isn't present in Woody either
-Bugs:
-upstream: released (2.6.11.8)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2005-1369
===================================================================
--- patch-tracking/CVE-2005-1369 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-1369 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,25 +0,0 @@
-Candidate: CVE-2005-1369
-References:
- http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.8
- http://lkml.org/lkml/2005/4/20/159
-Description:
- The (1) it87 and (2) via686a drivers in I2C for Linux 2.6.x before 2.6.11.8,
- and 2.6.12 before 2.6.12-rc2, create the sysfs "alarms" file with write
- permissions, which allows local users to cause a denial of service (CPU
- consumption) by attempting to write to the file, which does not have an
- associated store function.
-Notes:
- jmm> These drivers are not present in 2.4
-Bugs: 307552
-upstream: released (2.6.11.8)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: released (2.6.8-16)
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
-2.4.18-woody-security-hppa: N/A
Deleted: patch-tracking/CVE-2005-1589
===================================================================
--- patch-tracking/CVE-2005-1589 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-1589 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,37 +0,0 @@
-Candidate: CVE-2005-1589
-References:
- http://marc.theaimsgroup.com/?l=linux-kernel&m=111630531515901&w=2
- http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0045.html
- http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0046.html
- http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0047.html
- http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.10
- http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:219
- http://www.frsirt.com/english/advisories/2005/0557
-Description:
- The pkt_ioctl function in the pktcdvd block device ioctl handler (pktcdvd.c)
- in Linux kernel 2.6.12-rc4 and earlier calls the wrong function before
- passing an ioctl to the block device, which crosses security boundaries by
- making kernel address space accessible from user space and allows local users
- to cause a denial of service and possibly execute arbitrary code, a similar
- vulnerability to CVE-2005-1264.
-Notes:
- horms> (discussing this and a similar problem):
- horms> 2.6.8 is only vulnerable to the raw ioctl problem,
- horms> which I believe is CAN-2005-1264.
- horms> (unstable/testing-proposed-updates) and sarge-security
- horms> (testing-security) branches and it should appear in 2.6.8-16 and
- horms> 2.6.8-15sarge1 respectively.
- horms> 2.4.27 does not appear to be vulnerable to either of these problems.
-Bugs: 309429
-upstream: released (2.6.11.10), released (2.6.12-rc5)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: released (2.6.8-16)
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
-2.4.18-woody-security-hppa: N/A
Deleted: patch-tracking/CVE-2005-1761
===================================================================
--- patch-tracking/CVE-2005-1761 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-1761 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,26 +0,0 @@
-Candidate: CVE-2005-1761
-References:
- http://www.novell.com/linux/security/advisories/2005_44_kernel.html
- http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4ea78729b8dbfc400fe165a57b90a394a7275a54
-Description:
- Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users
- to cause a denial of service (kernel crash) via ptrace and the
- restore_sigcontext function.
-Notes:
- jmm> This uses arch-ia64-ptrace-restore_sigcontext.dpatch, correct?
- dannf> 2.4 patch for ia64 from SuSE in: CVE-2005-1761-linux24.patch
- dannf> Unfortunately, its against an older 2.4, so this doesn't apply
- dannf> trivially
-Bugs:
-upstream: released (2.6.12.1)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: released (2.6.8-16sarge1) [arch-x86_64-private-tss.dpatch, arch-x86_64-nmi.dpatch, arch-ia64-ptrace-getregs-putregs.dpatch, arch-ia64-ptrace-restore_sigcontext.dpatch]
-2.4.27-sarge-security: released (2.4.27-10sarge2) [204_arch-ia64-ptrace-getregs-putregs.diff, 205_arch-ia64-ptrace-restore_sigcontext.diff]
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-1762
===================================================================
--- patch-tracking/CVE-2005-1762 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-1762 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,23 +0,0 @@
-Candidate: CVE-2005-1762
-References:
- http://www.novell.com/linux/security/advisories/2005_29_kernel.html
- http://www.ubuntulinux.org/support/documentation/usn/usn-143-1
- http://secunia.com/advisories/15786
-Description:
- The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64
- platform allows local users to cause a denial of service (kernel
- crash) via a "non-canonical" address.
-Notes:
-Bugs:
-upstream: released (2.6.12-rc5)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: released (2.6.8-16sarge1) [arch-x86_64-kernel-ptrace-canonical-rip-1.dpatch]
-2.4.27-sarge-security: released (2.4.27-10sarge1) [169_arch-x86_64-kernel-ptrace-canonical-rip-1.dpatch]
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-1763
===================================================================
--- patch-tracking/CVE-2005-1763 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-1763 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,23 +0,0 @@
-Candidate: CVE-2005-1763
-References:
- http://www.novell.com/linux/security/advisories/2005_29_kernel.html
-Description:
- Buffer overflow in ptrace in the Linux Kernel for 64-bit architectures allows
- local users to write bytes into kernel memory.
-Notes:
- dannf> The patch we have is only for x86_64. This code was very different
- dannf> in 2.4, and we don't ship 2.4/amd64, so we can probably drop this one.
- dannf> The question is, does this affect other 64-bit archs?
-Bugs:
-upstream: released (2.6.12-rc5)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: released (2.6.8-16sarge1) [arch-x86_64-kernel-ptrace-boundary-check.dpatch]
-2.4.27-sarge-security: ignored (2.4.27-10sarge4)
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-1764
===================================================================
--- patch-tracking/CVE-2005-1764 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-1764 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,31 +0,0 @@
-Candidate: CVE-2005-1764
-References:
- URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1764
- Final-Decision:
- Interim-Decision:
- Modified:
- Proposed:
- Assigned: 20050531
- Category: SF
- CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=637716a3825e186555361574aa1fa3c0ebf8018b
- CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=637716a3825e186555361574aa1fa3c0ebf8018bReference: SUSE:SUSE-SA:2005:029
- URL:http://freshmeat.net/articles/view/1678/
-Description:
- Linux 2.6.11 on 64-bit x86 (x86_64) platforms does not use a guard
- page for the 47-bit address page to protect against an AMD K8 bug,
- which allows local users to cause a denial of service.
-Notes:
- horms> I believe that only 2.6.11 is vulnerable to this
-upstream: released (2.6.11.11)
-2.6.8-sarge-security: N/A
-2.4.27-sid/sarge: N/A
-2.4.27-sarge-security: N/A
-linux-2.6.16:
-linux-2.6: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
-2.4.18-woody-security-hppa: N/A
Deleted: patch-tracking/CVE-2005-1765
===================================================================
--- patch-tracking/CVE-2005-1765 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-1765 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,25 +0,0 @@
-Candidate: CVE-2005-1765
-References:
- http://www.novell.com/linux/security/advisories/2005_29_kernel.html
- http://www.ubuntulinux.org/support/documentation/usn/usn-143-1
-Description:
- syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform,
- when running in 32-bit compatibility mode, allows local users to cause
- a denial of service (kernel hang) via crafted arguments.
-Notes:
- jmm> I've extracted the patch from the Ubuntu update (CVE-2005-1765.patch)
- dannf> This code was very different in 2.4, and we don't ship 2.4/amd64, so
- I'll mark 2.4 N/A
-Bugs:
-upstream:
-linux-2.6.16:
-linux-2.6:
-2.6.8-sarge-security: released (2.6.8-16sarge1) [arch-x86_64-mm-mmap.dpatch]
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
-2.4.18-woody-security-hppa: N/A
Deleted: patch-tracking/CVE-2005-1767
===================================================================
--- patch-tracking/CVE-2005-1767 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-1767 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,24 +0,0 @@
-Candidate: CVE-2005-1767
-References:
- CONFIRM:http://kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=51e31546a2fc46cb978da2ee0330a6a68f07541e
- http://www.novell.com/linux/security/advisories/2005_44_kernel.html
- http://www.ubuntu.com/usn/usn-187-1
-Description:
- traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment faults on an exception
- stack, which allows local users to cause a denial of service (oops and stack fault exception).
-Notes:
- This is already fixed in 2.6 and added for completeness.
- Horms> This is amd64 specific, and thus should not affect 2.4
-Bugs:
-upstream: released (2.6.12, 2.4.32)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: released (2.6.8-16sarge1) [arch-x86_64-kernel-stack-faults.dpatch, arch-x86_64-nmi.dpatch, arch-x86_64-kernel-stack-faults.dpatch]
-2.4.27-sarge-security: released (2.4.27-10sarge1) [181_arch-x86_64-kernel-stack-faults.diff]
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
-2.4.18-woody-security-hppa: N/A
Deleted: patch-tracking/CVE-2005-1768
===================================================================
--- patch-tracking/CVE-2005-1768 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-1768 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,35 +0,0 @@
-Candidate: CVE-2005-1768
-References:
- URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1768
- Final-Decision:
- Interim-Decision:
- Modified:
- Proposed:
- Assigned: 20050531
- Category: SF
- BUGTRAQ:20050711 [ Suresec Advisories ] - Linux kernel ia32 compatibility (ia64/x86-64)
- URL:http://marc.theaimsgroup.com/?l=bugtraq&m=112110120216116&w=2
- MISC:http://www.suresec.org/advisories/adv4.pdf
-Description:
- Race condition in the ia32 compatibility code for the execve system
- call in Linux kernel 2.4 before 2.4.31 and 2.6 before 2.6.6 allows
- local users to cause a denial of service (kernel panic) and possibly
- execute arbitrary code via a concurrent thread that increments a
- pointer count after the nargs function has counted the pointers, but
- before the count is copied from user space to kernel space, which
- leads to a buffer overflow.
-Notes:
- 167_arch-ia64-x86_64_execve.diff (note 2.4 is not supported for amd64)
-upstream: released (2.4.31, 2.6.6)
-2.6.8-sarge-security: N/A
-2.4.27-sid/sarge: released (2.4.27-11)
-2.4.27-sarge-security: released (2.4.27-10sarge1)
-linux-2.6.16:
-linux-2.6: N/A
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-1913
===================================================================
--- patch-tracking/CVE-2005-1913 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-1913 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,38 +0,0 @@
-Candidate: CVE-2005-1913
-References:
- URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1913
- Final-Decision:
- Interim-Decision:
- Modified:
- Proposed:
- Assigned: 20050608
- Category: SF
- CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.1
- UBUNTU:USN-178-1
- URL:http://www.ubuntu.com/usn/usn-178-1
- BID:14054
- URL:http://www.securityfocus.com/bid/14054
- SECUNIA:15786
- URL:http://secunia.com/advisories/15786/
- XF:kernel-subthread-dos(21138)
- URL:http://xforce.iss.net/xforce/xfdb/21138
-Description:
- The Linux kernel 2.6 before 2.6.12.1 allows local users to cause a
- denial of service (kernel panic) via a non group-leader thread
- executing a different program than was pending in itimer, which causes
- the signal to be delivered to the old group-leader task, which does
- not exist.
-Notes:
-upstream: released (2.6.12.1)
-2.6.8-sarge-security: N/A
-2.4.27-sid/sarge: N/A
-2.4.27-sarge-security: N/A
-linux-2.6.16:
-linux-2.6: released (2.6.12-1) [linux-2.6.12.1.patch]
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-2098
===================================================================
--- patch-tracking/CVE-2005-2098 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-2098 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,34 +0,0 @@
-Candidate: CVE-2005-2098
-References:
- URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2098
- Final-Decision:
- Interim-Decision:
- Modified:
- Proposed:
- Assigned: 20050630
- Category: SF
- CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5
- UBUNTU:USN-169-1
- URL:http://www.ubuntulinux.org/support/documentation/usn/usn-169-1
- SECUNIA:16355
- URL:http://secunia.com/advisories/16355/
-Description:
- The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before
- 2.6.12.5 contains an error path that does not properly release the
- session management semaphore, which allows local users or remote
- attackers to cause a denial of service (semaphore hang) via a new
- session keyring (1) with an empty name string, (2) with a long name
- string, (3) with the key quota reached, or (4) ENOMEM.
-upstream: released (2.6.12.5)
-2.6.8-sarge-security: N/A
-2.4.27-sid/sarge: N/A
-2.4.27-sarge-security: N/A
-linux-2.6.16:
-linux-2.6: released (2.6.12-3) [linux-2.6.12.5.patch]
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-2099
===================================================================
--- patch-tracking/CVE-2005-2099 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-2099 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,33 +0,0 @@
-Candidate: CVE-2005-2099
-References:
- URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2099
- Final-Decision:
- Interim-Decision:
- Modified:
- Proposed:
- Assigned: 20050630
- Category: SF
- CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5
- UBUNTU:USN-169-1
- URL:http://www.ubuntulinux.org/support/documentation/usn/usn-169-1
- SECUNIA:16355
- URL:http://secunia.com/advisories/16355/
-Description:
- The Linux kernel before 2.6.12.5 does not properly destroy a keyring
- that is not instantiated properly, which allows local users or remote
- attackers to cause a denial of service (kernel oops) via a keyring
- with a payload that is not empty, which causes the creation to fail,
- leading toa null dereference in the keyring destructor.
-upstream: released (2.6.12.5)
-2.6.8-sarge-security: N/A
-2.4.27-sid/sarge: N/A
-2.4.27-sarge-security: N/A
-linux-2.6.16:
-linux-2.6: released (2.6.12-3) [linux-2.6.12.5.patch]
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-2100
===================================================================
--- patch-tracking/CVE-2005-2100 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-2100 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,25 +0,0 @@
-Candidate: CVE-2005-2100
-References:
- CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=165547
- REDHAT:RHSA-2005:514
- URL:http://www.redhat.com/support/errata/RHSA-2005-514.html
-Description:
- The rw_vm function in usercopy.c in the 4GB split patch for the Linux kernel in
- Red Hat Enterprise Linux 4 does not perform proper bounds checking, which allows
- local users to cause a denial of service (crash).
-Notes:
- horms> This is a bug in the Red Hat 4G/4G patch, and doesn't appear
- in Upstream or Debian Kernels.
-Bugs:
-upstream:
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-2456
===================================================================
--- patch-tracking/CVE-2005-2456 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-2456 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,33 +0,0 @@
-Candidate: CVE-2005-2456
-References:
- http://www.mail-archive.com/netdev@vger.kernel.org/msg00520.html
- http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a4f1bac62564049ea4718c4624b0fadc9f597c84
- http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blobdiff;h=8da3e25b2c4c1f305fd85428d3a9eb62b543bfba;hp=ecade4893a139cc35d4fe345ce70242ede5358c4;hb=a4f1bac62564049ea4718c4624b0fadc9f597c84;f=net/xfrm/xfrm_user.c
- http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:219
- http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:220
- http://www.ubuntulinux.org/support/documentation/usn/usn-169-1
- http://www.novell.com/linux/security/advisories/2005_50_kernel.html
- http://www.securityfocus.com/bid/14477
- http://secunia.com/advisories/16298
- http://secunia.com/advisories/16500
- http://xforce.iss.net/xforce/xfdb/21710
-Description:
- Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c
- in Linux kernel 2.6 allows local users to cause a denial of service (oops
- or deadlock) and possibly execute arbitrary code via a p->dir value that is
- larger than XFRM_POLICY_OUT, which is used as an index in the sock->sk_policy
- array.
-Notes:
-Bugs: 321401
-upstream:
-linux-2.6.16:
-linux-2.6: released (2.6.12-2)
-2.6.8-sarge-security: released (2.6.8-16sarge1)
-2.4.27-sarge-security: released (2.4.27-10sarge1) [176_ipsec-array-overflow.diff]
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-2457
===================================================================
--- patch-tracking/CVE-2005-2457 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-2457 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,28 +0,0 @@
-Candidate: CVE-2005-2457
-References:
- URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2457
- CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5
- UBUNTU:USN-169-1
- URL:http://www.ubuntulinux.org/support/documentation/usn/usn-169-1
- BID:14614
- URL:http://www.securityfocus.com/bid/14614
- SECUNIA:16355
- URL:http://secunia.com/advisories/16355/
-Description:
- The driver for compressed ISO file systems (zisofs) in the Linux
- kernel before 2.6.12.5 allows local users and remote attackers to
- cause a denial of service (kernel crash) via a crafted compressed ISO
- file system.
-upstream: released (2.6.12.5)
-2.6.8-sarge-security: released (2.6.8-16sarge2) [zisofs.diff]
-2.4.27-sid/sarge: pending [187_zisofs-2.diff]
-2.4.27-sarge-security: released (2.4.27-10sarge2) [187_zisofs-2.diff]
-linux-2.6.16:
-linux-2.6: released (2.6.12-3) [linux-2.6.12.5.patch]
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-2458
===================================================================
--- patch-tracking/CVE-2005-2458 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-2458 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,33 +0,0 @@
-Candidate: CVE-2005-2458
-References:
- URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2458
- Final-Decision:
- Interim-Decision:
- Modified:
- Proposed:
- Assigned: 20050805
- Category: SF
- MLIST:[bug-gnu-utils] 19990625 Re: bug in gzip: segfault when doing "gzip -t" on a broken file
- URL:http://sources.redhat.com/ml/bug-gnu-utils/1999-06/msg00183.html
- CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5
- UBUNTU:USN-169-1
- URL:http://www.ubuntulinux.org/support/documentation/usn/usn-169-1
- SECUNIA:16355
- URL:http://secunia.com/advisories/16355/
-Description:
- inflate.c in the zlib routines in the Linux kernel before 2.6.12.5
- allows remote attackers to cause a denial of service (kernel crash)
- via a compressed file with "improper tables".
-upstream: released (2.6.12.5)
-linux-2.6.16:
-linux-2.6: released (2.6.12-3) [linux-2.6.12.5.patch]
-2.6.8-sarge-security: released (2.6.8-16sarge1) [linux-zlib-fixes.dpatch]
-2.4.27-sid/sarge: released (2.4.27-11) [182_linux-zlib-fixes.diff]
-2.4.27-sarge-security: released (2.4.27-10sarge1) [182_linux-zlib-fixes.diff]
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-2459
===================================================================
--- patch-tracking/CVE-2005-2459 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-2459 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,32 +0,0 @@
-Candidate: CVE-2005-2459
-References:
- URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2459
- MISC:http://bugs.gentoo.org/show_bug.cgi?id=94584
- CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5
- UBUNTU:USN-169-1
- URL:http://www.ubuntulinux.org/support/documentation/usn/usn-169-1
- SECUNIA:16355
- URL:http://secunia.com/advisories/16355/
-Description:
- The huft_build function in inflate.c in the zlib routines in the Linux
- kernel before 2.6.12.5 returns the wrong value, which allows remote
- attackers to cause a denial of service (kernel crash) via a certain
- compressed file that leads to a null pointer dereference, a different
- vulnerability than CVE-2005-2458.
-Notes:
- This is a bogus fix that was applied in 2.6.12.5 and reverted in 2.6.12.6
- http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.6
- We included the broken fix in the sarge1 releases, so this backs it out.
-upstream: released (2.6.12.5)
-linux-2.6.16:
-linux-2.6: released (2.6.12.3)
-2.6.8-sarge-security: released (2.6.8-16sarge1) [linux-zlib-fixes.dpatch]
-2.4.27-sid/sarge: released (2.4.27-11) [182_linux-zlib-fixes.diff]
-2.4.27-sarge-security: released (2.4.27-10sarge1) [182_linux-zlib-fixes.diff]
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-2490
===================================================================
--- patch-tracking/CVE-2005-2490 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-2490 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,37 +0,0 @@
-Candidate: CVE-2005-2490
-References:
- URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2490
- Final-Decision:
- Interim-Decision:
- Modified:
- Proposed:
- Assigned: 20050808
- Category: SF
- MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166248
- CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.13.1
- UBUNTU:USN-178-1
- URL:http://www.ubuntu.com/usn/usn-178-1
- BID:14785
- URL:http://www.securityfocus.com/bid/14785
- SECUNIA:16747
- URL:http://secunia.com/advisories/16747/
- XF:kernel-sendmsg-bo(22217)
- URL:http://xforce.iss.net/xforce/xfdb/22217
-Description:
- Stack-based buffer overflow in the sendmsg function call in the Linux
- kernel 2.6 before 2.6.13.1 allows local users execute arbitrary code
- by calling sendmsg and modifying the message contents in another
- thread.
-upstream: released (2.6.13.1), released (2.4.33-pre1)
-linux-2.6.16:
-linux-2.6: released (2.6.12-7, 2.6.13-1) [sendmsg-stackoverflow.patch, linux-2.6.13.1.patch]
-2.6.8-sarge-security: released (2.6.8-16sarge2) [sendmsg-stackoverflow.dpatch]
-2.4.27-sid/sarge: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-2492
===================================================================
--- patch-tracking/CVE-2005-2492 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-2492 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,36 +0,0 @@
-Candidate: CVE-2005-2492
-References:
- URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2492
- Final-Decision:
- Interim-Decision:
- Modified:
- Proposed:
- Assigned: 20050808
- Category: SF
- MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166830
- CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.13.1
- UBUNTU:USN-178-1
- URL:http://www.ubuntu.com/usn/usn-178-1
- BID:14787
- URL:http://www.securityfocus.com/bid/14787
- SECUNIA:16747
- URL:http://secunia.com/advisories/16747/
- XF:kernel-rawsendmsg-obtain-information(22218)
- URL:http://xforce.iss.net/xforce/xfdb/22218
-Description:
- The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1
- allows local users to cause a denial of service (change hardware
- state) or read from arbitrary memory via crafted input.
-upstream: released (2.6.13.1)
-linux-2.6.16:
-linux-2.6: released (2.6.12-7, 2.6.13-1) [sendmsg-DoS.patch, linux-2.6.13.1.patch]
-2.6.8-sarge-security: N/A
-2.4.27-sid/sarge: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-2548
===================================================================
--- patch-tracking/CVE-2005-2548 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-2548 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,28 +0,0 @@
-Candidate: CVE-2005-2548
-References:
- URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2548
- Final-Decision:
- Interim-Decision:
- Modified:
- Proposed:
- Assigned: 20050812
- Category: SF
- CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=309308
-Description:
- vlan_dev.c in Linux kernel 2.6.8 allows remote attackers to cause a
- denial of service (kernel oops from null dereference) via certain UDP
- packets that lead to a function call with the wrong argument, as
- demonstrated using snmpwalk on snmpd.
-upstream: released (2.4.29)
-2.6.8-sarge-security: released (2.6.8-16sarge1) [vlan-mii-ioctl.dpatch]
-2.4.27-sid/sarge: N/A
-2.4.27-sarge-security: N/A
-linux-2.6.16:
-linux-2.6: N/A
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-2553
===================================================================
--- patch-tracking/CVE-2005-2553 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-2553 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,25 +0,0 @@
-Candidate: CVE-2005-2553
-References:
- URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2553
- CONFIRM:http://lkml.org/lkml/2005/1/5/245
- CONFIRM:http://linux.bkbits.net:8080/linux-2.4/cset@41dd3455GwQPufrGvBJjcUOXQa3WXA
-Description:
- The find_target function in ptrace32.c in the Linux kernel 2.4.x
- before 2.4.29 does not properly handle a NULL return value from
- another function, which allows local users to cause a denial of
- service (kernel crash/oops) by running a 32-bit ltrace program with
- the -i option on a 64-bit executable program.
-Bugs:
-upstream: released (2.4.29)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sid/sarge: pending [184_arch-x86_64-ia32-ptrace32-oops.diff]
-2.4.27-sarge-security: released (2.4.27-10sarge1) [184_arch-x86_64-ia32-ptrace32-oops.diff]
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-2555
===================================================================
--- patch-tracking/CVE-2005-2555 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-2555 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,22 +0,0 @@
-Candidate: CVE-2005-2555
-References:
- URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2555
-Description:
- Linux kernel 2.6.x does not properly restrict socket policy access to users
- with the CAP_NET_ADMIN capability, which could allow local users to conduct
- unauthorized activities via (1) ipv4/ip_sockglue.c and
- (2) ipv6/ipv6_sockglue.c.
-Notes:
-Bugs:
-upstream: released (2.6.13)
-linux-2.6.16:
-linux-2.6: released (2.6.13-1)
-2.6.8-sarge-security: released (2.6.8-16sarge2)
-2.4.27-sarge-security: released (2.4.27-10sarge2)
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-2708
===================================================================
--- patch-tracking/CVE-2005-2708 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-2708 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,25 +0,0 @@
-Candidate: CVE-2005-2708
-References:
- CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=161925
-Description:
- The search_binary_handler function in exec.c in Linux kernel on 64-bit x86
- architectures does not check a return code for a particular function call when
- virtual memory is low, which allows local users to cause a denial of service
- (panic), as demonstrated by running a process using the bash ulimit -v
- command.
-Notes:
- This bug only affects 2.4 and AMD64, a combination that does not exist in
- Debian
-Bugs:
-upstream: released (2.4.33-pre1)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-2709
===================================================================
--- patch-tracking/CVE-2005-2709 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-2709 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,31 +0,0 @@
-Candidate: CVE-2005-2709
-References:
- CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/chrisw/stable-queue.git;a=blob_plain;h=5dbbdc13a7bdbc132de44bc00e13079afaf033d0;f=2.6.14.1/cve-2005-2709-sysctl-unregistration-oops.patch
-Description:
- From: Al Viro <viro at zeniv.linux.org.uk>
- .
- You could open the /proc/sys/net/ipv4/conf/<if>/<whatever> file, then
- wait for interface to go away, try to grab as much memory as possible in
- hope to hit the (kfreed) ctl_table. Then fill it with pointers to your
- function. Then do read from file you've opened and if you are lucky,
- you'll get it called as ->proc_handler() in kernel mode.
-Notes:
- CVE is reserved, so we can't take the description from there yet
- .
- dannf> arch/s390/appldata/appldata_base.c doesn't exist in 2.4, so I dropped
- dannf> that hunk in my backport
- .
- **THIS IS AN ABI CHANGE**
-Bug:
-upstream: released (2.6.14.1), released (2.4.33-pre1)
-linux-2.6.16:
-linux-2.6: released (2.6.14-3)
-2.6.8-sarge-security: released (2.6.8-16sarge2) [sysctl-unregistration-oops.dpatch]
-2.4.27-sarge-security: released (2.4.27-10sarge2) [196_sysctl-unregistration-oops.patch]
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-2800
===================================================================
--- patch-tracking/CVE-2005-2800 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-2800 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,25 +0,0 @@
-Candidate: CVE-2005-2800
-References:
- URL:http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2005-2800
-Description:
- Memory leak in the seq_file implemenetation in the SCSI procfs interface
- (sg.c) in Linux kernel 2.6.13 and earlier allows local users to cause a
- denial of service (memory consumption) via certain repeated reads from the
- /proc/scsi/sg/devices file, which is not properly handled when the next()
- iterator returns NULL or an error.
-Notes:
- dannf> seq_file is a 2.6ism, so marking 2.4 as N/A
- dannf> There's a trivial test case - can it be reproduce this on 2.4?
-Bugs:
-upstream: released (2.6.12.6)
-linux-2.6.16:
-linux-2.6: released (2.6.12-6)
-2.6.8-sarge-security: released (2.6.8-16sarge2)
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
-2.4.18-woody-security-hppa: N/A
Deleted: patch-tracking/CVE-2005-2801
===================================================================
--- patch-tracking/CVE-2005-2801 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-2801 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,27 +0,0 @@
-Candidate: CVE-2005-2801
-References:
- URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2801
- MLIST:[Acl-Devel] 20050205 [FIX] Long-standing xattr sharing bug
- URL:http://acl.bestbits.at/pipermail/acl-devel/2005-February/001848.html
- MLIST:[debian-kernel] 20050809 Re: ACL patches in Debian 2.4 series kernel.
- URL:http://lists.debian.org/debian-kernel/2005/08/msg00238.html
- SUSE:SUSE-SA:2005:018
- URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html
-Description:
- xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6
- does not properly compare the name_index fields when sharing xattr
- blocks, which could prevent default ACLs from being applied.
-Bugs: 332381
-upstream: released (2.6.11)
-2.6.8-sarge-security: released (2.6.8-16sarge1) [fs_ext2_ext3_xattr-sharing.dpatch]
-2.4.27-sarge-security: released (2.4.27-10sarge1) [178_fs_ext2_ext3_xattr-sharing.diff]
-2.4.27-sid: released (2.4.27-12) [178_fs_ext2_ext3_xattr-sharing.diff]
-linux-2.6.16:
-linux-2.6: N/A
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-2872
===================================================================
--- patch-tracking/CVE-2005-2872 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-2872 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,32 +0,0 @@
-Candidate: CVE-2005-2872
-References:
- URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2872
- Final-Decision:
- Interim-Decision:
- Modified:
- Proposed:
- Assigned: 20050909
- Category: SF
- Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322237
- Reference:
- CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/chrisw/lsm-2.6.git;a=commit;h=bcfff0b471a60df350338bcd727fc9b8a6aa54b2
-Description:
- The ipt_recent kernel module (ipt_recent.c) in Linux kernel before
- 2.6.12, when running on 64-bit processors such as AMD64, allows remote
- attackers to cause a denial of service (kernel panic) via certain
- attacks such as SSH brute force, which leads to memset calls using a
- length based on the u_int32_t type, acting on an array of unsigned
- long elements, a different vulnerability than CVE-2005-2873.
-upstream: released (2.6.12)
-2.6.8-sarge-security: released (2.6.8-16sarge1) [net-ipv4-netfilter-ip_recent-last_pkts.dpatch]
-2.4.27-sid/sarge: released (2.4.27-12) [179_net-ipv4-netfilter-ip_recent-last_pkts.diff]
-2.4.27-sarge-security: released (2.4.27-10sarge1) [179_net-ipv4-netfilter-ip_recent-last_pkts.diff]
-linux-2.6.16:
-linux-2.6: N/A
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-2973
===================================================================
--- patch-tracking/CVE-2005-2973 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-2973 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,22 +0,0 @@
-Candidate: CVE-2005-2973
-References:
- URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2973
- CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@4342df67SNhRx_3FGhUrrU-FXLlQIA
-Description:
- Fix infinite loop in udp_v6_get_port().
-Bugs:
-Notes:
- submitted for inclusion in 2.4.32-rc2
-upstream: released (2.6.14-rc4)
-2.6.8-sarge-security: released (2.6.8-16sarge2) [net-ipv6-udp_v6_get_port-loop.patch]
-2.4.27-sarge-security: released (2.4.27-10sarge2) [195_net-ipv6-udp_v6_get_port-loop.diff]
-2.4.27-sarge/sid: pending (2.4.27-12)
-linux-2.6.16:
-linux-2.6: released (2.6.13+2.6.14-rc4-0experimental.1)
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-3053
===================================================================
--- patch-tracking/CVE-2005-3053 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-3053 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,29 +0,0 @@
-Candidate: CVE-2005-3053
-References:
- URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3053
- Final-Decision:
- Interim-Decision:
- Modified:
- Proposed:
- Assigned: 20050926
- Category: SF
- Reference: CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@42eef8b09C5r6iI0LuMe5Uy3k05c5g
-Description:
- The sys_set_mempolicy function in mempolicy.c in Linux kernel 2.6.x
- allows local users to cause a denial of service (kernel BUG()) via a
- negative first argument.
-Notes:
- horms> http://lkml.org/lkml/2005/9/30/218
-upstream: released (2.6.12.5)
-linux-2.6.16:
-linux-2.6: released (2.6.12-3)
-2.6.8-sarge-security: released (2.6.8-16sarge2) [mempolicy-check-mode.dpatch]
-2.4.27-sid/sarge: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-3055
===================================================================
--- patch-tracking/CVE-2005-3055 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-3055 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,34 +0,0 @@
-Candidate: CVE-2005-3055
-References:
- URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3055
- Final-Decision:
- Interim-Decision:
- Modified:
- Proposed:
- Assigned: 20050926
- Category: SF
- MLIST:[linux-kernel] 20050925 [BUG/PATCH/RFC] Oops while completing async USB via usbdevio
- URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=112766129313883
-Description:
- Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial
- of service (kernel OOPS) via a userspace process that issues a USB
- Request Block (URB) to a USB device and terminates before the URB is
- finished, which leads to a stale pointer reference.
-Notes:
- horms> http://lkml.org/lkml/mbox/2005/10/11/90
- horms> http://lkml.org/lkml/2005/10/11/90
- horms> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330287;msg=21
-Bugs: 330287, 332587
-upstream: released (2.6.14-rc4)
-linux-2.6.16:
-linux-2.6: released (2.6.14-1)
-2.6.8-sarge-security: released (2.6.8-16sarge2)
-2.4.27-sid/sarge: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-3106
===================================================================
--- patch-tracking/CVE-2005-3106 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-3106 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,34 +0,0 @@
-Candidate: CVE-2005-3106
-References:
- URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3106
- Final-Decision:
- Interim-Decision:
- Modified:
- Proposed:
- Assigned: 20050930
- Category: SF
- CONFIRM:http://linux.bkbits.net:8080/linux-2.6/diffs/fs/exec.c@1.156?nav=index.html|src/|src/fs|hist/fs/exec.c
-Description:
- Race condition in Linux 2.6, when threads are sharing memory mapping
- via CLONE_VM (such as linuxthreads and vfork), might allow local users
- to cause a denial of service (deadlock) by triggering a core dump
- while waiting for a thread that has just performed an exec.
- .
- Extra information from Moritz Muehlenhof:
- CVE-2005-3106:
- DoS through race condition in processes that share a memory mapping through
- CLONE_VM
- http://linux.bkbits.net:8080/linux-2.6/diffs/fs/exec.c@1.156?nav=index.html|src/|src/fs|hist/fs/exec.c
-upstream: released (2.6.11)
-2.6.8-sarge-security: released (2.6.8-16sarge1) [fs-exec-ptrace-core-exec-race.dpatch]
-2.4.27-sid/sarge: N/A
-2.4.27-sarge-security: N/A
-linux-2.6.16:
-linux-2.6: N/A
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-3107
===================================================================
--- patch-tracking/CVE-2005-3107 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-3107 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,34 +0,0 @@
-Candidate: CVE-2005-3107
-References:
- URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3107
- Final-Decision:
- Interim-Decision:
- Modified:
- Proposed:
- Assigned: 20050930
- Category: SF
- CONFIRM:http://www.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.11-rc1/2.6.11-rc1-mm1/broken-out/fix-coredump_wait-deadlock-with-ptracer-tracee-on-shared-mm.patch
- CONFIRM:http://linux.bkbits.net:8080/linux-2.6/diffs/fs/exec.c@1.155?nav=index.html|src/|src/fs|hist/fs/exec.c
-Description:
- fs/exec.c in Linux 2.6, when one thread is tracing another thread that
- shares the same memory map, might allow local users to cause a denial
- of service (deadlock) by forcing a core dump when the traced thread is
- in the TASK_TRACED state.
- .
- Extra information from Moritz Muehlenhof:
- Local DoS through threads tracing each other by forcing a core dump, while the traced
- thread is in TASK_TRACED state.
- http://www.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.11-rc1/2.6.11-rc1-mm1/broken-out/fix-coredump_wait-deadlock-with-ptracer-tracee-on-shared-mm.patch
-upstream: released (2.6.11)
-2.6.8-sarge-security: released (2.6.8-16sarge1) [fs-exec-ptrace-deadlock.dpatch]
-2.4.27-sid/sarge: N/A
-2.4.27-sarge-security: N/A
-linux-2.6.16:
-linux-2.6: N/A
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-3108
===================================================================
--- patch-tracking/CVE-2005-3108 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-3108 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,32 +0,0 @@
-Candidate: CVE-2005-3108
-References:
- URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3108
- Final-Decision:
- Interim-Decision:
- Modified:
- Proposed:
- Assigned: 20050930
- Category: SF
- CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=93ef70a217637ade3f335303a112b22a134a1ec2
-Description:
- mm/ioremap.c in Linux 2.6 on 64-bit x86 systems allows local users to
- cause a denial of service or an information leak via an iremap on a
- certain memory map that causes the iounmap to perform a lookup of a
- page that does not exist.
-Notes:
- Extra information from Moritz Muehlenhof:
- DoS and potential information leak in ioremap (seemingly specific to amd64)
- http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=93ef70a217637ade3f335303a112b22a134a1ec2
-upstream: released (2.6.11.12)
-2.6.8-sarge-security: released (2.6.8-16sarge1) [arch-x86_64-mm-ioremap-page-lookup.dpatch]
-2.4.27-sid/sarge: N/A
-2.4.27-sarge-security: N/A
-linux-2.6.16:
-linux-2.6: N/A
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-3109
===================================================================
--- patch-tracking/CVE-2005-3109 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-3109 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,33 +0,0 @@
-Candidate: CVE-2005-3109
-References:
- URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3109
- Final-Decision:
- Interim-Decision:
- Modified:
- Proposed:
- Assigned: 20050930
- Category: SF
- CONFIRM:http://www.kernel.org/git/gitweb.cgi?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=945b092011c6af71a0107be96e119c8c08776f3f
-Description:
- The HFS and HFS+ (hfsplus) modules in Linux 2.6 allows attackers to
- cause a denial of service (oops) by using hfsplus to mount a
- filesystem that is not hfsplus.
-Notes:
- Extra information from Moritz Muehlenhof:
- Local DoS through oops by mounting a non-HFS+ filesystem as HFS+.
- Asking upstream about 2.4: http://lkml.org/lkml/2005/10/7/3/index.html
- dannf> Looks like, from the above thread, that 2.4 is not affected; marking
- as such.
-upstream: released (2.6.11.12)
-2.6.8-sarge-security: released (2.6.8-16sarge1) [fs-hfs-oops-and-leak.dpatch]
-2.4.27-sid/sarge: N/A
-2.4.27-sarge-security: N/A
-linux-2.6.16:
-linux-2.6: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
-2.4.18-woody-security-hppa: N/A
Deleted: patch-tracking/CVE-2005-3110
===================================================================
--- patch-tracking/CVE-2005-3110 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-3110 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,33 +0,0 @@
-Candidate: CVE-2005-3110
-References:
- URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3110
- Final-Decision:
- Interim-Decision:
- Modified:
- Proposed:
- Assigned: 20050930
- Category: SF
- Reference: CONFIRM:http://sourceforge.net/mailarchive/forum.php?thread_id=6800453&forum_id=8572
-Description:
- Race condition in ebtables netfilter module (ebtables.c) in Linux 2.6,
- when running on an SMP system that is operating under a heavy load,
- might allow remote attackers to cause a denial of service (crash) via
- a series of packets that cause a value to be modified after it has
- been read but before it has been locked.
-Notes:
- Extra information from Moritz Muehlenhof:
- DoS on SMP, potentially 2.4 and 2.6
- http://sourceforge.net/mailarchive/forum.php?thread_id=6800453&forum_id=8572
-upstream: released (2.6.11.11)
-2.6.8-sarge-security: released (2.6.8-16sarge1) [net-bridge-netfilter-etables-smp-race.dpatch]
-2.4.27-sid/sarge: N/A
-2.4.27-sarge-security: N/A
-linux-2.6.16:
-linux-2.6: N/A
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-3119
===================================================================
--- patch-tracking/CVE-2005-3119 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-3119 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,31 +0,0 @@
-Candidate: CVE-2005-3119
-References:
- URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3119
- CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@43483fddCiQX1WyG_orbko06TrjMVA
- REDHAT:RHSA-2005:808
- URL:http://www.redhat.com/support/errata/RHSA-2005-808.html
- SECUNIA:17364
- URL:http://secunia.com/advisories/17364
-Description:
- Memory leak in the request_key_auth_destroy function in request_key_auth in Linux
- kernel 2.6.13 and earlier allows local users to cause a denial of service (memory
- consumption) via a large number of authorization token keys.
-Notes:
- Plug request_key_auth memleak. This can be triggered by unprivileged
- users, so is local DoS.
- http://www.ussg.iu.edu/hypermail/linux/kernel/0510.0/1860.html
- .
- dannf> This file doesn't exist in 2.6.8, so sarge isn't vulnerable
-upstream: released (2.6.13.4, 2.6.14)
-linux-2.6.16:
-linux-2.6: released (2.6.13+2.6.14-rc4-0experimental.1)
-2.6.8-sarge-security: N/A
-2.4.27-sid/sarge: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-3179
===================================================================
--- patch-tracking/CVE-2005-3179 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-3179 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,28 +0,0 @@
-Candidate: CVE-2005-3179
-References:
- URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3179
- Reference: CONFIRM:http://www.kernel.org/hg/linux-2.6/?cmd=changeset;node=d7067d7d1f92cba14963a430cfbd53098cbbc8fd
- Reference: CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=107893
-Description:
- drm.c in Linux kernel 2.6.13 and earlier creates a debug file in sysfs
- with world-readable and world-writable permissions, which allows local
- users to enable DRM debugging and obtain sensitive information.
-Notes:
- (from Horms)
- > > From: Dave Jones <davej at redhat.com>
- > >
- > > Please consider for next 2.6.13, it is a minor security issue allowing
- > > users to turn on drm debugging when they shouldn't...
-upstream: released (2.6.13.4)
-linux-2.6.16:
-linux-2.6: released (2.6.13+2.6.14-rc4-0experimental.1)
-2.6.8-sarge-security: N/A
-2.4.27-sid/sarge: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-3180
===================================================================
--- patch-tracking/CVE-2005-3180 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-3180 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,32 +0,0 @@
-Candidate: CVE-2005-3180
-References:
- URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3180
- CONFIRM:http://www.kernel.org/hg/linux-2.6/?cmd=changeset;node=feecb2ffde28639e60ede769c6f817dc536c677b
-Description:
- The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does
- not properly clear memory from a previously used packet whose length
- is increased, which allows remote attackers to obtain sensitive
- information.
-Notes:
- > > From: Pavel Roskin <proski at gnu.org>
- > >
- > > The orinoco driver can send uninitialized data exposing random pieces of
- > > the system memory. This happens because data is not padded with zeroes
- > > when its length needs to be increased.
- horms> a better fix for this is
- horms> http://mirror.local.valinux.co.jp/linux/kernel/v2.6/ChangeLog-2.6.15
- horms> 192_orinoco-info-leak.diff is missing the ALIGN macro which is not
- horms> defined elsewhere in 2.4.
- horms> is added by 192_orinoco-info-leak-2.diff
-upstream: released (2.6.13.4), released (2.4.33-pre2)
-linux-2.6.16:
-linux-2.6: released (2.6.13+2.6.14-rc4-0experimental.1)
-2.6.8-sarge-security: released (2.6.8-16sarge2) [orinoco-info-leak.dpatch]
-2.4.27-sarge-security: released (2.4.27-10sarge2) [192_orinoco-info-leak.diff, 192_orinoco-info-leak-2.diff]
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-3181
===================================================================
--- patch-tracking/CVE-2005-3181 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-3181 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,25 +0,0 @@
-Candidate: CVE-2005-3181
-References:
- URL: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2005-3181
- CONFIRM: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=829841146878e082613a49581ae252c071057c23
-Description:
- Linux kernel before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, uses an
- incorrect function to free names_cache memory, which prevents the memory
- from being tracked by AUDITSYSCALL code and leads to a memory leak that
- allows attackers to cause a denial of service (memory consumption).
-Notes:
- 2.4 isn't vulnerable because AUDITSYSCALL doesn't exist in 2.4
-Bugs:
-upstream: released (2.6.13.4)
-2.6.8-sarge-security: released (2.6.8-16sarge2)
-2.4.27-sarge-security: N/A
-2.4.27-sarge/sid: N/A
-linux-2.6.16:
-linux-2.6: released (2.6.13+2.6.14-rc4-0experimental.1)
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-3257
===================================================================
--- patch-tracking/CVE-2005-3257 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-3257 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,26 +0,0 @@
-Candidate: CVE-2005-3257
-References:
- URL: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2005-3257
- CONFIRM: http://article.gmane.org/gmane.linux.debian.devel.bugs.general/8533
-Description:
- The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12 allows local
- users to use the KDSKBSENT ioctl on terminals of other users and gain
- privileges, as demonstrated by modifying key bindings using loadkeys.
-Bugs: 334113
-Notes:
- The first patch is the bit that adds the capability check; the second
- one makes it less anal (only apply to writes).
- jmm> The patch targeted to 2.6.14.4 is slightly different, needs to be
- jmm> sorted out.
-upstream: released (2.4.32-rc3), released (2.6.15-rc1), released (2.6.14.4)
-2.6.8-sarge-security: released (2.6.8-16sarge2) [setkeys-needs-root-1.dpatch, setkeys-needs-root-2.dpatch]
-2.4.27-sarge-security: released (2.4.27-10sarge2) [197_setkeys-needs-root-1.diff, 197_setkeys-needs-root-2.diff]
-linux-2.6.16:
-linux-2.6: released (2.6.14-6)
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-3271
===================================================================
--- patch-tracking/CVE-2005-3271 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-3271 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,25 +0,0 @@
-Candidate: CVE-2005-3271
-References:
- URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3271
- MLIST:[linux-kernel] 20040911 [PATCH] exec: fix posix-timers leak and pending signal loss
- URL:http://www.ussg.iu.edu/hypermail/linux/kernel/0409.1/1107.html
- CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@414b332fsZQvEUsfzKJIo-q2_ZH0hg
-Description:
- Exec in Linux kernel 2.6 does not properly clear posix-timers in
- multi-threaded environments, which results in a resource leak and
- could allow a large number of multiple local users to cause a denial
- of service by using more posix-timers than specified by the quota for
- a single user.
-Bugs:
-upstream: released (2.6.9)
-2.6.8-sarge-security: released (2.6.8-16sarge1) [fs-exec-posix-timers-leak-1.dpatch]
-2.4.27-sarge-security: N/A
-linux-2.6.16:
-linux-2.6: N/A
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-3272
===================================================================
--- patch-tracking/CVE-2005-3272 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-3272 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,21 +0,0 @@
-Candidate: CVE-2005-3272
-References:
- URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3272
- CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@1.3097.18.19?nav=index.html|src/|src/net|src/net/bridge|related/net/bridge/br_input.c
-Description:
- Linux kernel before 2.6.12 allows remote attackers to poison the
- bridge forwarding table using frames that have already been dropped by
- filtering, which can cause the bridge to forward spoofed packets.
-Bugs:
-upstream: released (2.6.12)
-2.6.8-sarge-security: released (2.6.8-16sarge1) [net-bridge-forwarding-poison-1.dpatch, net-bridge-mangle-oops-1.dpatch, net-bridge-mangle-oops-2.dpatch]
-2.4.27-sarge-security: N/A
-linux-2.6.16:
-linux-2.6: released (2.6.12-1)
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-3273
===================================================================
--- patch-tracking/CVE-2005-3273 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-3273 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,23 +0,0 @@
-Candidate: CVE-2005-3273
-References:
- URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3273
- CONFIRM:http://linux.bkbits.net:8080/linux-2.6/diffs/net/rose/rose_route.c@1.16?nav=index.html|src/|src/net|src/net/rose|related/net/rose/rose_route.c|cset@1.2009.1.46
- CONFIRM:http://lkml.org/lkml/2005/5/23/169
-Description:
- The rose_rt_ioctl function in rose_route.c for ROSE in Linux 2.6
- kernels prior to 2.6.12 does not properly verify the ndigis argument
- for a new route, which allows attackers to trigger array out-of-bounds
- errors with a large number of digipeats.
-Bugs:
-upstream: released (2.6.12)
-2.6.8-sarge-security: released (2.6.8-16sarge1) [net-rose-ndigis-verify.dpatch]
-2.4.27-sarge-security: N/A
-linux-2.6.16:
-linux-2.6: released (2.6.12-1)
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-3274
===================================================================
--- patch-tracking/CVE-2005-3274 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-3274 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,25 +0,0 @@
-Candidate: CVE-2005-3274
-References:
- URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3274
- CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=e684f066dff5628bb61ad1912de6e8058b5b4c7d
- CONFIRM:http://lkml.org/lkml/2005/6/23/249
- CONFIRM:http://lkml.org/lkml/2005/6/24/173
-Description:
- Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4
- before 2.4.32-pre2, when running on SMP systems, allows local users to
- cause a denial of service (null dereference) by causing a connection
- timer to expire while the connection table is being flushed before the
- appropriate lock is acquired.
-Bugs:
-upstream: released (2.6.13, 2.4.32-pre2)
-linux-2.6.16:
-linux-2.6: released (2.6.13-1)
-2.6.8-sarge-security: released (2.6.8-16sarge1) [net-ipv4-ipvs-conn_tab-race.dpatch]
-2.4.27-sarge-security: released (2.4.27-10sarge1)
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-3275
===================================================================
--- patch-tracking/CVE-2005-3275 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-3275 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,24 +0,0 @@
-Candidate: CVE-2005-3275
-References:
- URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3275
- CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@1.3596.79.34?nav=index.html|src/|src/net|src/net/ipv4|src/net/ipv4/netfilter|related/net/ipv4/netfilter/ip_nat_proto_udp.c
-Description:
- The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c in
- Linux kernel 2.6 before 2.6.13 and 2.4 before 2.4.32-rc1 incorrectly
- declares a variable to be static, which allows remote attackers to
- cause a denial of service (memory corruption) by causing two packets
- for the same protocol to be NATed at the same time, which leads to
- memory corruption.
-Bugs:
-upstream: released (2.6.12.3)
-2.6.8-sarge-security: released (2.6.8-16sarge1) [netfilter-NAT-memory-corruption.dpatch]
-2.4.27-sarge-security: released (2.4.27-10sarge1) [174_net-ipv4-netfilter-nat-mem.diff]
-linux-2.6.16:
-linux-2.6: released (2.6.12-1)
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-3276
===================================================================
--- patch-tracking/CVE-2005-3276 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-3276 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,22 +0,0 @@
-Candidate: CVE-2005-3276
-References:
- CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@1.3700.4.106?nav=index.html|src/|src/arch|src/arch/i386|src/arch/i386/kernel|related/arch/i386/kernel/process.c
- CONFIRM: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=71ae18ec690953e9ba7107c7cc44589c2cc0d9f1
- URL:http://lkml.org/lkml/2005/8/3/36
-Description:
- The sys_get_thread_area function in Linux 2.6 kernels prior to 2.6.12.4 and
- 2.6.13 does not entirely clear a user_desc structure before copying it
- to userspace, resulting in a small information leak.
-Bugs:
-upstream: released (2.6.12.4)
-linux-2.6.16:
-linux-2.6: released (2.6.12-2)
-2.6.8-sarge-security: released (2.6.8-16sarge1) [sys_get_thread_area-leak.dpatch]
-2.4.27-sarge-security: N/A
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-3356
===================================================================
--- patch-tracking/CVE-2005-3356 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-3356 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,35 +0,0 @@
-Candidate: CVE-2005-3356
-References:
- http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff_plain;h=7c7dce9209161eb260cdf9e9172f72c3a02379e6h+p=12dbf3fc4d06d2c0c4c44dc0612df04248b3cfd3
-Description:
- [PATCH] Fix double decrement of mqueue_mnt->mnt_count in sys_mq_open
- .
- Fixed the refcounting on failure exits in sys_mq_open() and
- cleaned the logics up. Rules are actually pretty simple - dentry_open()
- expects vfsmount and dentry to be pinned down and it either transfers
- them into created struct file or drops them. Old code had been very
- confused in that area - if dentry_open() had failed either in do_open()
- or do_create(), we ended up dentry and mqueue_mnt dropped twice, once
- by dentry_open() cleanup and then by sys_mq_open().
- .
- Fix consists of making the rules for do_create() and do_open()
- same as for dentry_open() and updating the sys_mq_open() accordingly;
- that actually leads to more straightforward code and less work on
- normal path.
- .
- Signed-off-by: Al Viro <aviro at redhat.com>
- Signed-off-by: Linus Torvalds <torvalds at osdl.org>
-Notes:
- jmm> Discovered by Doug Chapman
-Bugs:
-upstream: released (2.6.15.2)
-linux-2.6.16:
-linux-2.6: released (2.6.15-4)
-2.6.8-sarge-security: released (2.6.8-16sarge2)
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2005-3358
===================================================================
--- patch-tracking/CVE-2005-3358 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-3358 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,23 +0,0 @@
-Candidate: CVE-2005-3358
-References:
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175683
-Description:
- Linux kernel 2.6.x, possibly before 2.6.11, allows local users to
- cause a denial of service (panic) via a set_mempolicy call with a
- 0 bitmask, which causes a panic when a page fault occurs.
-Notes:
- jmm> This was initially believed to be fixed as of 2.6.11, but this
- jmm> turned out to be wrong.
-Bugs:
-upstream: released (2.6.15)
-linux-2.6.16:
-linux-2.6: released (2.6.15-1)
-2.6.8-sarge-security: released (2.6.8-16sarge2) [mempolicy-undefined-nodes.dpatch]
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
-2.4.18-woody-security-hppa: N/A
Deleted: patch-tracking/CVE-2005-3359
===================================================================
--- patch-tracking/CVE-2005-3359 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-3359 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,36 +0,0 @@
-Candidate: CVE-2005-3359
-References:
- http://linux.bkbits.net:8080/linux-2.6/cset@4339c66aLroC1_zunYKhEIbtIWrnwg
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175769
- http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=a79af59efd20990473d579b1d8d70bb120f0920c
- CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@4339c66aLroC1_zunYKhEIbtIWrnwg
- CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175769
- UBUNTU:USN-263-1
- URL:http://www.ubuntulinux.org/support/documentation/usn/usn-263-1
- BID:17078
- URL:http://www.securityfocus.com/bid/17078
- SECUNIA:19220
- URL:http://secunia.com/advisories/19220
-Description:
- The atm module in Linux kernel 2.6 before 2.6.14 allows local users to cause a
- denial of service (panic) via certain socket calls that produce inconsistent
- reference counts for loadable protocol modules.
-Notes:
- dannf> Easily reproduced on 2.6.8, not reproducible on 2.4.27, so marking
- dannf> 2.4 N/A
- .
- dannf> Note that atm is marked experimental in 2.6.8, and is not built
- dannf> as a module on i386, amd64 or ia64 - but of course users could
- dannf> build their own kernels, and this isn't atm specific
-Bugs:
-upstream: released (2.6.14)
-linux-2.6.16:
-linux-2.6: released (2.6.14-1)
-2.6.8-sarge-security: released (2.6.8-16sarge3)
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2005-3623
===================================================================
--- patch-tracking/CVE-2005-3623 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-3623 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,22 +0,0 @@
-Candidate: CVE-2005-3623
-References:
- http://permalink.gmane.org/gmane.linux.kernel/360868
-Description:
- We must check for MAY_SATTR before setting acls, which includes
- checking for read-only exports: the lower-level setxattr operation
- that eventually sets the acl cannot check export-level restrictions.
-Notes:
- jmm> NFS ACLs were only introduced somewhere between 2.6.12-2.6.14, so
- jmm> Sarge and Woody are not vulnerable
-Bugs:
-upstream: released (2.6.14.5), released (2.6.15-pre7)
-linux-2.6.16:
-linux-2.6: released (2.6.14-7)
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2005-3783
===================================================================
--- patch-tracking/CVE-2005-3783 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-3783 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,23 +0,0 @@
-Candidate: CVE-2005-3783
-References:
- http://www.kernel.org/git/?p=linux/kernel/git/gregkh/linux-2.6.14.y.git;a=commit;h=082d52c56f642d21b771a13221068d40915a1409
- http://www.kernel.org/git/?p=linux/kernel/git/gregkh/linux-2.6.14.y.git;a=blobdiff;h=fcfc4568b45f3f190ba320b0d5853836921cb8bc;hp=019e04ec065a55d8f28157d3a1f7ba06cafd347f;hb=082d52c56f642d21b771a13221068d40915a1409;f=kernel/ptrace.c
-Description:
- The ptrace functionality (ptrace.c) in Linux kernel 2.6 before 2.6.14.2,
- using CLONE_THREAD, does not use the thread group ID to check whether it
- is attaching to itself, which allows local users to cause a denial of
- service (crash).
-Notes:
-Bugs:
-upstream: released (2.4.33-pre1, 2.6.14.2)
-linux-2.6.16:
-linux-2.6: released (2.6.14-3)
-2.6.8-sarge-security: released (2.6.8-16sarge2) [ptrace-fix_self-attach_rule.dpatch]
-2.4.27-sarge-security: released (2.4.27-10sarge2) [201_ptrace-fix_self-attach_rule.diff]
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-3784
===================================================================
--- patch-tracking/CVE-2005-3784 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-3784 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,22 +0,0 @@
-Candidate: CVE-2005-3784
-References:
- http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7ed0175a462c4c30f6df6fac1cccac058f997739
-Description:
- The auto-reap of child processes in Linux kernel 2.6 before 2.6.15 includes processes
- with ptrace attached,which leads to a dangling ptrace reference and allows local users
- to cause a denial of service (crash).
-Notes:
- jmm,horms> 2.4 code seems very different and not vulnerable
-Bugs:
-upstream: released (2.6.15)
-linux-2.6.16:
-linux-2.6: released (2.6.15-1)
-2.6.8-sarge-security: released (2.6.8-16sarge2) [kernel-dont-reap-traced.dpatch]
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
-2.4.18-woody-security-hppa: N/A
Deleted: patch-tracking/CVE-2005-3805
===================================================================
--- patch-tracking/CVE-2005-3805 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-3805 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,23 +0,0 @@
-Candidate: CVE-2005-3805
-References:
- http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=25f407f0b668f5e4ebd5d13e1fb4306ba6427ead
-Description:
- A locking problem in POSIX timer cleanup handling on exit in Linux kernel
- 2.6.10 to 2.6.14, when running on SMP systems, allows local users to cause
- a denial of service (deadlock) involving process CPU timers.
-Notes:
- The referenced patch was actually added in 2.6.14, so I think the vulnerable
- versions listed in the description are wrong.
-Bugs:
-upstream: released (2.6.14)
-linux-2.6.16:
-linux-2.6: released (2.6.14-1)
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
-2.4.18-woody-security-hppa: N/A
Deleted: patch-tracking/CVE-2005-3806
===================================================================
--- patch-tracking/CVE-2005-3806 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-3806 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,24 +0,0 @@
-Candidate: CVE-2005-3806
-References:
- http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4ea6a8046bb49d43c950898f0cb4e1994ef6c89d
- http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blobdiff;h=bbbe80cdaf72a75a463aff9551e60b31e2f69061;hp=f841bde30c18493a94fd5d522b84724a8eb82a4a;hb=4ea6a8046bb49d43c950898f0cb4e1994ef6c89d;f=net/ipv6/ip6_flowlabel.c
-Description:
- The IPv6 flowlabel handling code (ip6_flowlabel.c) in Linux kernels
- 2.4 up to 2.4.32 and 2.6 before 2.6.14 modifies the wrong variable in
- certain circumstances, which allows local users to corrupt kernel memory
- or cause a denial of service (crash) by triggering a free of non-allocated
- memory.
-Notes:
-Bugs:
-upstream: released (2.6.14)
-linux-2.6.16:
-linux-2.6: released (2.6.14-1)
-2.6.8-sarge-security: released (2.6.8-16sarge2) [net-ipv6-flowlabel-refcnt.dpatch]
-2.4.27-sarge-security: released (2.4.27-10sarge2) [net-ipv6-flowlabel-refcnt.dpatch]
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-3807
===================================================================
--- patch-tracking/CVE-2005-3807 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-3807 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,25 +0,0 @@
-Candidate: CVE-2005-3807
-References:
- CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=dc15ae14e97ee9d5ed740cbb0b94996076d8b37e
-Description:
- [PATCH] VFS: Fix memory leak with file leases
- .
- Memory leak in the VFS file lease handling in locks.c in Linux kernels
- 2.6.10 to 2.6.15 allows local users to cause a denial of service
- (memory exhaustion) via certain Samba activities that cause an fasync
- entry to be re-allocated by the fcntl_setlease function after the
- fasync queue has already
-Notes:
-Bugs:
-upstream: released (2.6.14.3)
-linux-2.6.16:
-linux-2.6: released (2.6.14-4)
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-3808
===================================================================
--- patch-tracking/CVE-2005-3808 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-3808 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,20 +0,0 @@
-Candidate: CVE-2005-3808
-References: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=479ef592f3664dd629417098c8599261c0f689ab
-Description:
- Fix a 32 bit integer overflow in invalidate_inode_pages2_range. Local DoS
-Notes:
- horms> I don't see any evidence of this on 2.6.8 or 2.4.27
- I didn't check the woody kernels, but it seems very unlikely it is there
-Bugs:
-upstream: released (2.6.14.4)
-linux-2.6.16:
-linux-2.6: released (2.6.14-4)
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-3809
===================================================================
--- patch-tracking/CVE-2005-3809 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-3809 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,17 +0,0 @@
-Candidate: CVE-2005-3809
-References: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=51df784ed739246a3774b300e5f536e17bec36ed
-Description:
-Notes:
-Bugs:
-upstream: released (2.6.15-rc1, 2.6.14.3)
-linux-2.6.16:
-linux-2.6: pending (2.6.14-4)
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-3810
===================================================================
--- patch-tracking/CVE-2005-3810 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-3810 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,21 +0,0 @@
-Candidate: CVE-2005-3810
-References: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=439a9994bb6ae3c7cab1f0b776bca6bc7aa58a11
-Description:
- [NETFILTER] ctnetlink: Fix oops when no ICMP ID info in message
- .
- This patch fixes an userspace triggered oops. If there is no ICMP_ID
- info the reference to attr will be NULL.
-Notes:
-Bugs:
-upstream: released (2.6.15-rc1, 2.6.14.3)
-linux-2.6.16:
-linux-2.6: released (2.6.14-4)
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-3847
===================================================================
--- patch-tracking/CVE-2005-3847 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-3847 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,31 +0,0 @@
-Candidate: CVE-2005-3847
-References:
- CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=dd12f48d4e8774415b528d3991ae47c28f26e1ac;hp=ade6648b3b11a5d81f6f28135193ab6d85d621db
- MISC:http://groups.google.com/group/linux.kernel/browse_thread/thread/74683bcc8dbf0df3/bf540370894d3de0%23bf540370894d3de0?sa=X&oi=groupsr&start=0&num=3
- MISC:http://svn.debian.org/wsvn/kernel/dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/nptl-signal-delivery-deadlock-fix.dpatch?op=file&rev=4458&sc=0
-Description:
- Bhavesh P. Davda reported a race condition that exists in Linux 2.6 kernels prior to
- 2.6.13 and 2.6.12.6. A deadlock can occur when a SIGKILL signal is sent to a real-time
- threaded process that is dumping core, which can be used by a local user to initiate
- a denial of service attack.
-Notes:
- handle_stop_signal() in 2.4 looks significantly different, and since this bug
- is associated with NPTL, I don't think we need to worry about in 2.4.
- CVE description is actually as follows:
- signal.c in Linux kernel before 2.6.13 and 2.6.12.6 and earlier allows
- local users to cause a denial of service (deadlock) by sending a
- SIGKILL to a real-time threaded process while it is performing a core
- dump.
-Bug:
-upstream: released (2.6.12.6, 2.6.13)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: released (2.6.8-16sarge2) [nptl-signal-delivery-deadlock-fix.dpatch]
-2.4.27-sarge-security: N/A
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-3848
===================================================================
--- patch-tracking/CVE-2005-3848 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-3848 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,33 +0,0 @@
-Candidate: CVE-2005-3848
-References:
- CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cb94c62c252796f42bb83fe40960d12f3ea5a82a
- MISC:http://lkml.org/lkml/2005/8/26/173
-Description:
- Ollie Wild discovered a leak in the icmp_push_reply() function in Linux 2.6,
- in which an ignored error returned by ip_append_data() would result in the
- route and net_device not being freed. A malicious remote user could exploit
- this in order to initiate a denial of service attack. This issue was fixed
- in Linux 2.6.12.6 and 2.6.13.
-Notes:
- This code looks completely different in 2.4; neither ip_append_data() (the
- function that returns an error) nor icmp_push_reply() (the function that fails
- to check this error) exist. So, I'm marking 2.4 as unaffected.
- Actual CVE description:
- Memory leak in the icmp_push_reply function in Linux 2.6 before
- 2.6.12.6 and 2.6.13 allows remote attackers to cause a denial of
- service (memory consumption) via a large number of crafted packets
- that cause the ip_append_data function to fail, aka "DST leak in
- icmp_push_reply."
-upstream: released (2.6.12.6, 2.6.13)
-2.6.8-sarge-security: released (2.6.8-16sarge2) [fix-dst-leak-in-icmp_push_reply.dpatch]
-2.4.27-sid/sarge: released (2.4.27-12) [188_fix-dst-leak-in-icmp_push_reply.diff]
-2.4.27-sarge-security: released (2.4.27-10sarge2) [188_fix-dst-leak-in-icmp_push_reply.diff]
-linux-2.6.16:
-linux-2.6:
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-3857
===================================================================
--- patch-tracking/CVE-2005-3857 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-3857 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,25 +0,0 @@
-Candidate: CVE-2005-3857
-References:
- CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f3a9388e4ebea57583272007311fffa26ebbb305
-Description:
- [PATCH] VFS: local denial-of-service with file leases
- .
- The time_out_leases function in locks.c for Linux kernel before 2.6.15
- allows local users to cause a denial of service (kernel log message
- consumption) by causing a large number of broken leases, which is
- recorded to the log using the printk function.
-Notes:
- Sent for inclusion in 2.4.33
-Bugs:
-upstream: released (2.6.15-rc2), needed (2.6.33)
-linux-2.6.16:
-linux-2.6: released (2.6.14+2.6.15-rc5-0experimental.1)
-2.6.8-sarge-security: released (2.6.8-16sarge2)
-2.4.27-sarge-security: released (2.4.27-10sarge2)
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-3858
===================================================================
--- patch-tracking/CVE-2005-3858 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-3858 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,25 +0,0 @@
-Candidate: CVE-2005-3858
-References:
- CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/chrisw/linux-2.6.12.y.git;a=commit;h=f982542ed2f495cbe94e6d9001878f27ea738b36
- MISC:http://lkml.org/lkml/2005/8/26/175
-Description:
- ip6_input_finish() contains a memory leak in Linux kernels prior to
- 2.6.12.6 and 2.6.13. This could potentially be used to trigger a remote
- denial of service (DoS) attack.
-Notes:
- dannf> Though the code in 2.4 is quite different, it looks to me like the
- dannf> 2.4 code could be vulnerable.
-Bugs:
-upstream: released (2.6.12.6, 2.6.13)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: released (2.6.8-16sarge2)
-2.4.27-sarge-security: released (2.4.27-10sarge2) [189_ipv6-skb-leak.diff]
-2.4.27-sid: released (2.4.27-12) [189_ipv6-skb-leak.diff]
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Deleted: patch-tracking/CVE-2005-4351
===================================================================
--- patch-tracking/CVE-2005-4351 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-4351 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,23 +0,0 @@
-Candidate: CVE-2005-4351
-References:
- http://www.redteam-pentesting.de/advisories/rt-sa-2005-15.txt
-Description:
- The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up to 3.8,
- DragonFly up to 1.2, and Linux up to 2.6.15 allows root users to bypass
- immutable settings for files by mounting another filesystem that masks the
- immutable files while the system is running.
-Notes:
- jmm> This affects the LSM module for BSD secure levels, not included in 2.4 and
- jmm> 2.6.8
-Bugs:
-upstream:
-linux-2.6.16:
-linux-2.6:
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2005-4352
===================================================================
--- patch-tracking/CVE-2005-4352 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-4352 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,24 +0,0 @@
-Candidate: CVE-2005-4352
-References:
- http://www.redteam-pentesting.de/advisories/rt-sa-2005-16.txt
-Description:
- The securelevels implementation in NetBSD 2.1 and earlier, and Linux 2.6.15
- and earlier, allows local users to bypass time setting restrictions and set
- the clock backwards by setting the clock ahead to the maximum unixtime value
- (19 Jan 2038), which then wraps around to the minimum value (13 Dec 1901),
- which can then be set ahead to the desired time, aka "settimeofday() time wrap."
-Notes:
- jmm> This affects the LSM module for BSD secure levels, not included in 2.6.8
- jmm> and 2.4.27
-Bugs:
-upstream:
-linux-2.6.16:
-linux-2.6:
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2005-4605
===================================================================
--- patch-tracking/CVE-2005-4605 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-4605 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,26 +0,0 @@
-Candidate: CVE-2005-4605
-References:
- http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8b90db0df7187a01fb7177f1f812123138f562cf
- http://marc.theaimsgroup.com/?l=full-disclosure&m=113535380422339&w=2
- http://linux.bkbits.net:8080/linux-2.6/gnupatch@43b562ae6hJGLWZA4TNf2k-RzXnVlQ
-Description:
- The procfs code (proc_misc.c) in Linux 2.6.14.3 and other versions
- before 2.6.15 allows attackers to read sensitive kernel memory via
- unspecified vectors in which a signed value is added to an unsigned
- value.
-Notes:
- jmm> 2.4 not affected as proc_file_lseek() contains a check for this
- jmm> if (offset>=0 && (unsigned long long)offset<=file->f_dentry->d_inode->i_sb->s_maxbytes) {
- jmm> Discovered by Karl Janmar
-Bugs:
-upstream: released (2.6.15), released (2.6.14.6)
-linux-2.6.16:
-linux-2.6: released (2.6.15-1)
-2.6.8-sarge-security: released (2.6.8-16sarge2) [proc-legacy-loff-underflow.dpatch]
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2005-4618
===================================================================
--- patch-tracking/CVE-2005-4618 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-4618 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,23 +0,0 @@
-Candidate: CVE-2005-4618
-References:
- http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15
- http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8febdd85adaa41fa1fc1cb31286210fc2cd3ed0c
-Description:
- Buffer overflow in sysctl in the Linux Kernel 2.6 before 2.6.15 allows
- local users to cause a denial of service and possibly execute arbitrary
- code via a long string, which causes sysctl to write a zero byte outside
- the buffer.
-Notes:
- jmm> Discovered by Yi Ying
-Bugs:
-upstream: released (2.6.15)
-linux-2.6.16:
-linux-2.6: released (2.6.15-1)
-2.6.8-sarge-security: released (2.6.8-16sarge2)
-2.4.27-sarge-security: released (2.4.27-10sarge2)
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
Deleted: patch-tracking/CVE-2005-4635
===================================================================
--- patch-tracking/CVE-2005-4635 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-4635 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,30 +0,0 @@
-Candidate: CVE-2005-4635
-References:
- MISC:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ea86575eaf99a9262a969309d934318028dbfacb
- CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15
- BID:16139
- URL:http://www.securityfocus.com/bid/16139
- FRSIRT:ADV-2006-0035
- URL:http://www.frsirt.com/english/advisories/2006/0035
- SECUNIA:18216
- URL:http://secunia.com/advisories/18216
-Description:
- The nl_fib_input function in fib_frontend.c in the Linux kernel before 2.6.15
- does not check for valid lengths of the header and payload, which allows
- remote attackers to cause a denial of service (invalid memory reference) via
- malformed fib_lookup netlink messages.
-Notes:
- dannf> Well, I don't know how it could be exploited by an unpriveleged user - dannf> but I don't think we need to worry about it. The vulnerable function
- dannf> wasn't added until after 2.6.12, and is already fixed in 2.6.15.
-Bugs:
-upstream: released (2.6.15)
-linux-2.6.16:
-linux-2.6: released (2.6.15-1)
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2005-4639
===================================================================
--- patch-tracking/CVE-2005-4639 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2005-4639 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,26 +0,0 @@
-Candidate: CVE-2005-4639
-References:
- CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15
- URL:http://www.securityfocus.com/bid/16142
- URL:http://www.frsirt.com/english/advisories/2006/0035
- URL:http://secunia.com/advisories/18216
-Description:
- Buffer overflow in the CA-driver (dst_ca.c) for TwinHan DST Frontend/
- Card in Linux kernel 2.6.12 and other versions before 2.6.15 allows
- local users to cause a denial of service (crash) and possibly execute
- arbitrary code by "reading more than 8 bytes into an 8 byte long array".
-Notes:
- jmm> Discovered by Perceval Anichini
- dannf> Driver wasn't added till after 2.6.8
-Bugs:
-upstream: released (2.6.15)
-linux-2.6.16:
-linux-2.6: released (2.6.15-1)
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2006-0035
===================================================================
--- patch-tracking/CVE-2006-0035 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2006-0035 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,20 +0,0 @@
-Candidate: CVE-2006-0035
-References:
- http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ad8e4b75c8a7bed475d72ce09bf5267188621961
-Description:
- Sanity check nlmsg_len during netlink_rcv_skb. An nlmsg_len == 0 can cause
- infinite loop in kernel, effectively DoSing machine. Noted by Matin Murray.
-Notes:
- dannf> The vulnerable code doesn't exist in <= 2.6.8
-Bugs:
-upstream: released (2.6.15.1)
-linux-2.6.16:
-linux-2.6: released (2.6.15-3)
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2006-0036
===================================================================
--- patch-tracking/CVE-2006-0036 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2006-0036 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,22 +0,0 @@
-Candidate: CVE-2006-0036
-References:
- http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=15db34702cfafd24acc60295cf14861e4975\02ab
-Description:
- When an inbound PPTP_IN_CALL_REQUEST packet is received the
- PPTP NAT helper uses a NULL pointer in pointer arithmentic to
- calculate the offset in the packet which needs to be mangled
- and corrupts random memory or crashes.
-Notes:
- jmm> This is not included in 2.4 and 2.6.8
-Bugs:
-upstream: released (2.6.15.1)
-linux-2.6.16:
-linux-2.6: released (2.6.15-3)
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2006-0037
===================================================================
--- patch-tracking/CVE-2006-0037 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2006-0037 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,22 +0,0 @@
-Candidate: CVE-2006-0037
-References: http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=03b9feca89366952ae5dfe4ad8107b1ece50b710
-Description:
- The PPTP NAT helper calculates the offset at which the packet needs
- to be mangled as difference between two pointers to the header. With
- non-linear skbs however the pointers may point to two seperate buffers
- on the stack and the calculation results in a wrong offset beeing
- used.
-Notes:
- jmm> The vulnerable code isn't present in 2.4 and 2.6.8
-Bugs:
-upstream: released (2.6.15.1)
-linux-2.6.16:
-linux-2.6: released (2.6.15-3)
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2006-0038
===================================================================
--- patch-tracking/CVE-2006-0038 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2006-0038 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,23 +0,0 @@
-Candidate: CVE-2006-0038
-References:
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=186295
- http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ee4bb818ae35f68d1f848eae0a7b150a38eb4168
-Description:
- Integer overflow in the do_replace function in netfilter for Linux
- before 2.6.16-rc3, when using "virtualization solutions" such as OpenVZ,
- allows local users with CAP_NET_ADMIN rights to cause a buffer overflow
- in the copy_from_user function.
-Notes:
- dannf> Submitted to Marcelo for 2.4
-Bugs:
-upstream: released (2.6.16-rc3)
-linux-2.6.16:
-linux-2.6: released (2.6.16-1)
-2.6.8-sarge-security: released (2.6.8-16sarge3) [netfilter-do_replace-overflow.dpatch]
-2.4.27-sarge-security: released (2.4.27-10sarge3) [221_netfilter-do_replace-overflow.diff]
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
Deleted: patch-tracking/CVE-2006-0039
===================================================================
--- patch-tracking/CVE-2006-0039 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2006-0039 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,14 +0,0 @@
-Candidate: CVE-2006-0039
-References:
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191698
-Description: netfilter do_add_counters race
-Notes:
- jmm> Only exploitable with CAP_NET_ADMIN privilege
- jmm> exposure is leakage of sensitive information
- dannf> Submitted to Marcelo for 2.4
-Bugs:
-upstream: released (2.6.16.17)
-linux-2.6.16:
-linux-2.6: released (2.6.16-14)
-2.6.8-sarge-security: released (2.6.8-16sarge3)
-2.4.27-sarge-security: released (2.4.27-10sarge3)
Deleted: patch-tracking/CVE-2006-0095
===================================================================
--- patch-tracking/CVE-2006-0095 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2006-0095 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,23 +0,0 @@
-Candidate: CVE-2006-0095
-References:
- http://article.gmane.org/gmane.linux.kernel/363528/match=dm+crypt
-Description:
- dm-crypt does not clear struct crypt_config before freeing it. Thus,
- information on the key could leak f.e. to a swsusp image even after the
- encrypted device has been removed. The attached patch against 2.6.14 /
- 2.6.15 fixes it.
-Notes:
- jhorms> 2.4 not affected as dm-crypt doesn't seem to exist
- jmm> Discovered by Stefan Rompf
-Bugs:
-upstream: released (2.6.16-rc1)
-linux-2.6.16:
-linux-2.6: released (2.6.16-1)
-2.6.8-sarge-security: released (2.6.8-16sarge2) [dm-crypt-zero-key.dpatch]
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2006-0096
===================================================================
--- patch-tracking/CVE-2006-0096 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2006-0096 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,35 +0,0 @@
-Candidate: CVE-2006-0096
-References:
-http://www.kernel.org/git/?p=linux/kernel/git/tglx/history.git;a=commitdiff;h=0f1d4813a4a65296e1131f320a60741732bc068f
-http://linux.bkbits.net:8080/linux-2.4/cset@1.1448.91.23?nav=index.html|src/|src/drivers|src/drivers/net|src/drivers/net/wan|related/drivers/net/wan/sdla.c
-Description:
-Notes:
- jmm> This was accidentally released as a fix for CVE-2004-2607 in 2.4.27-8:
- jmm>
- jmm> diff -Nru a/drivers/net/wan/sdla.c b/drivers/net/wan/sdla.c
- jmm> --- a/drivers/net/wan/sdla.c 2005-01-13 08:41:42 -08:00
- jmm> +++ b/drivers/net/wan/sdla.c 2005-01-13 08:41:42 -08:00
- jmm> @@ -1300,6 +1300,8 @@
- jmm>
- jmm> case SDLA_WRITEMEM:
- jmm> case SDLA_READMEM:
- jmm> + if(!capable(CAP_SYS_RAWIO))
- jmm> + return -EPERM;
- jmm> return(sdla_xfer(dev, (struct sdla_mem *)ifr->ifr_data, cmd == SDLA_READMEM));
- jmm>
- jmm> case SDLA_START:
- horms> I only see reference to CVE-2004-2607 in patch-tracking,
- horms> not in the changelog for 2.4.27-8, so I don't think the first line
- horms> of the statement above is correct
-Bugs:
-upstream: released (2.6.11), fixed (2.4.29)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: released (2.6.8-16sarge2) [net-sdla-coverty.dpatch]
-2.4.27-sarge-security: released (2.4.27-8) [129_net_sdla_coverty.diff]
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
Deleted: patch-tracking/CVE-2006-0456
===================================================================
--- patch-tracking/CVE-2006-0456 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2006-0456 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,21 +0,0 @@
-Candidate: CVE-2006-0456
-References:
- http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=331c46591414f7f92b1cec048009abe89892ee79
-Description:
- strnlen_user() on s390 and s390x does not return a value greater than
- maxlen if the string is looking at is longer than maxlen; instead it
- returns maxlen.
-Notes:
- jmm> 2.4 doesn't have an assembly version
-Bugs:
-upstream: released (2.6.16)
-linux-2.6.16:
-linux-2.6: released (2.6.16-1)
-2.6.8-sarge-security: released (2.6.8-16sarge3)
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2006-0457
===================================================================
--- patch-tracking/CVE-2006-0457 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2006-0457 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,32 +0,0 @@
-Candidate: CVE-2006-0457
-References:
- http://linux.bkbits.net:8080/linux-2.6/cset@43e385c7rMAIqryXIl7lGGdWgZ1Ivg
- MANDRIVA:MDKSA-2006:059
- URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:059
- UBUNTU:USN-263-1
- URL:http://www.ubuntulinux.org/support/documentation/usn/usn-263-1
- BID:17084
- URL:http://www.securityfocus.com/bid/17084
- OSVDB:23894
- URL:http://www.osvdb.org/23894
- SECUNIA:19220
- URL:http://secunia.com/advisories/19220
-Description:
- Race condition in the (1) add_key, (2) request_key, and (3) keyctl functions
- in Linux kernel 2.6.x allows local users to cause a denial of service (crash)
- or read sensitive kernel memory by modifying the length of a string argument
- between the time that the kernel calculates the length and when it copies the
- data into kernel memory.
-Notes:
-Bugs:
-upstream: released (2.6.10)
-linux-2.6.16:
-linux-2.6: released (2.6.10-1)
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2006-0482
===================================================================
--- patch-tracking/CVE-2006-0482 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2006-0482 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,22 +0,0 @@
-Candidate: CVE-2006-0482
-References: http://lists.debian.org/debian-sparc/2006/01/msg00129.html
- http://marc.theaimsgroup.com/?t=113861017400002&r=1&w=2
- http://marc.theaimsgroup.com/?l=linux-sparc&m=113861287813463&w=2
-Description: date -s run as a normal user hangs machine on sparc64
-Notes:
- Jurij Smakov> sparc32 would be tricky to test and i don't know about 2.4.27
- dannf> Code isn't present in 2.4, and Jurij couldn't reproduce it there
- dannf> I can't reproduce on sparc32, which makes sense because the bug is
- dannf> in sparc64 32-bit compat code
-Bugs:
-upstream: pending (2.6.16-rc2)
-linux-2.6.16:
-linux-2.6: pending (2.6.16-4) [sparc64-clock-settime.patch]
-2.6.8-sarge-security: released (2.6.8-16sarge2) [sparc64-clock-settime.dpatch]
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2006-0554
===================================================================
--- patch-tracking/CVE-2006-0554 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2006-0554 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,19 +0,0 @@
-Candidate: CVE-2006-0554
-References:
- http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15.5
-Description:
- Linux kernel 2.6 before 2.6.15.5 allows local users to obtain sensitive
- information via a crafted XFS ftruncate call, which may return stale data.
-Notes:
-Bugs:
-upstream: released (2.6.15.5)
-linux-2.6.16:
-linux-2.6: released (2.6.15-8)
-2.6.8-sarge-security: released (2.6.8-16sarge3)
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2006-0555
===================================================================
--- patch-tracking/CVE-2006-0555 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2006-0555 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,20 +0,0 @@
-Candidate: CVE-2006-0555
-References:
- http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15.5
-Description:
- The Linux Kernel before 2.6.15.5 allows local users to cause a denial of
- service (NFS client panic) via unknown attack vectors related to the use of
- O_DIRECT (direct I/O).
-Notes: UBUNTU:USN-263-1
-Bugs:
-upstream: released (2.6.15.5)
-linux-2.6.16:
-linux-2.6: released (2.6.15-8)
-2.6.8-sarge-security: released (2.6.8-16sarge3)
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2006-0557
===================================================================
--- patch-tracking/CVE-2006-0557 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2006-0557 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,21 +0,0 @@
-Candidate: CVE-2006-0557
-References:
- http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=636f13c174dd7c84a437d3c3e8fa66f03f7fda63
- http://www.securityfocus.com/bid/16924
-Description:
- Local DoS in mempolicy code; certain maxnodes values cause a crash.
-Notes:
- Fixed in git on Feb 17, dunno about 2.6.15.x
- dannf> mempolicy.c doesn't exist in 2.4, marking N/A
-Bugs:
-upstream: released (2.6.16-rc4)
-linux-2.6.16:
-linux-2.6: released (2.6.16-1)
-2.6.8-sarge-security: released (2.6.8-16sarge3)
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2006-0558
===================================================================
--- patch-tracking/CVE-2006-0558 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2006-0558 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,31 +0,0 @@
-Candidate: CVE-2006-0558
-References:
- MLIST:[linux-ia64] [PATCH 1/1] ia64: perfmon.c trips BUG_ON in put_page_testzero
- URL:http://marc.theaimsgroup.com/?l=linux-ia64&m=113882384921688
- CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=185082
- BID:17482
- URL:http://www.securityfocus.com/bid/17482
-Description:
- perfmon (perfmon.c) in Linux kernel on IA64 architectures allows local users
- to cause a denial of service (crash) by interrupting a task while another
- process is accessing the mm_struct, which triggers a BUG_ON action in the
- put_page_testzero function.proc
-Notes:
- dannf> This issue is unreproducible in 2.6.16, according to:
- dannf> http://marc.theaimsgroup.com/?l=linux-ia64&m=114530938403347&w=2
- dannf> So, I'm marking upstream as 2.6.16
- .
- dannf> I have a reproducer from SGI. It causes 2.6.8 to oops, but needs to
- dannf> be ported to the 2.4 perfmon API to test 2.4.27
-Bugs: 365375
-upstream: released (2.6.16)
-linux-2.6.16:
-linux-2.6: released (2.6.16-1)
-2.6.8-sarge-security: released (2.6.8-16sarge3)
-2.4.27-sarge-security:
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
Deleted: patch-tracking/CVE-2006-0741
===================================================================
--- patch-tracking/CVE-2006-0741 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2006-0741 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,21 +0,0 @@
-Candidate: CVE-2006-0741
-References:
-Description:
- Fixes a local DOS on Intel systems that lead to an endless
-recursive fault. AMD machines don't seem to be affected.
-Notes:
- 2.6: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5342fba5412cead88b61ead07168615dbeba1ee3
- .
- This is amd64-specific (em64t in particular), so we could ignore it for 2.4
-Bugs:
-upstream: released (2.6.15.5)
-linux-2.6.16:
-linux-2.6: released (2.6.15-8)
-2.6.8-sarge-security: released (2.6.8-16sarge3) [binfmt-bad-elf-entry-address.dpatch]
-2.4.27-sarge-security: released (2.4.27-10sarge3) [222_binfmt-bad-elf-entry-address.diff]
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2006-0742
===================================================================
--- patch-tracking/CVE-2006-0742 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2006-0742 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,22 +0,0 @@
-Candidate: CVE-2006-0742
-References:
- http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=e963701a761aede31c9c1bfc74cf8e0ec671f0f4;hp=eb0911e27e8c6778d6c8ec95b7dd60c002d923c3
-Description:
- The die_if_kernel function in arch/ia64/kernel/unaligned.c in Linux kernel
- 2.6.x before 2.6.15.6, possibly when compiled with certain versions of gcc,
- has the "noreturn" attribute set, which allows local users to cause a denial
- of service by causing user faults on Itanium systems.
-Notes:
- dannf> Forwarded to Bjorn for 2.4-ia64 inclusion
-Bugs:
-upstream: released (2.6.15.6)
-linux-2.6.16:
-linux-2.6: released (2.6.15-8)
-2.6.8-sarge-security: released (2.6.8-16sarge3)
-2.4.27-sarge-security: released (2.4.27-10sarge3)
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
Deleted: patch-tracking/CVE-2006-0744
===================================================================
--- patch-tracking/CVE-2006-0744 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2006-0744 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,21 +0,0 @@
-Candidate: CVE-2006-0744
-References:
-Description:
- signal catching issue on em64t; similar to CVE-2006-0741
-Notes:
- dannf> looks like redhat has developed a patch for their 2.4
- .
- dannf> no upstream 2.4 fix, and it is amd64-specific, so ignoring for
- 2.4/sarge3
-Bugs:
-upstream:
-linux-2.6.16:
-linux-2.6: released (2.6.16-7)
-2.6.8-sarge-security: released (2.6.8-16sarge3) [em64t-uncanonical-return-addr.dpatch]
-2.4.27-sarge-security: ignored (2.4.27-10sarge3)
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
Deleted: patch-tracking/CVE-2006-1055
===================================================================
--- patch-tracking/CVE-2006-1055 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2006-1055 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,27 +0,0 @@
-Candidate: CVE-2006-1055
-References:
-Description:
- Quoting Greg KH:
- Al just pointed me at an old sysfs patch that went into the tree last
- year that has some potential security problems. Turns out that if you
- write to a sysfs file exactly PAGE_SIZE worth of data, with no zeros in
- it, there's a good chance you could read off the end of the kernel
- buffer into who knows where.
-Notes:
- jmm> This was judged non-exploitable by Al Viro, but it's still a local DoS
- jmm> 2.4 N/A, as it doesn't have sysfs
- .
- troyh> N/A for sarge, it was broken in 2.6.12 - 2.6.17-rc1. 2.6.8 is fine,
- and since its's sysfs 2.4 is N/A.
-Bugs:
-upstream: released (2.6.17-rc1), released (2.6.16.2)
-linux-2.6.16:
-linux-2.6: released (2.6.16-6)
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2006-1056
===================================================================
--- patch-tracking/CVE-2006-1056 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2006-1056 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,30 +0,0 @@
-Candidate: CVE-2006-1056
-References:
- CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187910
- CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187911
- URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=114548768214478&w=2
- URL:http://www.securityfocus.com/bid/17600
- URL:http://xforce.iss.net/xforce/xfdb/25871
-Description:
- The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on
- AMD64 and other 7th and 8th generation AuthenticAMD processors, only
- save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an
- exception is pending, which allows one process to determine portions of the
- state of floating point instructions of other processes, which can be
- leveraged to obtain sensitive information such as cryptographic keys. NOTE:
- this is the documented behavior of AMD64 processors, but it is inconsistent
- with Intel processers in a security-relevant fashion that was not addressed
- by the kernels.
-Notes:
-Bugs:
-upstream: released (2.4.33-pre3), released (2.6.16.9)
-linux-2.6.16:
-linux-2.6: released (2.6.16-9)
-2.6.8-sarge-security: released (2.6.8-16sarge3)
-2.4.27-sarge-security: released (2.4.27-10sarge3)
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
Deleted: patch-tracking/CVE-2006-1066
===================================================================
--- patch-tracking/CVE-2006-1066 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2006-1066 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,41 +0,0 @@
-Candidate: CVE-2006-1066
-References:
-Description: 2.6.8 ia64 kernel w/ PREEMPT enabled permits local DoS (oops)
-Notes:
- From: dann frazier <dannf at dannf.org>
- To: team at security.debian.org
- Subject: kernel-image-2.6.8-ia64 - disable preempt
- Date: Fri, 25 Mar 2005 18:57:59 -0700
- .
- hey security team,
- Its likely that kernel-image-2.6.8-ia64 (2.6.8-12) will be the version
- that ships in sarge. This kernel has CONFIG_PREEMPT enabled, which has
- at least one known issue in ptrace code that lets an unpriveleged
- userspace process trigger an oops. This issue went away upstream by
- 2.6.9, but its unclear what actually fixed it. SuSE/RedHat disable
- PREEMPT for ia64 (or so I'm told), so they are not affected. This same
- test case does _not_ fail on x86, which also has PREEMPT enabled for
- sarge.
- .
- This issue has been known for a while, but I waited until after d-i
- RC3 to upload it, since it changes the ABI. This fix is in the 2.6.8-13
- build in unstable, but the release team is blocking this kernel from
- normal sarge propagation to keep the kernel udebs in sync.
- .
- .
- dannf> This is only a config change, so it requires no changes to
- dannf> kernel-source-2.6.8, but I'll use the kernel-source version
- dannf> for the pending/released tags to match the others.
-Bugs:
-upstream:
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: released (2.6.8-16sarge2)
-2.4.27-sarge-security: N/A
-2.6.8: needed
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2006-1242
===================================================================
--- patch-tracking/CVE-2006-1242 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2006-1242 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,39 +0,0 @@
-Candidate: CVE-2006-1242
-References:
-http://www.kernel.org/git/gitweb.cgi?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1a55d57b107c3e06935763905dc0fb235214569d
-Description:
- [TCP]: Do not use inet->id of global tcp_socket when sending RST.
- .
- The problem is in ip_push_pending_frames(), which uses:
- . if (!df) {
- . __ip_select_ident(iph, &rt->u.dst, 0);
- . } else {
- . iph->id = htons(inet->id++);
- . }
- .
- instead of ip_select_ident().
- .
- Right now I think the code is a nonsense. Most likely, I copied it from
- old ip_build_xmit(), where it was really special, we had to decide
- whether to generate unique ID when generating the first (well, the last)
- fragment.
- .
- In ip_push_pending_frames() it does not make sense, it should use plain
- ip_select_ident() instead.
-Notes:
- jmm> 2.4 doesn't seem to be affected, but I'd prefer a second look before
- jmm> marking it N/A
- .
- dannf> troyh gave me a patch for 2.4, so I guess it is affected
-Bugs:
-upstream: released (2.6.16.1)
-linux-2.6.16:
-linux-2.6: released (2.6.16-4)
-2.6.8-sarge-security: released (2.6.8-16sarge3)
-2.4.27-sarge-security: released (2.4.27-10sarge3)
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
Deleted: patch-tracking/CVE-2006-1342
===================================================================
--- patch-tracking/CVE-2006-1342 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2006-1342 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,26 +0,0 @@
-Candidate: CVE-2006-1342
-References:
- http://marc.theaimsgroup.com/?l=linux-netdev&m=114148078223594&w=2
- http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=09d3b3dcfa80c9094f1748c1be064b9326c9ef2b
-Description:
- net/ipv4/af_inet.c in Linux kernel 2.4 does not clear sockaddr_in.sin_zero
- before returning IPv4 socket names from the (1) getsockname, (2) getpeername,
- and (3) accept functions, which allows local users to obtain portions of
- potentially sensitive memory.
-Notes:
- jmm> getorigdst() requires the fix in 2.6.8, inet_getname() is already fixed
- dannf> both CVE-2006-1342 & CVE-2006-1343 were fixed by the same patch;
- however we actually coincidentally already fixed 1343 in the
- 043_ipsec.diff patch
-Bugs:
-upstream: released (2.4.33-pre3)
-linux-2.6.16:
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: released (2.4.27-1)
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
Deleted: patch-tracking/CVE-2006-1368
===================================================================
--- patch-tracking/CVE-2006-1368 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2006-1368 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,24 +0,0 @@
-Candidate: CVE-2006-1368
-References:
- http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8763716bfe4d8a16bef28c9947cf9d799b1796a5
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16
-Description:
- Buffer overflow in the USB Gadget RNDIS implementation in the Linux kernel before
- 2.6.16 allows remote attackers to cause a denial of service (kmalloc'd memory
- corruption) via a remote NDIS response to OID_GEN_SUPPORTED_LIST, which causes
- memory to be allocated for the reply data but not the reply structure.
-Notes:
- dannf> Marcelo has posted a patch identical to ours and has asked for
- feedback, so it should be upstream soon
-Bugs:
-upstream: released (2.6.16)
-linux-2.6.16:
-linux-2.6: released (2.6.16-1)
-2.6.8-sarge-security: released (2.6.8-16sarge3)
-2.4.27-sarge-security: released (2.4.27-10sarge3)
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
Deleted: patch-tracking/CVE-2006-1522
===================================================================
--- patch-tracking/CVE-2006-1522 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2006-1522 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,17 +0,0 @@
-Candidate: CVE-2006-1522
-References:
-Description:
-Notes:
- jmm> Vulnerable code not present in 2.6.8 and 2.4
-Bugs:
-upstream: released (2.6.16.3)
-linux-2.6.16:
-linux-2.6: released (2.6.16-7)
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2006-1523
===================================================================
--- patch-tracking/CVE-2006-1523 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2006-1523 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,24 +0,0 @@
-Candidate: CVE-2006-1523
-References:
- MLIST:[linux-kernel] 20060411 [PATCH] __group_complete_signal: remove bogus BUG_ON
- URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=114476543426600&w=2
- CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188604
- BID:17640
- URL:http://www.securityfocus.com/bid/17640
-Description:
- The __group_complete_signal function in the RCU signal handling (signal.c) in
- Linux kernel 2.6.16, and possibly other versions, has unknown impact and
- attack vectors related to improper use of BUG_ON.
-Notes:
-Bugs:
-upstream: released (2.6.16.4)
-linux-2.6.16:
-linux-2.6: released (2.6.16-7)
-2.6.8-sarge-security: released (2.6.8-16sarge3)
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2006-1524
===================================================================
--- patch-tracking/CVE-2006-1524 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2006-1524 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,29 +0,0 @@
-Candidate: CVE-2006-1524
-References:
- CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.6
- BID:17587
- URL:http://www.securityfocus.com/bid/17587
- SECUNIA:19664
- URL:http://secunia.com/advisories/19664
- SECUNIA:19657
- URL:http://secunia.com/advisories/19657
-Description:
- madvise_remove in Linux kernel 2.6.16 up to 2.6.16.6 does not follow
- file and mmap restrictions, which allows local users to bypass IPC
- permissions and replace portions of readonly tmpfs files with zeroes,
- aka the MADV_REMOVE vulnerability. NOTE: this description was
- originally written in a way that combined two separate issues. The
- mprotect issue now has a separate name, CVE-2006-2071.
-Notes:
-Bugs:
-upstream: released (2.6.16.7)
-linux-2.6.16:
-linux-2.6:
-2.6.8-sarge-security: released (2.6.8-16sarge3)
-2.4.27-sarge-security: released (2.4.27-10sarge3)
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
Deleted: patch-tracking/CVE-2006-1525
===================================================================
--- patch-tracking/CVE-2006-1525 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2006-1525 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,24 +0,0 @@
-Candidate: CVE-2006-1525
-References:
- CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.8
- CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189346
- URL:http://www.securityfocus.com/bid/17593
- URL:http://xforce.iss.net/xforce/xfdb/25872
-Description:
- ip_route_input in Linux kernel 2.6 before 2.6.16.8 allows local users to
- cause a denial of service (panic) via a request for a route for a multicast
- IP address, which triggers a null dereference.
-Notes:
- dannf> Submitted to Marcelo for 2.4
-Bugs:
-upstream: released (2.6.16.8)
-linux-2.6.16:
-linux-2.6: released (2.6.16-9)
-2.6.8-sarge-security: released (2.6.8-16sarge3)
-2.4.27-sarge-security: released (2.4.27-10sarge3)
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
Deleted: patch-tracking/CVE-2006-1527
===================================================================
--- patch-tracking/CVE-2006-1527 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2006-1527 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,31 +0,0 @@
-Candidate: CVE-2006-1527
-References:
- CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.13
- TRUSTIX:2006-0024
- URL:http://www.trustix.org/errata/2006/0024
- BID:17806
- URL:http://www.securityfocus.com/bid/17806
- FRSIRT:ADV-2006-1632
- URL:http://www.frsirt.com/english/advisories/2006/1632
- OSVDB:25229
- URL:http://www.osvdb.org/25229
- SECUNIA:19926
- URL:http://secunia.com/advisories/19926
-Description:
- The SCTP-netfilter code in Linux kernel before 2.6.16.13 allows remote attackers to trigger a denial of
- service (infinite loop) via unknown vectors that cause an invalid SCTP chunk size to be processed by the
- for_each_sctp_chunk function.
-Notes:
- troyh> SCTP-netfilter code didn't exist until after 2.6.8
-Bugs:
-upstream: released (2.6.16.13)
-linux-2.6.16:
-linux-2.6: released (2.6.16-12)
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2006-1857
===================================================================
--- patch-tracking/CVE-2006-1857 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2006-1857 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,21 +0,0 @@
-Candidate: CVE-2006-1857
-References:
- http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=a601266e4f3c479790f373c2e3122a766d123652;hp=dd2d1c6f2958d027e4591ca5d2a04dfe36ca6512
-Description:
- Buffer overflow in SCTP in Linux kernel before 2.6.16.17 allows remote
- attackers to cause a denial of service (crash) and possibly execute arbitrary
- code via a malformed HB-ACK chunk.
-Notes:
- dannf> Submitted to Marcelo for 2.4
-Bugs:
-upstream: released (2.6.16.17)
-linux-2.6.16:
-linux-2.6: released (2.6.16-14)
-2.6.8-sarge-security: released (2.6.8-16sarge3)
-2.4.27-sarge-security: released (2.4.27-10sarge3)
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2006-1858
===================================================================
--- patch-tracking/CVE-2006-1858 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2006-1858 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,21 +0,0 @@
-Candidate: CVE-2006-1858
-References:
- http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=dd2d1c6f2958d027e4591ca5d2a04dfe36ca6512;hp=61c9fed41638249f8b6ca5345064eb1beb50179f
-Description:
- SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause a
- denial of service (crash) and possibly execute arbitrary code via a chunk
- length that is inconsistent with the actual length of provided parameters.
-Notes:
- dannf> Submitted to Marcello for 2.4
-Bugs:
-upstream: released (2.6.16.17)
-linux-2.6.16:
-linux-2.6: released (2.6.16-14)
-2.6.8-sarge-security: released (2.6.8-16sarge3)
-2.4.27-sarge-security: released (2.4.27-10sarge3)
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2006-1859
===================================================================
--- patch-tracking/CVE-2006-1859 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2006-1859 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,26 +0,0 @@
-Candidate: CVE-2006-1859
-References:
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.16
- http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.16.y.git;a=commit;h=1f0e637c94a9b0418
- http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.16.y.git;a=blobdiff;h=aa7f66091823dde953e15895dc427615701c39c7;hp=e75ac392a313f3fad823bf2e46a03f29701e3e34;hb=1f0e637c94a9b041833947c79110d6c02fff8618;f=fs/locks.c
- http://www.securityfocus.com/bid/17943
- http://www.frsirt.com/english/advisories/2006/1767
- http://secunia.com/advisories/20083
-Description:
- lease_init in fs/locks.c in Linux kernel before 2.6.16.16 allows attackers to
- cause a denial of service (fcntl_setlease lockup) via actions that cause
- lease_init to free a lock that might not have been allocated on the stack.
-Notes:
- jmm> The vulnerable NFS4 leases code was only introduced in 2.6.10
-Bugs:
-upstream: released (2.6.16.6)
-linux-2.6.16:
-linux-2.6: released (2.6.16-8)
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2006-1860
===================================================================
--- patch-tracking/CVE-2006-1860 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2006-1860 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,26 +0,0 @@
-Candidate: CVE-2006-1860
-References:
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.16
- http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.16.y.git;a=commit;h=1f0e637c94a9b0418
- http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.16.y.git;a=blobdiff;h=aa7f66091823dde953e15895dc427615701c39c7;hp=e75ac392a313f3fad823bf2e46a03f29701e3e34;hb=1f0e637c94a9b041833947c79110d6c02fff8618;f=fs/locks.c
- http://www.securityfocus.com/bid/17943
- http://www.frsirt.com/english/advisories/2006/1767
- http://secunia.com/advisories/20083
-Description:
- lease_init in fs/locks.c in Linux kernel before 2.6.16.16 allows attackers to
- cause a denial of service (fcntl_setlease lockup) via actions that cause
- lease_init to free a lock that might not have been allocated on the stack.
-Notes:
- jmm> The vulnerable NFS4 leases code was only introduced in 2.6.10
-Bugs:
-upstream: released (2.6.16.6)
-linux-2.6.16:
-linux-2.6: released (2.6.16-8)
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2006-1863
===================================================================
--- patch-tracking/CVE-2006-1863 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2006-1863 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,18 +0,0 @@
-Candidate: CVE-2006-1863
-References:
- http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=296034f7de8bdf111984ce1630ac598a9c94a253
-Description: cifs chroot escape
-Notes:
- jmm> 2.4 doesn't have CIFS
-Bugs:
-upstream: released (2.6.16.11)
-linux-2.6.16:
-linux-2.6: released (2.6.16-10)
-2.6.8-sarge-security: released (2.6.8-16sarge3)
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2006-1864
===================================================================
--- patch-tracking/CVE-2006-1864 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2006-1864 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,22 +0,0 @@
-Candidate: CVE-2006-1864
-References:
- CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189435
- URL:http://www.trustix.org/errata/2006/0026
- URL:http://www.securityfocus.com/bid/17735
-Description:
- Directory traversal vulnerability in smbfs in Linux 2.6.16 and earlier allows
- local users to escape chroot restrictions for an SMB-mounted filesystem via
- "..\\" sequences, a similar vulnerability to CVE-2006-1863.
-Notes:
-Bugs:
-upstream: pending (2.4.33-pre4), released (2.6.16.14)
-linux-2.6.16:
-linux-2.6: released (2.6.16-10)
-2.6.8-sarge-security: released (2.6.8-16sarge3)
-2.4.27-sarge-security: released (2.4.27-10sarge3)
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
Deleted: patch-tracking/CVE-2006-2271
===================================================================
--- patch-tracking/CVE-2006-2271 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2006-2271 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,28 +0,0 @@
-Candidate: CVE-2006-2271
-References:
- FULLDISC:20060508 [MU-200605-01] Multiple vulnerabilities in Linux SCTP 2.6.16
- URL:http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0227.html
- MISC:http://labs.musecurity.com/advisories/MU-200605-01.txt
- CONFIRM:http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=35d63edb1c807bc5317e49592260e84637bc432e
- FRSIRT:ADV-2006-1734
- URL:http://www.frsirt.com/english/advisories/2006/1734
- SECUNIA:19990
- URL:http://secunia.com/advisories/19990
-Description:
- The ECNE chunk handling in Linux SCTP (lksctp) before 2.6.17 allows remote
- attackers to cause a denial of service (kernel panic) via an unexpected chunk
- when the session is in CLOSED state.
-Notes:
- dannf> Forwarded to Marcelo for 2.4 inclusion
-Bugs:
-upstream: released (2.6.16.15)
-linux-2.6.16:
-linux-2.6: released (2.6.16-13)
-2.6.8-sarge-security: released (2.6.8-16sarge3)
-2.4.27-sarge-security: released (2.4.27-10sarge3)
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2006-2272
===================================================================
--- patch-tracking/CVE-2006-2272 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2006-2272 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,23 +0,0 @@
-Candidate: CVE-2006-2272
-References:
- CONFIRM:http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=62b08083ec3dbfd7e533c8d230dd1d8191a6e813
- URL:http://www.securityfocus.com/bid/17910
- URL:http://xforce.iss.net/xforce/xfdb/26431
-Description:
- Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial
- of service (kernel panic) via incoming IP fragmented (1) COOKIE_ECHO and (2)
- HEARTBEAT SCTP control chunks.
-Notes:
- dannf> Submitted to Marcelo for inclusion in 2.4
-Bugs:
-upstream: released (2.6.16.15)
-linux-2.6.16:
-linux-2.6: released (2.6.16-13)
-2.6.8-sarge-security: released (2.6.8-16sarge3)
-2.4.27-sarge-security: released (2.4.27-10sarge3)
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2006-2274
===================================================================
--- patch-tracking/CVE-2006-2274 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2006-2274 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,26 +0,0 @@
-Candidate: CVE-2006-2274
-References:
- CONFIRM:http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=672e7cca17ed6036a1756ed34cf20dbd72d5e5f6
- URL:http://www.securityfocus.com/bid/17955
- URL:http://secunia.com/advisories/20237
- URL:http://xforce.iss.net/xforce/xfdb/26432
-Description:
- Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial
- of service (infinite recursion and crash) via a packet that contains two or
- more DATA fragments, which causes an skb pointer to refer back to itself when
- the full message is reassembled, leading to infinite recursion in the
- sctp_skb_pull function.
-Notes:
- dannf> Submitted to Marcelo for 2.4
-Bugs:
-upstream: released (2.6.16.15)
-linux-2.6.16:
-linux-2.6: released (2.6.16-13)
-2.6.8-sarge-security: released (2.6.8-16sarge3)
-2.4.27-sarge-security: released (2.4.27-10sarge3)
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Deleted: patch-tracking/CVE-2006-2451
===================================================================
--- patch-tracking/CVE-2006-2451 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2006-2451 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,16 +0,0 @@
-Candidate: CVE-2006-2451
-References:
-Description:
- The suid_dumpable support in Linux kernel 2.6.13 up to versions before
- 2.6.17.4, and 2.6.16 before 2.6.16.24, allows a local user to cause a denial
- of service (disk consumption) and possibly gain privileges via the
- PR_SET_DUMPABLE argument of the prctl function and a program that causes a
- core dump file to be created in a directory for which the user does not have
- permissions.
-Notes:
-Bugs:
-upstream: released (2.6.16.14), released (2.6.17.4)
-linux-2.6.16:
-linux-2.6: released (2.6.16-17)
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
\ No newline at end of file
Deleted: patch-tracking/CVE-2006-3626
===================================================================
--- patch-tracking/CVE-2006-3626 2006-08-14 02:18:53 UTC (rev 531)
+++ patch-tracking/CVE-2006-3626 2006-08-14 02:24:50 UTC (rev 532)
@@ -1,15 +0,0 @@
-Candidate: CVE-2006-3626
-References:
- FULLDISC:20060714, http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047907.html
- http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=18b0bbd8ca6d3cb90425aa0d77b99a762c6d6de3
-Description: Linux kernel 0day - dynamite inside, don't burn your fingers
- Race condition in Linux kernel 2.6.17.4 and earlier allows local users
- to gain root privileges by using prctl with PR_SET_DUMPABLE in a way
- that causes /proc/self/environ to become setuid root.
-Notes:
-Bugs:
-upstream: released (2.6.16.25, 2.6.17.5)
-linux-2.6.16:
-linux-2.6: released (2.6.16-17, 2.6.17-4)
-2.6.8-sarge-security: released (2.6.8-16sarge4)
-2.4.27-sarge-security: N/A
Copied: patch-tracking/retired/CVE-2002-0429 (from rev 520, patch-tracking/CVE-2002-0429)
===================================================================
--- patch-tracking/CVE-2002-0429 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2002-0429 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,29 @@
+Candidate: CVE-2002-0429
+References:
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.4/cset@3dd4f4b1MbvSSVddY8E_Yx0bGPux8w?nav=index.html|src/|src/arch|src/arch/i386|src/arch/i386/kernel|related/arch/i386/kernel/entry.S
+ BUGTRAQ:20020308 linux <=2.4.18 x86 traps.c problem
+ CONFIRM:http://www.openwall.com/linux/
+ DEBIAN:DSA-311
+ DEBIAN:DSA-312
+ DEBIAN:DSA-332
+ DEBIAN:DSA-336
+ DEBIAN:DSA-442
+ REDHAT:RHSA-2002:158
+ BID:4259
+ XF:linux-ibcs-lcall-process(8420)
+Description:
+ The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local
+ users to kill arbitrary processes via a a binary compatibility interface (lcall).
+Notes:
+Bugs:
+upstream: released (2.4.20)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-6)
+2.4.17-woody-security: released (2.4.17-1woody1)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: released (62.4)
Copied: patch-tracking/retired/CVE-2003-0001 (from rev 520, patch-tracking/CVE-2003-0001)
===================================================================
--- patch-tracking/CVE-2003-0001 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2003-0001 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,38 @@
+Candidate: CVE-2003-0001
+References:
+ ATSTAKE:A010603-1
+ URL:http://www.atstake.com/research/advisories/2003/a010603-1.txt
+ BUGTRAQ:20030110 More information regarding Etherleak
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104222046632243&w=2
+ VULNWATCH:20030110 More information regarding Etherleak
+ URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.html
+ MISC:http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf
+ CERT-VN:VU#412115
+ URL:http://www.kb.cert.org/vuls/id/412115
+ REDHAT:RHSA-2003:025
+ URL:http://www.redhat.com/support/errata/RHSA-2003-025.html
+ OVAL:OVAL2665
+ URL:http://oval.mitre.org/oval/definitions/data/oval2665.html
+Description:
+ Multiple ethernet Network Interface Card (NIC) device drivers do not pad
+ frames with null bytes, which allows remote attackers to obtain information
+ from previous packets or kernel memory by using malformed packets, as
+ demonstrated by Etherleak.
+Notes:
+ dannf> A number of drivers had to be fixed, but when looking to see where this
+ dannf> patch had been applied, I just tracked the de600.c file changes. My
+ dannf> assumption is that all of the other drivers got fixed at the same time.
+ .
+ dannf> I've e-mailed the security team + mdz, asking for a patch
+Bugs:
+upstream: released (2.4.21-pre4)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: needed
+2.4.18-woody-security: released (2.4.18-7)
+2.4.17-woody-security: released (2.4.17-1woody1)
+2.4.16-woody-security: needed
+2.4.17-woody-security-hppa: needed
+2.4.17-woody-security-ia64: needed
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2003-0018 (from rev 520, patch-tracking/CVE-2003-0018)
===================================================================
--- patch-tracking/CVE-2003-0018 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2003-0018 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,38 @@
+Candidate: CVE-2003-0018
+References:
+ DEBIAN:DSA-358
+ DEBIAN:DSA-423
+ MANDRAKE:MDKSA-2003:014
+ REDHAT:RHSA-2003:025
+ BID:6763
+ XF:linux-odirect-information-leak(11249)
+Description:
+ Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the
+ O_DIRECT feature, which allows local attackers with write privileges to
+ read portions of previously deleted files, or cause file system
+ corruption.
+Notes:
+ dannf> It looks like the fix that was used in woody is to diable
+ dannf> O_DIRECT. Is this the upstream fix?
+ dannf> http://linux.bkbits.net:8080/linux-2.4/cset@3da0af3a87N78_-K9uAzGF_5cLsRkA?nav=index.html|tags|ChangeSet@..1.717.1.11
+ dannf> I've asked hch via e-mail
+ .
+ dannf> and here's his response:
+ .
+ The big O_DIRECT issues we had a while ago involved redoing large parts of
+ the locking so it's definitily not the patch above. It was fixed in 2.4.2x
+ for x = 2 or 3 IIRC. The 2.5.27 kernels in sarge ff are definitly okay.
+ .
+ dannf> Therefore, I'm marking >= sarge kernels N/A
+Bugs:
+upstream:
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-10)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.14.1)
+2.4.18-woody-security-hppa: released (62.4)
Copied: patch-tracking/retired/CVE-2003-0127 (from rev 520, patch-tracking/CVE-2003-0127)
===================================================================
--- patch-tracking/CVE-2003-0127 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2003-0127 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,62 @@
+Candidate: CVE-2003-0127
+References:
+ VULNWATCH:20030317 Fwd: Ptrace hole / Linux 2.2.25
+ URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0134.html
+ REDHAT:RHSA-2003:098
+ URL:http://rhn.redhat.com/errata/RHSA-2003-098.html
+ REDHAT:RHSA-2003:088
+ URL:http://rhn.redhat.com/errata/RHSA-2003-088.html
+ SUSE:SuSE-SA:2003:021
+ ENGARDE:ESA-20030318-009
+ DEBIAN:DSA-270
+ URL:http://www.debian.org/security/2003/dsa-270
+ DEBIAN:DSA-276
+ URL:http://www.debian.org/security/2003/dsa-276
+ DEBIAN:DSA-311
+ URL:http://www.debian.org/security/2003/dsa-311
+ DEBIAN:DSA-312
+ URL:http://www.debian.org/security/2003/dsa-312
+ DEBIAN:DSA-332
+ URL:http://www.debian.org/security/2003/dsa-332
+ DEBIAN:DSA-336
+ URL:http://www.debian.org/security/2003/dsa-336
+ DEBIAN:DSA-423
+ URL:http://www.debian.org/security/2004/dsa-423
+ DEBIAN:DSA-495
+ URL:http://www.debian.org/security/2004/dsa-495
+ MANDRAKE:MDKSA-2003:038
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:038
+ MANDRAKE:MDKSA-2003:039
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:039
+ CALDERA:CSSA-2003-020.0
+ URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-020.0.txt
+ ENGARDE:ESA-20030515-017
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105301461726555&w=2
+ REDHAT:RHSA-2003:145
+ URL:http://www.redhat.com/support/errata/RHSA-2003-145.html
+ GENTOO:GLSA-200303-17
+ URL:http://security.gentoo.org/glsa/glsa-200303-17.xml
+ CERT-VN:VU#628849
+ URL:http://www.kb.cert.org/vuls/id/628849
+ OVAL:OVAL254
+ URL:http://oval.mitre.org/oval/definitions/data/oval254.html
+Description:
+ The kernel module loader in Linux kernel 2.2.x before 2.2.25, and
+ 2.4.x before 2.4.21, allows local users to gain root privileges by
+ using ptrace to attach to a child process that is spawned by the
+ kernel.
+Notes:
+ Changeset comments say "Linux 2.5 is not believed to be vulnerable.",
+ so marking this issue as N/A for 2.6.
+Bugs:
+upstream: released (2.4.21-pre6)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody2)
+2.4.18-woody-security: released (2.4.18-7)
+2.4.17-woody-security: released (2.4.17-1woody1)
+2.4.16-woody-security: released (2.4.16-1woody2)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.14.1)
+2.4.18-woody-security-hppa: released (62.4)
Copied: patch-tracking/retired/CVE-2003-0187 (from rev 520, patch-tracking/CVE-2003-0187)
===================================================================
--- patch-tracking/CVE-2003-0187 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2003-0187 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,25 @@
+Candidate: CVE-2003-0187
+References:
+ http://marc.theaimsgroup.com/?l=bugtraq&m=105986028426824&w=2
+ http://oval.mitre.org/oval/definitions/data/oval260.html
+Description:
+ The connection tracking core of Netfilter for Linux 2.4.20, with
+ CONFIG_IP_NF_CONNTRACK enabled or the ip_conntrack module loaded, allows remote
+ attackers to cause a denial of service (resource consumption) due to an
+ inconsistency with Linux 2.4.20's support of linked lists, which causes
+ Netfilter to fail to identify connections with an UNCONFIRMED status and
+ use large timeouts.
+Notes:
+ This was fixed before 2.6.0:
+ http://linux.bkbits.net:8080/linux-2.6/cset@3e631f9evO15b8EcYa8btEi07F2mYQ?nav=index.html|src/|src/include|src/include/linux|src/include/linux/netfilter_ipv4|related/include/linux/netfilter_ipv4/ip_conntrack.h
+Bugs:
+upstream: released (2.4.21)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2003-0244 (from rev 520, patch-tracking/CVE-2003-0244)
===================================================================
--- patch-tracking/CVE-2003-0244 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2003-0244 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,50 @@
+Candidate: CVE-2003-0244
+References:
+ VULNWATCH:20030517 Algorithmic Complexity Attacks and the Linux Networking Code
+ URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0073.html
+ MISC:http://www.enyo.de/fw/security/notes/linux-dst-cache-dos.html
+ MISC:http://marc.theaimsgroup.com/?l=linux-kernel&m=104956079213417
+ REDHAT:RHSA-2003:145
+ URL:http://www.redhat.com/support/errata/RHSA-2003-145.html
+ REDHAT:RHSA-2003:147
+ URL:http://www.redhat.com/support/errata/RHSA-2003-147.html
+ REDHAT:RHSA-2003:172
+ URL:http://www.redhat.com/support/errata/RHSA-2003-172.html
+ ENGARDE:ESA-20030515-017
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105301461726555&w=2
+ DEBIAN:DSA-311
+ URL:http://www.debian.org/security/2003/dsa-311
+ DEBIAN:DSA-312
+ URL:http://www.debian.org/security/2003/dsa-312
+ DEBIAN:DSA-332
+ URL:http://www.debian.org/security/2003/dsa-332
+ DEBIAN:DSA-336
+ URL:http://www.debian.org/security/2003/dsa-336
+ DEBIAN:DSA-442
+ URL:http://www.debian.org/security/2004/dsa-442
+ MANDRAKE:MDKSA-2003:066
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:066
+ MANDRAKE:MDKSA-2003:074
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:074
+ BUGTRAQ:20030618 [slackware-security] 2.4.21 kernels available (SSA:2003-168-01)
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105595901923063&w=2
+ OVAL:OVAL261
+ URL:http://oval.mitre.org/oval/definitions/data/oval261.html
+Description:
+ The route cache implementation in Linux 2.4, and the Netfilter IP conntrack
+ module, allows remote attackers to cause a denial of service (CPU consumption)
+ via packets with forged source addresses that cause a large number of hash
+ table collisions.
+Notes:
+Bugs:
+upstream: released (2.4.21-rc2)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released
+2.4.18-woody-security: released (2.4.18-8)
+2.4.17-woody-security: released (2.4.17-1woody1)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.14.1)
+2.4.18-woody-security-hppa: released (62.4)
Copied: patch-tracking/retired/CVE-2003-0246 (from rev 520, patch-tracking/CVE-2003-0246)
===================================================================
--- patch-tracking/CVE-2003-0246 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2003-0246 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,50 @@
+Candidate: CVE-2003-0246
+References:
+ REDHAT:RHSA-2003:172
+ URL:http://www.redhat.com/support/errata/RHSA-2003-172.html
+ REDHAT:RHSA-2003:147
+ URL:http://www.redhat.com/support/errata/RHSA-2003-147.html
+ ENGARDE:ESA-20030515-017
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105301461726555&w=2
+ DEBIAN:DSA-311
+ URL:http://www.debian.org/security/2003/dsa-311
+ DEBIAN:DSA-312
+ URL:http://www.debian.org/security/2003/dsa-312
+ DEBIAN:DSA-332
+ URL:http://www.debian.org/security/2003/dsa-332
+ DEBIAN:DSA-336
+ URL:http://www.debian.org/security/2003/dsa-336
+ DEBIAN:DSA-442
+ URL:http://www.debian.org/security/2004/dsa-442
+ MANDRAKE:MDKSA-2003:066
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:066
+ MANDRAKE:MDKSA-2003:074
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:074
+ TURBO:TLSA-2003-41
+ URL:http://www.turbolinux.com/security/TLSA-2003-41.txt
+ VULNWATCH:20030520 Linux 2.4 kernel ioperm vuln
+ URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0076.html
+ OVAL:OVAL278
+ URL:http://oval.mitre.org/oval/definitions/data/oval278.html
+Description:
+ The ioperm system call in Linux kernel 2.4.20 and earlier does not properly
+ restrict privileges, which allows local users to gain read or write access to
+ certain I/O ports.
+Notes:
+ It looks like the patch originally included in woody was just a one line
+ change; whereas there were two larger patches that went upstream. I'm
+ moving our trees forward to the upstream one.
+ .
+ Patch is x86 only.
+Bugs:
+upstream: released (2.4.21-rc4)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: pending (2.4.18-14.5)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: released (011226.14.1)
+2.4.18-woody-security-hppa: N/A
Copied: patch-tracking/retired/CVE-2003-0247 (from rev 520, patch-tracking/CVE-2003-0247)
===================================================================
--- patch-tracking/CVE-2003-0247 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2003-0247 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,42 @@
+Candidate: CVE-2003-0247
+References:
+ REDHAT:RHSA-2003:187
+ URL:http://www.redhat.com/support/errata/RHSA-2003-187.html
+ REDHAT:RHSA-2003:195
+ URL:http://www.redhat.com/support/errata/RHSA-2003-195.html
+ REDHAT:RHSA-2003:198
+ URL:http://www.redhat.com/support/errata/RHSA-2003-198.html
+ DEBIAN:DSA-311
+ URL:http://www.debian.org/security/2003/dsa-311
+ DEBIAN:DSA-312
+ URL:http://www.debian.org/security/2003/dsa-312
+ DEBIAN:DSA-332
+ URL:http://www.debian.org/security/2003/dsa-332
+ DEBIAN:DSA-336
+ URL:http://www.debian.org/security/2003/dsa-336
+ DEBIAN:DSA-442
+ URL:http://www.debian.org/security/2004/dsa-442
+ MANDRAKE:MDKSA-2003:066
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:066
+ MANDRAKE:MDKSA-2003:074
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:074
+ TURBO:TLSA-2003-41
+ URL:http://www.turbolinux.com/security/TLSA-2003-41.txt
+ OVAL:OVAL284
+ URL:http://oval.mitre.org/oval/definitions/data/oval284.html
+Description:
+ Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows
+ attackers to cause a denial of service ("kernel oops").
+Notes:
+Bugs:
+upstream: released (2.4.21-rc3)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-9)
+2.4.17-woody-security: released (2.4.17-1woody1)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.14.1)
+2.4.18-woody-security-hppa: released (62.4)
Copied: patch-tracking/retired/CVE-2003-0248 (from rev 520, patch-tracking/CVE-2003-0248)
===================================================================
--- patch-tracking/CVE-2003-0248 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2003-0248 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,42 @@
+Candidate: CVE-2003-0248
+References:
+ REDHAT:RHSA-2003:187
+ URL:http://www.redhat.com/support/errata/RHSA-2003-187.html
+ REDHAT:RHSA-2003:195
+ URL:http://www.redhat.com/support/errata/RHSA-2003-195.html
+ DEBIAN:DSA-311
+ URL:http://www.debian.org/security/2003/dsa-311
+ DEBIAN:DSA-312
+ URL:http://www.debian.org/security/2003/dsa-312
+ DEBIAN:DSA-332
+ URL:http://www.debian.org/security/2003/dsa-332
+ DEBIAN:DSA-336
+ URL:http://www.debian.org/security/2003/dsa-336
+ DEBIAN:DSA-442
+ URL:http://www.debian.org/security/2004/dsa-442
+ MANDRAKE:MDKSA-2003:066
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:066
+ MANDRAKE:MDKSA-2003:074
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:074
+ TURBO:TLSA-2003-41
+ URL:http://www.turbolinux.com/security/TLSA-2003-41.txt
+ OVAL:OVAL292
+ URL:http://oval.mitre.org/oval/definitions/data/oval292.html
+Description:
+ The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state
+ registers via a malformed address.
+Notes:
+ dannf> I think this is the patch:
+ dannf> http://linux.bkbits.net:8080/linux-2.4/cset@3f293760h0HL1XxaPHNYxPXmpO1k8g?nav=index.html|src/|src/arch|src/arch/i386|src/arch/i386/kernel|related/arch/i386/kernel/i387.c
+Bugs:
+upstream: released (2.4.22-pre10)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-9)
+2.4.17-woody-security: released (2.4.17-1woody1)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: released (011226.14.1)
+2.4.18-woody-security-hppa: N/A
Copied: patch-tracking/retired/CVE-2003-0364 (from rev 520, patch-tracking/CVE-2003-0364)
===================================================================
--- patch-tracking/CVE-2003-0364 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2003-0364 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,40 @@
+Candidate: CVE-2003-0364
+References:
+ REDHAT:RHSA-2003:187
+ URL:http://www.redhat.com/support/errata/RHSA-2003-187.html
+ REDHAT:RHSA-2003:195
+ URL:http://www.redhat.com/support/errata/RHSA-2003-195.html
+ REDHAT:RHSA-2003:198
+ URL:http://www.redhat.com/support/errata/RHSA-2003-198.html
+ DEBIAN:DSA-311
+ URL:http://www.debian.org/security/2003/dsa-311
+ DEBIAN:DSA-312
+ URL:http://www.debian.org/security/2003/dsa-312
+ DEBIAN:DSA-332
+ URL:http://www.debian.org/security/2003/dsa-332
+ DEBIAN:DSA-336
+ URL:http://www.debian.org/security/2003/dsa-336
+ DEBIAN:DSA-442
+ URL:http://www.debian.org/security/2004/dsa-442
+ TURBO:TLSA-2003-41
+ URL:http://www.turbolinux.com/security/TLSA-2003-41.txt
+ OVAL:OVAL295
+ URL:http://oval.mitre.org/oval/definitions/data/oval295.html
+Description:
+ The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote
+ attackers to cause a denial of service (CPU consumption) via certain packets that
+ cause a large number of hash table collisions.
+Notes:
+Bugs:
+upstream: released (2.4.21-rc7)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.2.20-woody-security: released (2.2.20-5woody2)
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-9)
+2.4.17-woody-security: released (2.4.17-1woody1)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.14.1)
+2.4.18-woody-security-hppa: released (62.4)
Copied: patch-tracking/retired/CVE-2003-0418 (from rev 520, patch-tracking/CVE-2003-0418)
===================================================================
--- patch-tracking/CVE-2003-0418 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2003-0418 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,21 @@
+Candidate: CVE-2003-0418
+References:
+ http://marc.theaimsgroup.com/?l=bugtraq&m=105519179005065&w=2
+ http://www.cartel-securite.fr/pbiondi/adv/CARTSA-20030314-icmpleak.txt
+ http://www.kb.cert.org/vuls/id/471084
+Description:
+ The Linux 2.0 kernel IP stack does not properly calculate the size of an ICMP
+ citation, which causes it to include portions of unauthorized memory in ICMP
+ error responses.
+Notes:
+Bugs:
+upstream:
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2003-0461 (from rev 520, patch-tracking/CVE-2003-0461)
===================================================================
--- patch-tracking/CVE-2003-0461 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2003-0461 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,36 @@
+Candidate: CVE-2003-0461
+References:
+ MISC:http://rsbac.dyndns.org/pipermail/rsbac/2002-May/000162.html
+ REDHAT:RHSA-2003:238
+ URL:http://www.redhat.com/support/errata/RHSA-2003-238.html
+ REDHAT:RHSA-2004:188
+ URL:http://www.redhat.com/support/errata/RHSA-2004-188.html
+ DEBIAN:DSA-358
+ URL:http://www.debian.org/security/2004/dsa-358
+ DEBIAN:DSA-423
+ URL:http://www.debian.org/security/2004/dsa-423
+ OVAL:OVAL304
+ URL:http://oval.mitre.org/oval/definitions/data/oval304.html
+ OVAL:OVAL997
+ URL:http://oval.mitre.org/oval/definitions/data/oval997.html
+ Description:
+ /proc/tty/driver/serial in Linux 2.4.x reveals the exact number
+ of characters used in serial links, which could allow local users
+ to obtain potentially sensitive information such as the length of
+ passwords.
+Notes:
+ dannf> Here's the patches I used:
+ http://linux.bkbits.net:8080/linux-2.4/cset@41a6020dX1GoVx_Eydy1jUOqc11tpw?nav=index.html|src/|src/fs|src/fs/proc|related/fs/proc/proc_tty.c
+ http://linux.bkbits.net:8080/linux-2.4/cset@41aca810DvutJ8aEj43OuUqJ4e1EIw?nav=index.html|src/|src/include|src/include/linux|related/include/linux/proc_fs.h
+Bugs:
+upstream: released (2.4.29-pre2, 2.6.1)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: released (2.4.27-1) [025_proc_tty_security.diff]
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-10)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.14.1)
+2.4.18-woody-security-hppa: released (62.4)
Copied: patch-tracking/retired/CVE-2003-0462 (from rev 520, patch-tracking/CVE-2003-0462)
===================================================================
--- patch-tracking/CVE-2003-0462 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2003-0462 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,47 @@
+Candidate: CVE-2003-0462
+References:
+ REDHAT:RHSA-2003:198
+ URL:http://www.redhat.com/support/errata/RHSA-2003-198.html
+ REDHAT:RHSA-2003:238
+ URL:http://www.redhat.com/support/errata/RHSA-2003-238.html
+ DEBIAN:DSA-358
+ URL:http://www.debian.org/security/2004/dsa-358
+ DEBIAN:DSA-423
+ URL:http://www.debian.org/security/2004/dsa-423
+ OVAL:OVAL309
+ URL:http://oval.mitre.org/oval/definitions/data/oval309.html
+Description:
+ A race condition in the way env_start and env_end pointers are
+ initialized in the execve system call and used in fs/proc/base.c
+ on Linux 2.4 allows local users to cause a denial of service
+ (crash).
+Notes:
+ The fix for 2.4 went into a larger patch:
+ http://linux.bkbits.net:8080/linux-2.4/cset@41c68e9bogrpceA9rUJa-xHwBd-P6g?nav=index.html|src/|src/fs|src/fs/proc|related/fs/proc/base.c
+ However, the patch for 2.6 is much simpler:
+ http://linux.bkbits.net:8080/linux-2.6/cset@3ff1101fZfOZMtqtcvKc_s-agJpLrQ?nav=index.html|src/|src/fs|src/fs/proc|related/fs/proc/base.c
+ Unfortunately, it doesn't apply cleanly to 2.4. It looks like
+ the fix included in 2.4.18-10 just re-typed len in
+ proc_pid_environ; while in 2.6 len was also retyped in
+ proc_pid_cmdline. Only the former deals with evn_end/env_start
+ pointers and the latter doesn't apply cleanly to 2.4, so I'm
+ just making the proc_pid_environ change.
+ .
+ hrm.. maybe there was an earlier patch to 2.4; the above 2.4
+ patch didn't go in till 2.4.29, yet it looks like this was
+ already fixed in our 2.4.27 .orig.tar.gz
+ .
+ jmm> I assume this was fixed upstream in 2.4.22-pre10?
+ jmm> o Fix /proc/self security issue
+Bugs:
+upstream: released (2.6.1), released (2.4.22-pre10)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-10)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.14.1)
+2.4.18-woody-security-hppa: released (62.4)
Copied: patch-tracking/retired/CVE-2003-0464 (from rev 520, patch-tracking/CVE-2003-0464)
===================================================================
--- patch-tracking/CVE-2003-0464 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2003-0464 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,27 @@
+Candidate: CVE-2003-0464
+References:
+ http://www.redhat.com/support/errata/RHSA-2003-238.html
+ http://oval.mitre.org/oval/definitions/data/oval311.html
+Description:
+ The RPC code in Linux kernel 2.4 sets the reuse flag when sockets are created,
+ which could allow local users to bind to UDP ports that are used by privileged
+ services such as nfsd.
+Notes:
+ I couldn't locate the patches RedHat & SuSE used, but Connectiva apparently
+ just #if 0'd out the sock->sk->reuse = 1; line in svcsock.c:svc_create_socket.
+ Upstream didn't disable it altogether; just for UDP
+ http://linux.bkbits.net:8080/linux-2.4/cset@3f1bdcc9r8An_GKkjlXeHBYDYOY11A?nav=index.html|src/|src/net|src/net/sunrpc|related/net/sunrpc/svcsock.c
+ I'm guessing this is a UDP-only problem, so that is probably the fix we want.
+ .
+ This fix was in before 2.6.0.
+Bugs:
+upstream: released (2.4.22-pre8)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Copied: patch-tracking/retired/CVE-2003-0465 (from rev 520, patch-tracking/CVE-2003-0465)
===================================================================
--- patch-tracking/CVE-2003-0465 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2003-0465 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,34 @@
+Candidate: CVE-2003-0465
+References:
+ CONFIRM:http://marc.theaimsgroup.com/?l=linux-kernel&m=105796021120436&w=2
+ CONFIRM:http://marc.theaimsgroup.com/?l=linux-kernel&m=105796415223490&w=2
+ REDHAT:RHSA-2004:188
+ URL:http://www.redhat.com/support/errata/RHSA-2004-188.html
+Description:
+ The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad
+ the buffer on architectures other than x86, as opposed to the expected
+ behavior of strncpy as implemented in libc, which could lead to
+ information leaks.
+Notes:
+ 2.4.27-8 fixes s390x, ppc64 and s390 but leaves mips & alpha unfixed.
+ .
+ horms> N.B. This bug appears to be minor at best
+ horms> http://marc.theaimsgroup.com/?l=linux-kernel&m=105796021120436&w=2
+ .
+ dannf> Since this is minor, I'm gonna consider the existing patch "good enough"
+ dannf> and mark the 2.4 issues as complete.
+ jmm> Alan Cox wrote in above URL that these will be addressed during the 2.5
+ jmm> cycle, so I guess it's pretty safe to make all the 2.6 kernels as fixed
+ jmm> The ramifications are minor anyway
+Bugs:
+upstream:
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: released (2.4.27-8)
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: needed
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
Copied: patch-tracking/retired/CVE-2003-0467 (from rev 520, patch-tracking/CVE-2003-0467)
===================================================================
--- patch-tracking/CVE-2003-0467 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2003-0467 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,25 @@
+Candidate: CVE-2003-0467
+References:
+ http://marc.theaimsgroup.com/?l=bugtraq&m=105985703724758&w=2
+Description:
+ Unknown vulnerability in ip_nat_sack_adjust of Netfilter in Linux kernels
+ 2.4.20, and some 2.5.x, when CONFIG_IP_NF_NAT_FTP or CONFIG_IP_NF_NAT_IRC is
+ enabled, or the ip_nat_ftp or ip_nat_irc modules are loaded, allows remote
+ attackers to cause a denial of service (crash) in systems using NAT, possibly
+ due to an integer signedness error.
+Notes:
+ http://linux.bkbits.net:8080/linux-2.4/cset@3ea42919d7UMn5WVhEYYcN5hnvM6fA?nav=index.html|src/|src/net|src/net/ipv4|src/net/ipv4/netfilter|related/net/ipv4/netfilter/ip_nat_helper.c
+ .
+ Looks like this was fixed before 2.6.0:
+ http://linux.bkbits.net:8080/linux-2.6/cset@3eb76c8aWimEpZAEU5Xbu-LPK-NxeA?nav=index.html|src/|src/net|src/net/ipv4|src/net/ipv4/netfilter|related/net/ipv4/netfilter/ip_nat_helper.c
+Bugs:
+upstream: released (2.4.21-rc1)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Copied: patch-tracking/retired/CVE-2003-0476 (from rev 520, patch-tracking/CVE-2003-0476)
===================================================================
--- patch-tracking/CVE-2003-0476 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2003-0476 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,37 @@
+Candidate: CVE-2003-0476
+References:
+ BUGTRAQ:20030626 Linux 2.4.x execve() file read race vulnerability
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105664924024009&w=2
+ MANDRAKE:MDKSA-2003:074
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:074
+ REDHAT:RHSA-2003:238
+ URL:http://www.redhat.com/support/errata/RHSA-2003-238.html
+ REDHAT:RHSA-2003:368
+ URL:http://www.redhat.com/support/errata/RHSA-2003-368.html
+ REDHAT:RHSA-2003:408
+ URL:http://www.redhat.com/support/errata/RHSA-2003-408.html
+ SUSE:SuSE-SA:2003:034
+ DEBIAN:DSA-358
+ URL:http://www.debian.org/security/2004/dsa-358
+ DEBIAN:DSA-423
+ URL:http://www.debian.org/security/2004/dsa-423
+ OVAL:OVAL327
+ URL:http://oval.mitre.org/oval/definitions/data/oval327.html
+Description:
+ The execve system call in Linux 2.4.x records the file
+ descriptor of the executable process in the file table of the
+ calling process, which allows local users to gain read access to
+ restricted file descriptors.
+Notes:
+Bugs:
+upstream: released (2.4.22-pre4, 2.6.1)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-10)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.14.1)
+2.4.18-woody-security-hppa: released (62.4)
Copied: patch-tracking/retired/CVE-2003-0501 (from rev 520, patch-tracking/CVE-2003-0501)
===================================================================
--- patch-tracking/CVE-2003-0501 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2003-0501 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,33 @@
+Candidate: CVE-2003-0501
+References:
+ BUGTRAQ:20030620 Linux /proc sensitive information disclosure
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105621758104242
+ REDHAT:RHSA-2003:198
+ URL:http://www.redhat.com/support/errata/RHSA-2003-198.html
+ REDHAT:RHSA-2003:238
+ URL:http://www.redhat.com/support/errata/RHSA-2003-238.html
+ SUSE:SuSE-SA:2003:034
+ DEBIAN:DSA-358
+ URL:http://www.debian.org/security/2004/dsa-358
+ DEBIAN:DSA-423
+ URL:http://www.debian.org/security/2004/dsa-423
+ OVAL:OVAL328
+ URL:http://oval.mitre.org/oval/definitions/data/oval328.html
+Description:
+ The /proc filesystem in Linux allows local users to obtain
+ sensitive information by opening various entries in /proc/self
+ before executing a setuid program, which causes the program to
+ fail to change the ownership and permissions of those entries.
+Notes:
+Bugs:
+upstream: released (2.4.22-pre10)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-10)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.14.1)
+2.4.18-woody-security-hppa: released (62.4)
Copied: patch-tracking/retired/CVE-2003-0550 (from rev 520, patch-tracking/CVE-2003-0550)
===================================================================
--- patch-tracking/CVE-2003-0550 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2003-0550 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,26 @@
+Candidate: CVE-2003-0550
+References:
+ REDHAT:RHSA-2003:238
+ URL:http://www.redhat.com/support/errata/RHSA-2003-238.html
+ DEBIAN:DSA-358
+ URL:http://www.debian.org/security/2004/dsa-358
+ DEBIAN:DSA-423
+ URL:http://www.debian.org/security/2004/dsa-423
+ OVAL:OVAL380
+ URL:http://oval.mitre.org/oval/definitions/data/oval380.html
+Description:
+ The STP protocol, as enabled in Linux 2.4.x, does not provide sufficient
+ security by design, which allows attackers to modify the bridge topology.
+Notes:
+Bugs:
+upstream: released (2.4.22-pre3)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-10)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.14.1)
+2.4.18-woody-security-hppa: released (62.4)
Copied: patch-tracking/retired/CVE-2003-0551 (from rev 520, patch-tracking/CVE-2003-0551)
===================================================================
--- patch-tracking/CVE-2003-0551 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2003-0551 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,28 @@
+Candidate: CVE-2003-0551
+References:
+ REDHAT:RHSA-2003:198
+ URL:http://www.redhat.com/support/errata/RHSA-2003-198.html
+ REDHAT:RHSA-2003:238
+ URL:http://www.redhat.com/support/errata/RHSA-2003-238.html
+ DEBIAN:DSA-358
+ URL:http://www.debian.org/security/2004/dsa-358
+ DEBIAN:DSA-423
+ URL:http://www.debian.org/security/2004/dsa-423
+ OVAL:OVAL384
+ URL:http://oval.mitre.org/oval/definitions/data/oval384.html
+Description:
+ The STP protocol implementation in Linux 2.4.x does not properly verify
+ certain lengths, which could allow attackers to cause a denial of service.
+Notes:
+Bugs:
+upstream: released (2.4.22-pre3)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-10)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.14.1)
+2.4.18-woody-security-hppa: released (62.4)
Copied: patch-tracking/retired/CVE-2003-0552 (from rev 520, patch-tracking/CVE-2003-0552)
===================================================================
--- patch-tracking/CVE-2003-0552 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2003-0552 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,28 @@
+Candidate: CVE-2003-0552
+References:
+ REDHAT:RHSA-2003:198
+ URL:http://www.redhat.com/support/errata/RHSA-2003-198.html
+ REDHAT:RHSA-2003:238
+ URL:http://www.redhat.com/support/errata/RHSA-2003-238.html
+ DEBIAN:DSA-358
+ URL:http://www.debian.org/security/2004/dsa-358
+ DEBIAN:DSA-423
+ URL:http://www.debian.org/security/2004/dsa-423
+ OVAL:OVAL385
+ URL:http://oval.mitre.org/oval/definitions/data/oval385.html
+Description:
+ Linux 2.4.x allows remote attackers to spoof the bridge Forwarding table
+ via forged packets whose source addresses are the same as the target.
+Notes:
+Bugs:
+upstream: released (2.4.22-pre3)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-10)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.14.1)
+2.4.18-woody-security-hppa: released (62.4)
Copied: patch-tracking/retired/CVE-2003-0643 (from rev 520, patch-tracking/CVE-2003-0643)
===================================================================
--- patch-tracking/CVE-2003-0643 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2003-0643 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,25 @@
+Candidate: CVE-2003-0643
+References:
+ http://www.ultramonkey.org/bugs/cve/CAN-2003-0643.shtml
+ http://www.ultramonkey.org/bugs/cve-patch/CAN-2003-0643.patch
+ http://gentoo.kems.net/gentoo-x86-portage/sys-kernel/gentoo-sources/ChangeLog
+ http://mirror.clarkson.edu/pub/distributions/gentoo-portage/sys-kernel/wolk-sources/ChangeLog
+ http://ftp.belnet.be/linux/gentoo-portage/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.CAN-2003-0643.patch
+Description:
+ Integer signedness error in the Linux Socket Filter implementation (filter.c)
+ in Linux 2.4.3-pre3 to 2.4.22-pre10 allows attackers to cause a denial of
+ service (crash).
+Notes:
+ Fixed before 2.6.0:
+ http://linux.bkbits.net:8080/linux-2.4/cset@3f216072qjoeL8BVUjH-swPkd1CRgA?nav=index.html|src/|src/net|src/net/core|related/net/core/filter.c
+Bugs:
+upstream: released (2.4.22-pre10)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Copied: patch-tracking/retired/CVE-2003-0699 (from rev 520, patch-tracking/CVE-2003-0699)
===================================================================
--- patch-tracking/CVE-2003-0699 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2003-0699 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,24 @@
+Candidate: CVE-2003-0699
+References:
+ http://www.redhat.com/support/errata/RHSA-2003-198.html
+ http://www.redhat.com/support/errata/RHSA-2003-238.html
+ http://oval.mitre.org/oval/definitions/data/oval387.html
+Description:
+ The C-Media PCI sound driver in Linux before 2.4.21 does not use the get_user
+ function to access userspace, which crosses security boundaries and may
+ facilitate the exploitation of vulnerabilities, a different vulnerability than
+ CVE-2003-0700.
+Notes:
+ Fixed before 2.6.0. 2.4 patch:
+ http://linux.bkbits.net:8080/linux-2.4/cset@3eb6f77bdzIdwwIbhYPVK6Cu16OhBQ?nav=index.html|src/|src/drivers|src/drivers/sound|related/drivers/sound/cmpci.c
+Bugs:
+upstream: released (2.4.21-rc2)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Copied: patch-tracking/retired/CVE-2003-0700 (from rev 520, patch-tracking/CVE-2003-0700)
===================================================================
--- patch-tracking/CVE-2003-0700 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2003-0700 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,24 @@
+Candidate: CVE-2003-0700
+References:
+ http://www.redhat.com/support/errata/RHSA-2003-238.html
+ http://www.redhat.com/support/errata/RHSA-2004-044.html
+ http://oval.mitre.org/oval/definitions/data/oval401.html
+Description:
+ The C-Media PCI sound driver in Linux before 2.4.22 does not use the get_user
+ function to access userspace in certain conditions, which crosses security
+ boundaries and may facilitate the exploitation of vulnerabilities, a different
+ vulnerability than CVE-2003-0699.
+Notes:
+ Fixed before 2.6.0. 2.4 patch:
+ http://linux.bkbits.net:8080/linux-2.4/cset@3f0350ec7Wnpix3ihDCUMMnS-czskg?nav=index.html|src/|src/drivers|src/drivers/sound|related/drivers/sound/cmpci.c
+Bugs:
+upstream: released (2.4.22-pre3)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Copied: patch-tracking/retired/CVE-2003-0961 (from rev 520, patch-tracking/CVE-2003-0961)
===================================================================
--- patch-tracking/CVE-2003-0961 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2003-0961 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,67 @@
+Candidate: CVE-2003-0961
+References:
+ BUGTRAQ:20031204 [iSEC] Linux kernel do_brk() vulnerability details
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107064798706473&w=2
+ MISC:http://isec.pl/papers/linux_kernel_do_brk.pdf
+ REDHAT:RHSA-2003:368
+ URL:http://www.redhat.com/support/errata/RHSA-2003-368.html
+ REDHAT:RHSA-2003:389
+ URL:http://www.redhat.com/support/errata/RHSA-2003-389.html
+ DEBIAN:DSA-403
+ URL:http://www.debian.org/security/2003/dsa-403
+ DEBIAN:DSA-417
+ URL:http://www.debian.org/security/2004/dsa-417
+ DEBIAN:DSA-423
+ URL:http://www.debian.org/security/2004/dsa-423
+ DEBIAN:DSA-433
+ URL:http://www.debian.org/security/2004/dsa-433
+ DEBIAN:DSA-439
+ URL:http://www.debian.org/security/2004/dsa-439
+ DEBIAN:DSA-440
+ URL:http://www.debian.org/security/2004/dsa-440
+ DEBIAN:DSA-442
+ URL:http://www.debian.org/security/2004/dsa-442
+ DEBIAN:DSA-450
+ URL:http://www.debian.org/security/2004/dsa-450
+ DEBIAN:DSA-470
+ URL:http://www.debian.org/security/2004/dsa-470
+ DEBIAN:DSA-475
+ URL:http://www.debian.org/security/2004/dsa-475
+ MANDRAKE:MDKSA-2003:110
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:110
+ CONECTIVA:CLA-2003:796
+ URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000796
+ SUSE:SuSE-SA:2003:049
+ URL:http://www.novell.com/linux/security/advisories/2003_049_kernel.html
+ BUGTRAQ:20031204 Hot fix for do_brk bug
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107064830206816&w=2
+ BUGTRAQ:20040112 SmoothWall Project Security Advisory SWP-2004:001
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107394143105081&w=2
+ CERT-VN:VU#301156
+ URL:http://www.kb.cert.org/vuls/id/301156
+ SECUNIA:10328
+ URL:http://secunia.com/advisories/10328
+ SECUNIA:10329
+ URL:http://secunia.com/advisories/10329
+ SECUNIA:10330
+ URL:http://secunia.com/advisories/10330
+ SECUNIA:10333
+ URL:http://secunia.com/advisories/10333
+ SECUNIA:10338
+ URL:http://secunia.com/advisories/10338
+Description:
+ Integer overflow in the do_brk function for the brk system call in Linux
+ kernel 2.4.22 and earlier allows local users to gain root privileges.
+Notes:
+Bugs:
+upstream: released (2.4.23-pre7)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody1)
+2.4.18-woody-security: released (2.4.18-14)
+2.4.17-woody-security: released (2.4.17-1woody2)
+2.4.16-woody-security: released (2.4.16-1woody2)
+2.4.17-woody-security-hppa: released (32.3)
+2.4.17-woody-security-ia64: released (011226.14.1)
+2.4.18-woody-security-hppa: released (62.2)
Copied: patch-tracking/retired/CVE-2003-0984 (from rev 520, patch-tracking/CVE-2003-0984)
===================================================================
--- patch-tracking/CVE-2003-0984 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2003-0984 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,46 @@
+Candidate: CVE-2003-0984
+References:
+ SUSE:SuSE-SA:2003:049
+ URL:http://www.novell.com/linux/security/advisories/2003_049_kernel.html
+ CONECTIVA:CLA-2004:799
+ URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000799
+ ENGARDE:ESA-20040105-001
+ URL:http://www.linuxsecurity.com/advisories/engarde_advisory-3904.html
+ REDHAT:RHSA-2003:417
+ URL:http://www.redhat.com/support/errata/RHSA-2003-417.html
+ REDHAT:RHSA-2004:188
+ URL:http://www.redhat.com/support/errata/RHSA-2004-188.html
+ MANDRAKE:MDKSA-2004:001
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:001
+ BUGTRAQ:20040112 SmoothWall Project Security Advisory SWP-2004:001
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107394143105081&w=2
+ XF:linux-rtc-memory-leak(13943)
+ URL:http://xforce.iss.net/xforce/xfdb/13943
+ OVAL:OVAL1013
+ URL:http://oval.mitre.org/oval/definitions/data/oval1013.html
+ OVAL:OVAL859
+ URL:http://oval.mitre.org/oval/definitions/data/oval859.html
+Description:
+ Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not
+ properly initialize their structures, which could leak kernel data to user
+ space.
+Notes:
+ backport from dilinger; though it isn't quite what appears to have gone
+ upstream:
+ http://linux.bkbits.net:8080/linux-2.4/cset@3fd7827aNFUTifwp7_u4babSUA8Bkg?nav=index.html|src/|src/drivers|src/drivers/sbus|src/drivers/sbus/char|related/drivers/sbus/char/rtc.c
+ http://linux.bkbits.net:8080/linux-2.4/cset@3ff8697bFIYfsvIbsqw27h6C_rbCEA?nav=index.html|src/|src/drivers|src/drivers/sbus|src/drivers/sbus/char|related/drivers/sbus/char/rtc.c
+ jmm> This was fixed upstream in 2.4.24-rc1:
+ jmm> | <trini:mvista.com>:
+ jmm> | o /dev/rtc can leak parts of kernel memory to unpriviledged users
+Bugs:
+upstream: released (2.4.24-rc1, 2.6.2)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
Copied: patch-tracking/retired/CVE-2003-0985 (from rev 520, patch-tracking/CVE-2003-0985)
===================================================================
--- patch-tracking/CVE-2003-0985 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2003-0985 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,54 @@
+Candidate: CVE-2003-0985
+References:
+ BUGTRAQ:20040105 Linux kernel mremap vulnerability
+ MISC:http://isec.pl/vulnerabilities/isec-0013-mremap.txt
+ BUGTRAQ:20040105 Linux kernel do_mremap() proof-of-concept exploit code
+ BUGTRAQ:20040106 Linux mremap bug correction
+ DEBIAN:DSA-423
+ DEBIAN:DSA-450
+ SUSE:SuSE-SA:2004:001
+ SUSE:SuSE-SA:2004:003
+ CONECTIVA:CLA-2004:799
+ ENGARDE:ESA-20040105-001
+ REDHAT:RHSA-2003:416
+ REDHAT:RHSA-2003:417
+ REDHAT:RHSA-2003:418
+ REDHAT:RHSA-2003:419
+ DEBIAN:DSA-413
+ DEBIAN:DSA-417
+ DEBIAN:DSA-427
+ DEBIAN:DSA-439
+ DEBIAN:DSA-440
+ DEBIAN:DSA-442
+ DEBIAN:DSA-470
+ DEBIAN:DSA-475
+ IMMUNIX:IMNX-2004-73-001-01
+ MANDRAKE:MDKSA-2004:001
+ SGI:20040102-01-U
+ TRUSTIX:2004-0001
+ BUGTRAQ:20040107 [slackware-security] Kernel security update (SSA:2004-006-01)
+ BUGTRAQ:20040108 [slackware-security] Slackware 8.1 kernel security update (SSA:2004-008-01)
+ BUGTRAQ:20040112 SmoothWall Project Security Advisory SWP-2004:001
+ XF:linux-domremap-gain-privileges(14135)
+ OSVDB:3315
+ OVAL:OVAL860
+ OVAL:OVAL867
+Description:
+ The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21
+ does not properly perform bounds checks, which allows local users to
+ cause a denial of service and possibly gain privileges by causing a
+ remapping of a virtual memory area (VMA) to create a zero length VMA,
+ a different vulnerability than CAN-2004-0077.
+Notes:
+Bugs:
+upstream: released (2.4.24-rc1), released (2.6.1)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody1)
+2.4.18-woody-security: released (2.4.18-14.1)
+2.4.17-woody-security: released (2.4.17-1woody2)
+2.4.16-woody-security: released (2.4.16-1woody2)
+2.4.17-woody-security-hppa: released (32.3, 62.3)
+2.4.17-woody-security-ia64: released (011226.15)
+2.4.18-woody-security-hppa: released (62.2)
Copied: patch-tracking/retired/CVE-2003-1040 (from rev 520, patch-tracking/CVE-2003-1040)
===================================================================
--- patch-tracking/CVE-2003-1040 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2003-1040 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,28 @@
+Candidate: CVE-2003-1040
+References:
+ ftp://patches.sgi.com/support/free/security/advisories/20040204-01-U.asc
+ http://www.novell.com/linux/security/advisories/2003_049_kernel.html
+ http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000820
+ http://www.redhat.com/support/errata/RHSA-2004-065.html
+ http://www.redhat.com/support/errata/RHSA-2004-069.html
+ http://www.redhat.com/support/errata/RHSA-2004-106.html
+ http://www.redhat.com/support/errata/RHSA-2004-188.html
+ http://linux.bkbits.net:8080/linux-2.4/diffs/kernel/kmod.c@1.6?nav=index.html|src/|src/kernel|hist/kernel/kmod.c
+ http://xforce.iss.net/xforce/xfdb/15577
+Description:
+ kmod in the Linux kernel does not set its uid, suid, gid, or sgid to 0, which
+ allows local users to cause a denial of service (crash) by sending certain
+ signals to kmod.
+Notes:
+ fixed before 2.6 released
+Bugs:
+upstream: released (2.4.23)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: needed
+2.4.18-woody-security: needed
+2.4.17-woody-security: needed
+2.4.16-woody-security: needed
+2.4.17-woody-security-hppa: needed
+2.4.17-woody-security-ia64: needed
Copied: patch-tracking/retired/CVE-2004-0003 (from rev 520, patch-tracking/CVE-2004-0003)
===================================================================
--- patch-tracking/CVE-2004-0003 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-0003 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,89 @@
+Candidate: CVE-2004-0003
+References:
+ CONFIRM:http://www.linuxcompatible.org/print25630.html
+ DEBIAN:DSA-479
+ URL:http://www.debian.org/security/2004/dsa-479
+ DEBIAN:DSA-480
+ URL:http://www.debian.org/security/2004/dsa-480
+ DEBIAN:DSA-481
+ URL:http://www.debian.org/security/2004/dsa-481
+ DEBIAN:DSA-482
+ URL:http://www.debian.org/security/2004/dsa-482
+ DEBIAN:DSA-489
+ URL:http://www.debian.org/security/2004/dsa-489
+ DEBIAN:DSA-491
+ URL:http://www.debian.org/security/2004/dsa-491
+ DEBIAN:DSA-495
+ URL:http://www.debian.org/security/2004/dsa-495
+ MANDRAKE:MDKSA-2004:029
+ URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:029
+ REDHAT:RHSA-2004:044
+ URL:http://www.redhat.com/support/errata/RHSA-2004-044.html
+ REDHAT:RHSA-2004:065
+ URL:http://www.redhat.com/support/errata/RHSA-2004-065.html
+ REDHAT:RHSA-2004:106
+ URL:http://www.redhat.com/support/errata/RHSA-2004-106.html
+ REDHAT:RHSA-2004:166
+ URL:http://www.redhat.com/support/errata/RHSA-2004-166.html
+ SUSE:SuSE-SA:2004:005
+ URL:http://www.novell.com/linux/security/advisories/2004_05_linux_kernel.html
+ TURBO:TLSA-2004-14
+ URL:http://www.turbolinux.com/security/2004/TLSA-2004-14.txt
+ CIAC:O-082
+ URL:http://www.ciac.org/ciac/bulletins/o-082.shtml
+ CIAC:O-121
+ URL:http://www.ciac.org/ciac/bulletins/o-121.shtml
+ CIAC:O-126
+ URL:http://www.ciac.org/ciac/bulletins/o-126.shtml
+ CIAC:O-127
+ URL:http://www.ciac.org/ciac/bulletins/o-127.shtml
+ CIAC:O-145
+ URL:http://www.ciac.org/ciac/bulletins/o-145.shtml
+ BID:9570
+ URL:http://www.securityfocus.com/bid/9570
+ SECUNIA:10782
+ URL:http://secunia.com/advisories/10782
+ SECUNIA:10911
+ URL:http://secunia.com/advisories/10911
+ SECUNIA:10912
+ URL:http://secunia.com/advisories/10912
+ SECUNIA:11202
+ URL:http://secunia.com/advisories/11202
+ SECUNIA:11361
+ URL:http://secunia.com/advisories/11361
+ SECUNIA:11362
+ URL:http://secunia.com/advisories/11362
+ SECUNIA:11369
+ URL:http://secunia.com/advisories/11369
+ SECUNIA:11370
+ URL:http://secunia.com/advisories/11370
+ SECUNIA:11376
+ URL:http://secunia.com/advisories/11376
+ SECUNIA:11464
+ URL:http://secunia.com/advisories/11464
+ SECUNIA:11891
+ URL:http://secunia.com/advisories/11891
+ SECUNIA:12075
+ URL:http://secunia.com/advisories/12075
+ OVAL:OVAL1017
+ URL:http://oval.mitre.org/oval/definitions/data/oval1017.html
+ OVAL:OVAL834
+ URL:http://oval.mitre.org/oval/definitions/data/oval834.html
+ XF:linux-r128-gain-priviliges(15029)
+ URL:http://xforce.iss.net/xforce/xfdb/15029
+Description:
+ Unknown vulnerability in Linux kernel before 2.4.22 allows local users to
+ gain privileges, related to "R128 DRI limits checking."
+Notes:
+Bugs:
+upstream: released (2.4.26-rc4, 2.6.4)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody2)
+2.4.18-woody-security: released (2.4.18-14.3)
+2.4.17-woody-security: released (2.4.17-1woody3)
+2.4.16-woody-security: released (2.4.16-1woody2)
+2.4.17-woody-security-hppa: released (32.4, 62.3)
+2.4.17-woody-security-ia64: released (011226.17)
+2.4.18-woody-security-hppa: released (62.3)
Copied: patch-tracking/retired/CVE-2004-0010 (from rev 520, patch-tracking/CVE-2004-0010)
===================================================================
--- patch-tracking/CVE-2004-0010 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-0010 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,16 @@
+Candidate: CVE-2004-0010
+References:
+Description:
+Notes:
+Bugs:
+upstream: released (2.4.25-pre7), released (2.6.3)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody2)
+2.4.18-woody-security: released (2.4.18-14.3)
+2.4.17-woody-security: released (2.4.17-1woody3)
+2.4.16-woody-security: released (2.4.16-1woody2)
+2.4.17-woody-security-hppa: released (32.4, 62.3)
+2.4.17-woody-security-ia64: released (011226.17)
+2.4.18-woody-security-hppa: released (62.3)
Copied: patch-tracking/retired/CVE-2004-0077 (from rev 520, patch-tracking/CVE-2004-0077)
===================================================================
--- patch-tracking/CVE-2004-0077 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-0077 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,57 @@
+Candidate: CVE-2004-0077
+References:
+ BUGTRAQ:20040218 Second critical mremap() bug found in all Linux kernels
+ VULNWATCH:20040218 Second critical mremap() bug found in all Linux kernels
+ MISC:http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt
+ CONECTIVA:CLA-2004:820
+ DEBIAN:DSA-438
+ DEBIAN:DSA-439
+ DEBIAN:DSA-440
+ DEBIAN:DSA-441
+ DEBIAN:DSA-442
+ DEBIAN:DSA-444
+ DEBIAN:DSA-450
+ DEBIAN:DSA-453
+ DEBIAN:DSA-454
+ DEBIAN:DSA-456
+ DEBIAN:DSA-466
+ DEBIAN:DSA-470
+ DEBIAN:DSA-514
+ DEBIAN:DSA-475
+ REDHAT:RHSA-2004:065
+ REDHAT:RHSA-2004:066
+ REDHAT:RHSA-2004:069
+ REDHAT:RHSA-2004:106
+ SLACKWARE:SSA:2004-049
+ SUSE:SuSE-SA:2004:005
+ TRUSTIX:2004-0007
+ TRUSTIX:2004-0008
+ GENTOO:GLSA-200403-02
+ CERT-VN:VU#981222
+ XF:linux-mremap-gain-privileges(15244)
+ BID:9686
+ OSVDB:3986
+ OVAL:OVAL825
+ OVAL:OVAL837
+Description:
+ The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4
+ to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the
+ do_munmap function when the maximum number of VMA descriptors is exceeded,
+ which allows local users to gain root privileges, a different vulnerability
+ than CAN-2003-0985.
+Notes:
+ dannf> we think these are the patches:
+ 2.6: http://www.kernel.org/git/?p=linux/kernel/git/tglx/history.git;a=commitdiff;h=59287e5eef8d33dcd842852a898b43a81fe0b2c2
+ 2.4: http://linux.bkbits.net:8080/linux-2.4/cset@40327d9fxQLz7BU9yAATPsFlWiSG0A?nav=index.html|src/|src/mm|related/mm/mremap.c
+Bugs:
+upstream: released (2.4.25-rc4, 2.6.3)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody1)
+2.4.18-woody-security: released (2.4.18-14.2)
+2.4.17-woody-security: released (2.4.17-1woody2)
+2.4.16-woody-security: released (2.4.16-1woody2)
+2.4.17-woody-security-hppa: released (32.3, 62.3)
+2.4.17-woody-security-ia64: released (011226.16)
+2.4.18-woody-security-hppa: released (62.2)
Copied: patch-tracking/retired/CVE-2004-0109 (from rev 520, patch-tracking/CVE-2004-0109)
===================================================================
--- patch-tracking/CVE-2004-0109 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-0109 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,16 @@
+Candidate:
+References:
+Description:
+Notes:
+Bugs:
+upstream: released (2.4.26-rc4), released (2.6.6)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody2)
+2.4.18-woody-security: released (2.4.18-14.3)
+2.4.17-woody-security: released (2.4.17-1woody3)
+2.4.16-woody-security: released (2.4.16-1woody2)
+2.4.17-woody-security-hppa: released (32.4, 62.3)
+2.4.17-woody-security-ia64: released (011226.17)
+2.4.18-woody-security-hppa: released (62.3)
Copied: patch-tracking/retired/CVE-2004-0133 (from rev 520, patch-tracking/CVE-2004-0133)
===================================================================
--- patch-tracking/CVE-2004-0133 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-0133 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,29 @@
+Candidate: CVE-2004-0133
+References:
+ http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html
+ http://security.gentoo.org/glsa/glsa-200407-02.xml
+ http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:029
+ ftp://patches.sgi.com/support/free/security/advisories/20040405-01-U.asc
+ http://marc.theaimsgroup.com/?l=bugtraq&m=108213675028441&w=2
+ http://www.securityfocus.com/bid/10151
+ http://secunia.com/advisories/11362
+ http://xforce.iss.net/xforce/xfdb/15901
+Description:
+ The XFS file system code in Linux 2.4.x has an information leak in which
+ in-memory data is written to the device for the XFS file system, which
+ allows local users to obtain sensitive information by reading the raw device.
+Notes:
+ jmm> Woody is not affected, as XFS was only added to the kernel in 2.4.25
+ dannf> I never did find the actual patch - upstream fixed versions are
+ dannf> based on the securityfocus page above.
+Bugs:
+upstream: released (2.4.26-rc2, 2.6.5)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2004-0136 (from rev 520, patch-tracking/CVE-2004-0136)
===================================================================
--- patch-tracking/CVE-2004-0136 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-0136 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,46 @@
+Candidate: CVE-2004-0136
+References:
+ REDHAT:RHSA-2004:549
+ URL:http://www.redhat.com/support/errata/RHSA-2004-549.html
+ SGI:20040601-01-P
+ URL:ftp://patches.sgi.com/support/free/security/advisories/20040601-01-P.asc
+ XF:irix-mapelf32exec-dos(16416)
+ URL:http://xforce.iss.net/xforce/xfdb/16416
+ BID:10547
+ URL:http://www.securityfocus.com/bid/10547
+Description:
+ The mapelf32exec function call in IRIX 6.5.20 through 6.5.24 allows local
+ users to cause a denial of service (system crash) via a "corrupted binary."
+Notes:
+ Strange description, but I think this is actually a Linux issue; note the
+ RedHat URLs above.
+ dannf> I think I've traced this issue back to a flawed bug report, and that
+ dannf> this is really CAN-2004-0138.
+ + mitre references a RedHat advisory for this, RHSA-2004:504-13
+ + RHSA-2004:504-13 does in fact reference CVE-2004-0136
+ + RedHat notes that their fixed src.rpm is kernel-2.4.18-e.52.src.rpm
+ + The changelog in the spec file in the above .src.rpm contains the following
+ entry:
+ * Tue Nov 16 2004 Jim Paradis <jparadis at redhat.com>
+ - Fixes for security holes in binfmt_elf loader (Dave Anderson,
+ Jim Paradis), bugs 127916, 134876
+ + https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127916 references
+ CVE-2004-0136, but the patches it links to are the fixes for
+ CVE-2004-0138
+ jmm> Red Hat accidentally used CVE-2004-0138 for this in an advisory, pulling
+ jmm> over the entries from it
+ jmm> I've verified that the fix from
+ jmm> http://linux.bkbits.net:8080/linux-2.4/gnupatch@4021346f79nBb-4X_usRikR3Iyb4Vg
+ jmm> is included in 2.6.8, thus marking 2.6.8 and linux-2.6 N/A
+Bugs:
+upstream: released (2.4.25-rc1)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
Copied: patch-tracking/retired/CVE-2004-0138 (from rev 520, patch-tracking/CVE-2004-0138)
===================================================================
--- patch-tracking/CVE-2004-0138 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-0138 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,23 @@
+Candidate: CVE-2004-0138
+References:
+Description:
+Notes:
+ Still marked **RESERVED**
+ dannf> However, it was already fixed in woody, whose changelog says:
+ * Applied patch by Chris Wright to denial of service in the ELF loader
+ when the interpreter architecture doesn't match the current one
+ <http://linux.bkbits.net:8080/linux-2.4/cset@4021346f79nBb-4X_usRikR3Iyb4Vg>
+ [fs/binfmt_elf.c, CAN-2004-0138]
+ jmm> This was a previous Red Hat internal name for CVE-2004-0136, so
+ jmm> Red hat advisories, which fix this are in fact for CVE-2004-0136
+Bugs:
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
Copied: patch-tracking/retired/CVE-2004-0177 (from rev 520, patch-tracking/CVE-2004-0177)
===================================================================
--- patch-tracking/CVE-2004-0177 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-0177 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,28 @@
+Candidate: CVE-2004-0177
+References:
+Description:
+Notes:
+ jmm> This is resolved by the following patch by tytso:
+ jmm>--- kernel-source-2.4.18-2.4.18.orig/fs/jbd/journal.c
+ jmm>+++ kernel-source-2.4.18-2.4.18/fs/jbd/journal.c
+ jmm>@@ -671,6 +671,7 @@
+ jmm>
+ jmm> bh = getblk(journal->j_dev, blocknr, journal->j_blocksize);
+ jmm> lock_buffer(bh);
+ jmm>+ memset(bh->b_data, 0, journal->j_blocksize);
+ jmm> BUFFER_TRACE(bh, "return this buffer");
+ jmm> return journal_add_journal_head(bh);
+ jmm> }
+ jmm> This fix is present in 2.4.27 and 2.6.8, so marking them and l-2.6 N/A
+Bugs:
+upstream: released (2.4.26-pre4)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody2)
+2.4.18-woody-security: released (2.4.18-14.3)
+2.4.17-woody-security: released (2.4.17-1woody3)
+2.4.16-woody-security: released (2.4.16-1woody2)
+2.4.17-woody-security-hppa: released (32.4, 62.3)
+2.4.17-woody-security-ia64: released (011226.17)
+2.4.18-woody-security-hppa: released (62.3)
Copied: patch-tracking/retired/CVE-2004-0178 (from rev 520, patch-tracking/CVE-2004-0178)
===================================================================
--- patch-tracking/CVE-2004-0178 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-0178 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,40 @@
+Candidate: CVE-2004-0178
+References:
+ http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846
+ http://www.debian.org/security/2004/dsa-479
+ http://www.debian.org/security/2004/dsa-480
+ http://www.debian.org/security/2004/dsa-481
+ http://www.debian.org/security/2004/dsa-482
+ http://www.debian.org/security/2004/dsa-489
+ http://www.debian.org/security/2004/dsa-491
+ http://www.debian.org/security/2004/dsa-495
+ http://security.gentoo.org/glsa/glsa-200407-02.xml
+ http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:029
+ http://www.redhat.com/support/errata/RHSA-2004-413.html
+ http://www.redhat.com/support/errata/RHSA-2004-437.html
+ ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc
+ http://linux.bkbits.net:8080/linux-2.4/cset@404ce5967rY2Ryu6Z_uNbYh643wuFA
+ http://www.ciac.org/ciac/bulletins/o-121.shtml
+ http://www.ciac.org/ciac/bulletins/o-127.shtml
+ http://www.ciac.org/ciac/bulletins/o-193.shtml
+ http://www.securityfocus.com/bid/9985
+ http://xforce.iss.net/xforce/xfdb/15868
+Description:
+ The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x
+ before 2.4.26, when operating in 16 bit mode, does not properly
+ handle certain sample sizes, which allows local users to cause a
+ denial of service (crash) via a sample with an odd number of bytes.
+Notes:
+ jmm> I've verified that above patch is included in 2.6.8
+Bugs:
+upstream: released (2.4.26-pre3)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody2)
+2.4.18-woody-security: released (2.4.18-14.3)
+2.4.17-woody-security: released (2.4.17-1woody3)
+2.4.16-woody-security: released (2.4.16-1woody2)
+2.4.17-woody-security-hppa: released (32.4, 62.3)
+2.4.17-woody-security-ia64: released (011226.17)
+2.4.18-woody-security-hppa: released (62.3)
Copied: patch-tracking/retired/CVE-2004-0181 (from rev 520, patch-tracking/CVE-2004-0181)
===================================================================
--- patch-tracking/CVE-2004-0181 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-0181 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,27 @@
+Candidate: CVE-2004-0181
+References:
+ http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html
+ http://security.gentoo.org/glsa/glsa-200407-02.xml
+ http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:029
+ http://marc.theaimsgroup.com/?l=bugtraq&m=108213675028441&w=2
+ http://www.turbolinux.com/security/2004/TLSA-2004-14.txt
+ http://www.securityfocus.com/bid/10143
+ http://xforce.iss.net/xforce/xfdb/15902
+Description:
+ The JFS file system code in Linux 2.4.x has an information leak in which
+ in-memory data is written to the device for the JFS file system, which allows
+ local users to obtain sensitive information by reading the raw device.
+Notes:
+ jmm> JFS was merged into the 2.4 kernel in 2.4.20-pre4 and into 2.6 at 2.6.5-rc2,
+ jmm> so I'm marking all versions N/A
+Bugs:
+upstream: released (2.4.26-pre5), released (2.6.5-rc2)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2004-0228 (from rev 520, patch-tracking/CVE-2004-0228)
===================================================================
--- patch-tracking/CVE-2004-0228 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-0228 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,33 @@
+Candidate: CVE-2004-0228
+References:
+ http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000852
+ http://www.redhat.com/archives/fedora-announce-list/2004-April/msg00010.html
+ http://security.gentoo.org/glsa/glsa-200407-02.xml
+ http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:050
+ http://www.novell.com/linux/security/advisories/2004_10_kernel.html
+ http://secunia.com/advisories/11429
+ http://secunia.com/advisories/11464
+ http://secunia.com/advisories/11486
+ http://secunia.com/advisories/11491
+ http://secunia.com/advisories/11683
+ http://xforce.iss.net/xforce/xfdb/15951
+Description:
+ Integer signedness error in the cpufreq proc handler (cpufreq_procctl) in
+ Linux kernel 2.6 allows local users to gain privileges.
+Notes:
+ jmm> 2.4 does not have cpufreq
+ jmm> In 2.6 the affected code has changed to drivers/cpufreq/cpufreq_userspace.c
+ jmm> I've verified that the isolated patch from
+ jmm> http://www.ultramonkey.org/bugs/cve-patch/CAN-2004-0228.patch
+ jmm> is included in 2.6.8
+Bugs:
+upstream:
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2004-0229 (from rev 520, patch-tracking/CVE-2004-0229)
===================================================================
--- patch-tracking/CVE-2004-0229 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-0229 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,16 @@
+Candidate: CVE-2004-0229
+References:
+Description:
+Notes:
+ jmm> 2.4 is not affected by this problem.
+Bugs:
+upstream: released (2.6.6)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2004-0394 (from rev 520, patch-tracking/CVE-2004-0394)
===================================================================
--- patch-tracking/CVE-2004-0394 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-0394 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,39 @@
+Candidate: CVE-2004-0394
+References:
+ CONECTIVA:CLA-2004:846
+ URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846
+ GENTOO:GLSA-200407-02
+ URL:http://security.gentoo.org/glsa/glsa-200407-02.xml
+ MANDRAKE:MDKSA-2004:037
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:037
+ MLIST:[fedora-announce] 20040422 Fedora alert FEDORA-2004-111 (kernel)
+ URL:http://lwn.net/Articles/81773/
+ ENGARDE:ESA-20040428-004
+ URL:http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html
+ SGI:20040504-01-U
+ URL:ftp://patches.sgi.com/support/free/security/advisories/20040504-01-U.asc
+ SGI:20040505-01-U
+ URL:ftp://patches.sgi.com/support/free/security/advisories/20040505-01-U.asc
+ SUSE:SuSE-SA:2004:010
+ URL:http://www.novell.com/linux/security/advisories/2004_10_kernel.html
+ XF:linux-panic-bo(15953)
+ URL:http://xforce.iss.net/xforce/xfdb/15953
+Description:
+ A "potential" buffer overflow exists in the panic() function in Linux 2.4.x,
+ although it may not be exploitable due to the functionality of panic.
+Notes:
+ jmm> I've verified 2.6.8 to contain the correct vsnprintf() call
+ jmm> For 2.4 it's fixed in 2.4.32, but unfixed in 2.4.27. I'm marking it
+ jmm> needed, although I guess it's not exploitable
+Bugs:
+upstream: released (2.4.28-pre1)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: released (2.4.27-1)
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
Copied: patch-tracking/retired/CVE-2004-0415 (from rev 520, patch-tracking/CVE-2004-0415)
===================================================================
--- patch-tracking/CVE-2004-0415 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-0415 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,42 @@
+Candidate: CVE-2004-0415
+References:
+ CONECTIVA:CLA-2004:879
+ URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000879
+ GENTOO:GLSA-200408-24
+ URL:http://www.gentoo.org/security/en/glsa/glsa-200408-24.xml
+ MANDRAKE:MDKSA-2004:087
+ URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:087
+ REDHAT:RHSA-2004:413
+ URL:http://www.redhat.com/support/errata/RHSA-2004-413.html
+ REDHAT:RHSA-2004:418
+ URL:http://www.redhat.com/support/errata/RHSA-2004-418.html
+ SGI:20040804-01-U
+ URL:ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc
+ XF:linux-pointer-info-disclosure(16877)
+ URL:http://xforce.iss.net/xforce/xfdb/16877
+Description:
+ Linux kernel does not properly convert 64-bit file offset pointers to 32 bits,
+ which allows local users to access portions of kernel memory.
+Notes:
+ dannf> Based on the 2.4.27 changelog, I think this is the 2.4 fix:
+ http://linux.bkbits.net:8080/linux-2.4/cset@411064f7uz3rKDb73dEb4vCqbjEIdw?nav=index.html|src/|src/drivers|src/drivers/char|related/drivers/char/i8k.c
+ and
+ http://linux.bkbits.net:8080/linux-2.4/cset@41113629fBqsXgKVAey-EzhZOkS2Lw?nav=index.html|src/|src/net|src/net/atm|related/net/atm/br2684.c
+ Which doesn't look like it ever made 2.6.
+ .
+ dannf> I've asked Al Viro & Marcelo for more info
+ dannf> Marcelo says:
+ 2.6 avoids the file offset race by having a copy of it at the high
+ level VFS functions, its safe.
+Bugs:
+upstream: released (2.4.27-rc5)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2004-0427 (from rev 520, patch-tracking/CVE-2004-0427)
===================================================================
--- patch-tracking/CVE-2004-0427 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-0427 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,70 @@
+Candidate: CVE-2004-0427
+References:
+ MLIST:[linux-kernel] 20040408 [PATCH]: 2.4/2.6 do_fork() error path memory leak
+ URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=108139073506983&w=2
+ CONECTIVA:CLA-2004:846
+ URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846
+ ENGARDE:ESA-20040428-004
+ FEDORA:FEDORA-2004-111
+ URL:http://fedoranews.org/updates/FEDORA-2004-111.shtml
+ GENTOO:GLSA-200407-02
+ URL:http://security.gentoo.org/glsa/glsa-200407-02.xml
+ MANDRAKE:MDKSA-2004:037
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:037
+ REDHAT:RHSA-2004:255
+ URL:http://www.redhat.com/support/errata/RHSA-2004-255.html
+ REDHAT:RHSA-2004:260
+ URL:http://www.redhat.com/support/errata/RHSA-2004-260.html
+ REDHAT:RHSA-2004:327
+ URL:http://www.redhat.com/support/errata/RHSA-2004-327.html
+ SGI:20040504-01-U
+ URL:ftp://patches.sgi.com/support/free/security/advisories/20040504-01-U.asc
+ SGI:20040505-01-U
+ URL:ftp://patches.sgi.com/support/free/security/advisories/20040505-01-U.asc
+ SUSE:SuSE-SA:2004:010
+ URL:http://www.novell.com/linux/security/advisories/2004_10_kernel.html
+ TURBO:TLSA-2004-14
+ URL:http://www.turbolinux.com/security/2004/TLSA-2004-14.txt
+ MISC:http://linux.bkbits.net:8080/linux-2.4/cset@407bf20eDeeejm8t36_tpvSE-8EFHA
+ MISC:http://linux.bkbits.net:8080/linux-2.6/cset@407b1217x4jtqEkpFW2g_-RcF0726A
+ CIAC:O-164
+ URL:http://www.ciac.org/ciac/bulletins/o-164.shtml
+ BID:10221
+ URL:http://www.securityfocus.com/bid/10221
+ SECUNIA:11429
+ URL:http://secunia.com/advisories/11429
+ SECUNIA:11464
+ URL:http://secunia.com/advisories/11464
+ SECUNIA:11486
+ URL:http://secunia.com/advisories/11486
+ SECUNIA:11541
+ URL:http://secunia.com/advisories/11541
+ SECUNIA:11861
+ URL:http://secunia.com/advisories/11861
+ SECUNIA:11891
+ URL:http://secunia.com/advisories/11891
+ SECUNIA:11892
+ URL:http://secunia.com/advisories/11892
+ OVAL:OVAL2819
+ URL:http://oval.mitre.org/oval/definitions/data/oval2819.html
+ XF:linux-dofork-memory-leak(16002)
+ URL:http://xforce.iss.net/xforce/xfdb/16002
+Description:
+ The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before 2.6.6,
+ does not properly decrement the mm_count counter when an error occurs after
+ the mm_struct for a child process has been activated, which triggers a memory
+ leak that allows local users to cause a denial of service (memory exhaustion)
+ via the clone (CLONE_VM) system call.
+Notes:
+Bugs:
+upstream: released (2.4.26, 2.6.6)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
Copied: patch-tracking/retired/CVE-2004-0447 (from rev 520, patch-tracking/CVE-2004-0447)
===================================================================
--- patch-tracking/CVE-2004-0447 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-0447 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,37 @@
+Candidate: CVE-2004-0447
+References:
+ MLIST:[owl-users] 20040619 Linux 2.4.26-ow2
+ URL:http://archives.neohapsis.com/archives/linux/owl/2004-q2/0038.html
+ GENTOO:GLSA-200407-16
+ URL:http://security.gentoo.org/glsa/glsa-200407-16.xml
+ REDHAT:RHSA-2004:413
+ URL:http://www.redhat.com/support/errata/RHSA-2004-413.html
+ SGI:20040804-01-U
+ URL:ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc
+ CIAC:O-193
+ URL:http://www.ciac.org/ciac/bulletins/o-193.shtml
+ BID:10783
+ URL:http://www.securityfocus.com/bid/10783
+ XF:linux-ia64-dos(16661)
+ URL:http://xforce.iss.net/xforce/xfdb/16661
+Description:
+ Unknown vulnerability in Linux before 2.4.26 for IA64 allows local users to
+ cause a denial of service, with unknown impact. NOTE: due to a typo, this
+ issue was accidentally assigned CVE-2004-0477. This is the proper candidate to
+ use for the Linux local DoS.
+Notes:
+ jmm> I've verified that the patch from David Mosberger available at
+ jmm> http://marc.theaimsgroup.com/?l=linux-ia64&m=108026377907667&w=2
+ jmm> is included in stock 2.4.27 and 2.6.8, so it's N/A.
+Bugs:
+upstream:
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
Copied: patch-tracking/retired/CVE-2004-0491 (from rev 520, patch-tracking/CVE-2004-0491)
===================================================================
--- patch-tracking/CVE-2004-0491 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-0491 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,27 @@
+Candidate: CVE-2004-0491
+References:
+ CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=126411
+ MLIST:[linux-kernel] 20040402 Re: disable-cap-mlock
+ URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=108087017610947&w=2
+ OVAL:OVAL1117
+ URL:http://oval.mitre.org/oval/definitions/data/oval1117.html
+Description:
+ The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not properly
+ maintain the mlock page count when one process unlocks pages that belong to
+ another process, which allows local users to mlock more memory than specified
+ by the rlimit.
+Notes:
+ dannf> It doesn't look like the code in linux-2.4.21-mlock.patch was ever
+ dannf> accepted upstream in 2.4 or 2.6, so it doesn't apply to us.
+Bugs:
+upstream: N/A
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
Copied: patch-tracking/retired/CVE-2004-0495 (from rev 520, patch-tracking/CVE-2004-0495)
===================================================================
--- patch-tracking/CVE-2004-0495 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-0495 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,48 @@
+Candidate: CVE-2004-0495
+References:
+ CONECTIVA:CLA-2004:845
+ URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000845
+ CONECTIVA:CLA-2004:846
+ URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846
+ FEDORA:FEDORA-2004-186
+ URL:http://lwn.net/Articles/91155/
+ GENTOO:GLSA-200407-02
+ URL:http://security.gentoo.org/glsa/glsa-200407-02.xml
+ MANDRAKE:MDKSA-2004:066
+ URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:066
+ REDHAT:RHSA-2004:255
+ URL:http://www.redhat.com/support/errata/RHSA-2004-255.html
+ REDHAT:RHSA-2004:260
+ URL:http://www.redhat.com/support/errata/RHSA-2004-260.html
+ SUSE:SUSE-SA:2004:020
+ URL:http://www.novell.com/linux/security/advisories/2004_20_kernel.html
+ OVAL:OVAL2961
+ URL:http://oval.mitre.org/oval/definitions/data/oval2961.html
+ XF:linux-drivers-gain-privileges(16449)
+ URL:http://xforce.iss.net/xforce/xfdb/16449
+ BID:10566
+ URL:http://www.securityfocus.com/bid/10566
+Description:
+ Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users
+ to gain privileges or access kernel memory, as found by the Sparse source code
+ checking tool.
+Notes:
+ dannf> 2.4 patches:
+ http://linux.bkbits.net:8080/linux-2.4/cset@40d972a19cY-Al1qQickpmg8z_gxmg?nav=index.html|src/|src/net|src/net/decnet|related/net/decnet/dn_dev.c
+ http://linux.bkbits.net:8080/linux-2.4/cset@40d97303iUWCFF5wizAKNT5CC5ctJg?nav=index.html|src/|src/drivers|src/drivers/sound|related/drivers/sound/mpu401.c
+ http://linux.bkbits.net:8080/linux-2.4/cset@40d973835aLERLaEv4dP6Hjw31Nn5A?nav=index.html|src/|src/drivers|src/drivers/sound|related/drivers/sound/msnd.h
+ http://linux.bkbits.net:8080/linux-2.4/cset@40d973d9FCCgP1ZDVGknBTDKgDXw6w?nav=index.html|src/|src/drivers|src/drivers/sound|related/drivers/sound/pss.c
+ http://linux.bkbits.net:8080/linux-2.4/cset@40d9743al24lCKKm8wbRs-S_2CgWTA?nav=index.html|src/|src/drivers|src/drivers/net|src/drivers/net/wireless|related/drivers/net/wireless/airo.c
+ http://linux.bkbits.net:8080/linux-2.4/cset@40d975a2Ttlhd2amhkcgbfzndDMUZA?nav=index.html|src/|src/drivers|src/drivers/acpi|related/drivers/acpi/asus_acpi.c
+Bugs:
+upstream: released (2.4.27-rc2, 2.6.7)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2004-0496 (from rev 520, patch-tracking/CVE-2004-0496)
===================================================================
--- patch-tracking/CVE-2004-0496 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-0496 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,26 @@
+Candidate: CVE-2004-0496
+References:
+ http://www.novell.com/linux/security/advisories/2004_20_kernel.html
+ http://xforce.iss.net/xforce/xfdb/16625
+Description:
+ Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain
+ privileges or access kernel memory, a different set of vulnerabilities than
+ those identified in CVE-2004-0495, as found by the Sparse source code checking
+ tool.
+Notes:
+ dannf> I wasn't able to find the patches for this, but the description and
+ dannf> vendor advisories only note 2.6, so I'm assuming these are 2.6-only.
+ dannf> The description says this affects < 2.6.7. 2.6.7 contains a bunch
+ dannf> of sparse fixes in the changelog, so I'll label upstream
+ dannf> as fixed in 2.6.7.
+Bugs:
+upstream: released (2.6.7)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2004-0497 (from rev 520, patch-tracking/CVE-2004-0497)
===================================================================
--- patch-tracking/CVE-2004-0497 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-0497 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,33 @@
+Candidate: CVE-2004-0497
+References:
+ CONECTIVA:CLA-2004:852
+ URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000852
+ MANDRAKE:MDKSA-2004:066
+ URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:066
+ REDHAT:RHSA-2004:354
+ URL:http://www.redhat.com/support/errata/RHSA-2004-354.html
+ REDHAT:RHSA-2004:360
+ URL:http://www.redhat.com/support/errata/RHSA-2004-360.html
+ SUSE:SUSE-SA:2004:020
+ URL:http://www.novell.com/linux/security/advisories/2004_20_kernel.html
+ XF:linux-fchown-groupid-modify(16599)
+ URL:http://xforce.iss.net/xforce/xfdb/16599
+Description:
+ Unknown vulnerability in Linux kernel 2.x may allow local users to modify the
+ group ID of files, such as NFS exported files in kernel 2.4.
+Notes:
+ Changelog shows fixed in 2.4.26-3
+ 2.6 patch:
+ http://linux.bkbits.net:8080/linux-2.6/cset@40e62e18vom8K1fHgbJfe1oQ6mdkkQ?nav=index.html|src/|src/fs|related/fs/attr.c
+Bugs:
+upstream: released (2.4.27, 2.6.8)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: released (2.4.27-1)
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2004-0535 (from rev 520, patch-tracking/CVE-2004-0535)
===================================================================
--- patch-tracking/CVE-2004-0535 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-0535 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,44 @@
+Candidate: CVE-2004-0535
+References:
+ CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.4/testing/patch-2.4.27.log
+ CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=125168
+ CONECTIVA:CLA-2004:845
+ URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000845
+ FEDORA:FEDORA-2004-186
+ URL:http://lwn.net/Articles/91155/
+ GENTOO:GLSA-200407-02
+ URL:http://security.gentoo.org/glsa/glsa-200407-02.xml
+ MANDRAKE:MDKSA-2004:062
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:062
+ REDHAT:RHSA-2004:413
+ URL:http://www.redhat.com/support/errata/RHSA-2004-413.html
+ REDHAT:RHSA-2004:418
+ URL:http://www.redhat.com/support/errata/RHSA-2004-418.html
+ SGI:20040804-01-U
+ URL:ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc
+ SUSE:SUSE-SA:2004:020
+ URL:http://www.novell.com/linux/security/advisories/2004_20_kernel.html
+ XF:linux-e1000-bo(16159)
+ URL:http://xforce.iss.net/xforce/xfdb/16159
+ BID:10352
+ URL:http://www.securityfocus.com/bid/10352
+Description:
+ The e1000 driver for Linux kernel 2.4.26 and earlier does not properly
+ initialize memory before using it, which allows local users to read portions
+ of kernel memory. NOTE: this issue was originally incorrectly reported as a
+ "buffer overflow" by some sources.
+Notes:
+ Patch:
+ http://linux.bkbits.net:8080/linux-2.6/cset@4084025a6AP3ORKQ7iaTFCmOGvTJXw?nav=index.html|src/|src/drivers|src/drivers/net|src/drivers/net/e1000|related/drivers/net/e1000/e1000_ethtool.c
+Bugs:
+upstream: released (2.4.27, 2.6.6)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: needed
+2.4.18-woody-security-hppa: N/A
Copied: patch-tracking/retired/CVE-2004-0554 (from rev 520, patch-tracking/CVE-2004-0554)
===================================================================
--- patch-tracking/CVE-2004-0554 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-0554 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,54 @@
+Candidate: CVE-2004-0554
+References:
+ MISC:http://gcc.gnu.org/bugzilla/show_bug.cgi?id=15905
+ MISC:http://linuxreviews.org/news/2004-06-11_kernel_crash/index.html
+ MLIST:[linux-kernel] 20040609 timer + fpu stuff locks my console race
+ URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=108681568931323&w=2
+ CONECTIVA:CLA-2004:845
+ URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000845
+ ENGARDE:ESA-20040621-005
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108793699910896&w=2
+ FEDORA:FEDORA-2004-186
+ URL:http://lwn.net/Articles/91155/
+ GENTOO:GLSA-200407-02
+ URL:http://security.gentoo.org/glsa/glsa-200407-02.xml
+ MANDRAKE:MDKSA-2004:062
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:062
+ REDHAT:RHSA-2004:255
+ URL:http://www.redhat.com/support/errata/RHSA-2004-255.html
+ REDHAT:RHSA-2004:260
+ URL:http://www.redhat.com/support/errata/RHSA-2004-260.html
+ SUSE:SuSE-SA:2004:017
+ URL:http://www.novell.com/linux/security/advisories/2004_17_kernel.html
+ TRUSTIX:2004-0034
+ URL:http://www.trustix.net/errata/2004/0034/
+ BUGTRAQ:20040620 TSSA-2004-011 - kernel
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108786114032681&w=2
+ CERT-VN:VU#973654
+ URL:http://www.kb.cert.org/vuls/id/973654
+ OVAL:OVAL2915
+ URL:http://oval.mitre.org/oval/definitions/data/oval2915.html
+ XF:linux-dos(16412)
+ URL:http://xforce.iss.net/xforce/xfdb/16412
+ BID:10566
+ URL:http://www.securityfocus.com/bid/10566
+Description:
+ Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of
+ service (system crash), possibly via an infinite loop that triggers a signal
+ handler with a certain sequence of fsave and frstor instructions, as
+ originally demonstrated using a "crash.c" program.
+Notes:
+ jmm> I don't know at which version this was merged, but I've verified that
+ jmm> the stock 2.4.27 and 2.6.8 contain the fix
+Bugs: 261521
+upstream:
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
Copied: patch-tracking/retired/CVE-2004-0565 (from rev 520, patch-tracking/CVE-2004-0565)
===================================================================
--- patch-tracking/CVE-2004-0565 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-0565 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,30 @@
+Candidate: CVE-2004-0565
+References:
+ MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124734
+ MLIST:[owl-users] 20040619 Linux 2.4.26-ow2
+ URL:http://archives.neohapsis.com/archives/linux/owl/2004-q2/0038.html
+ MANDRAKE:MDKSA-2004:066
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:066
+ XF:linux-ia64-info-disclosure(16644)
+ URL:http://xforce.iss.net/xforce/xfdb/16644
+Description:
+ Floating point information leak in the context switch code for Linux 2.4.x
+ only checks the MFH bit but does not verify the FPH owner, which allows local
+ users to read register values of other processes by setting the MFH bit.
+Notes:
+ jmm> I've verified that the check for FPH ownership is included in stock 2.6.8:
+ jmm> # define switch_to(prev,next,last) do { \
+ jmm> if (ia64_psr(ia64_task_regs(prev))->mfh && ia64_is_local_fpu_owner(prev)) {
+ jmm> So it's N/A, but I don't know at which time it was fixed upstream
+Bugs:
+upstream: released (2.4.27)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
Copied: patch-tracking/retired/CVE-2004-0587 (from rev 520, patch-tracking/CVE-2004-0587)
===================================================================
--- patch-tracking/CVE-2004-0587 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-0587 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,41 @@
+Candidate: CVE-2004-0587
+References:
+ FEDORA:FEDORA-2004-186
+ URL:http://lwn.net/Articles/91155/
+ MANDRAKE:MDKSA-2004:066
+ URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:066
+ REDHAT:RHSA-2004:413
+ URL:http://www.redhat.com/support/errata/RHSA-2004-413.html
+ REDHAT:RHSA-2004:418
+ URL:http://www.redhat.com/support/errata/RHSA-2004-418.html
+ SGI:20040804-01-U
+ URL:ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc
+ SUSE:SuSE-SA:2004:010
+ URL:http://www.novell.com/linux/security/advisories/2004_10_kernel.html
+ BID:10279
+ URL:http://www.securityfocus.com/bid/10279
+ SECTRACK:1010057
+ URL:http://securitytracker.com/id?1010057
+ XF:suse-hbaapinode-dos(16062)
+ URL:http://xforce.iss.net/xforce/xfdb/16062
+Description:
+ Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Linux
+ allows local users to cause a denial of service.
+Notes:
+ 2.4.26-3 has the note:
+ CVE-2004-0587 code is not present, not vulnerable
+ So the question is, did the code get added when we moved to 2.4.27, and
+ was it still vulnerable?
+ dannf> Nope; qla2xxx isn't in 2.4.27
+Bugs:
+upstream:
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: needed
+2.4.18-woody-security-hppa: N/A
Copied: patch-tracking/retired/CVE-2004-0596 (from rev 520, patch-tracking/CVE-2004-0596)
===================================================================
--- patch-tracking/CVE-2004-0596 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-0596 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,24 @@
+Candidate: CVE-2004-0596
+References:
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@40d4aa72hPLWy-jMLr0eJAXMxHcNZg
+ XF:linux-eql-dos(16694)
+ URL:http://xforce.iss.net/xforce/xfdb/16694
+ BID:10730
+ URL:http://www.securityfocus.com/bid/10730
+Description:
+ The Equalizer Load-balancer for serial network interfaces (eql.c) in Linux
+ kernel 2.6.x up to 2.6.7 allows local users to cause a denial of service via a
+ non-existent device name that triggers a null dereference.
+Notes:
+Bugs:
+upstream: released (2.4.27-rc2)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2004-0619 (from rev 520, patch-tracking/CVE-2004-0619)
===================================================================
--- patch-tracking/CVE-2004-0619 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-0619 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,28 @@
+Candidate: CVE-2004-0619
+References:
+ http://marc.theaimsgroup.com/?l=bugtraq&m=108802653409053&w=2
+ http://www.redhat.com/support/errata/RHSA-2004-549.html
+ http://www.redhat.com/support/errata/RHSA-2005-283.html
+ http://www.ciac.org/ciac/bulletins/p-047.shtml
+ http://www.securityfocus.com/bid/10599
+ http://secunia.com/advisories/11936
+ http://xforce.iss.net/xforce/xfdb/16459
+Description:
+ Integer overflow in the ubsec_keysetup function for Linux Broadcom 5820
+ cryptonet driver allows local users to cause a denial of service (crash)
+ and possibly execute arbitrary code via a negative add_dsa_buf_bytes
+ variable, which leads to a buffer overflow.
+Notes:
+ jmm> I've checked 2.6.8, 2.4.27 and 2.6.14, this is not included in the
+ jmm> stock kernel, only in Red Hat's. I'm marking Woody N/A as well.
+Bugs:
+upstream: N/A
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2004-0626 (from rev 520, patch-tracking/CVE-2004-0626)
===================================================================
--- patch-tracking/CVE-2004-0626 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-0626 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,27 @@
+Candidate: CVE-2004-0626
+References:
+ http://marc.theaimsgroup.com/?l=bugtraq&m=108861141304495&w=2
+ http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000852
+ http://lwn.net/Articles/91964/
+ http://www.gentoo.org/security/en/glsa/glsa-200407-12.xml
+ http://www.novell.com/linux/security/advisories/2004_20_kernel.html
+ http://xforce.iss.net/xforce/xfdb/16554
+Description:
+ The tcp_find_option function of the netfilter subsystem in Linux kernel 2.6,
+ when using iptables and TCP options rules, allows remote attackers to cause a
+ denial of service (CPU consumption by infinite loop) via a large option length
+ that produces a negative integer after a casting operation to the char type.
+Notes:
+ jmm> The bug was introduced during a rewrite of the code that accesses the skb's
+ jmm> during earlier 2.6 kernels. 2.4 has the correct u_int8_t declaration.
+Bugs:
+upstream: released (2.6.8)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2004-0685 (from rev 520, patch-tracking/CVE-2004-0685)
===================================================================
--- patch-tracking/CVE-2004-0685 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-0685 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,36 @@
+Candidate: CVE-2004-0685
+References:
+ FEDORA:FLSA:2336
+ URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
+ GENTOO:GLSA-200408-24
+ URL:http://www.gentoo.org/security/en/glsa/glsa-200408-24.xml
+ TRUSTIX:2004-0041
+ URL:http://www.trustix.net/errata/2004/0041/
+ CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127921
+ CERT-VN:VU#981134
+ URL:http://www.kb.cert.org/vuls/id/981134
+ BID:10892
+ URL:http://www.securityfocus.com/bid/10892
+ XF:linux-usb-gain-privileges(16931)
+ URL:http://xforce.iss.net/xforce/xfdb/16931
+ MISC:http://www.securityspace.com/smysecure/catid.html?id=14580
+Description:
+ Certain USB drivers in the Linux 2.4 kernel use the copy_to_user function on
+ uninitialized structures, which could allow local users to obtain sensitive
+ information by reading memory that was not cleared from previous usage.
+Notes:
+ jmm> This was commited into the 2.5/2.6 version before in this changeset:
+ jmm> http://linux.bkbits.net:8080/linux-2.6/cset@3f986b35LyBKc-OxB8G6k22oOjgYTQ
+ jmm> So I'm marking all 2.6 versions N/A
+Bugs:
+upstream: released (2.4.27)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
Copied: patch-tracking/retired/CVE-2004-0790 (from rev 520, patch-tracking/CVE-2004-0790)
===================================================================
--- patch-tracking/CVE-2004-0790 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-0790 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,44 @@
+Candidate: CVE-2004-0790
+References:
+ MISC:http://www.watersprings.org/pub/id/draft-gont-tcpm-icmp-attacks-03.txt
+ MISC:http://www.uniras.gov.uk/niscc/docs/al-20050412-00308.html?lang=en
+ MISC:http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html
+ HP:HPSBTU01210
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=112861397904255&w=2
+ HP:SSRT4743
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=112861397904255&w=2
+ HP:SSRT4884
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=112861397904255&w=2
+ MS:MS05-019
+ URL:http://www.microsoft.com/technet/security/bulletin/ms05-019.mspx
+ SUNALERT:57746
+ URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-57746-1
+ OVAL:OVAL3458
+ URL:http://oval.mitre.org/oval/definitions/data/oval3458.html
+ OVAL:OVAL1910
+ URL:http://oval.mitre.org/oval/definitions/data/oval1910.html
+ OVAL:OVAL4804
+ URL:http://oval.mitre.org/oval/definitions/data/oval4804.html
+Description:
+ Multiple TCP/IP and ICMP implementations allow remote attackers to cause a
+ denial of service (reset TCP connections) via spoofed ICMP error messages, aka
+ the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and
+ CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065,
+ CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that
+ are SPLIT based on the underlying vulnerability. While CVE normally SPLITs
+ based on vulnerability, the attack-based identifiers exist due to the variety
+ and number of affected implementations and solutions that address the attacks
+ instead of the underlying vulnerabilities.
+Notes:
+Bugs: 305655 305664
+upstream:
+linux-2.6:
+2.6.8-sarge-security: released (2.6.8-16) [net-ipv4-icmp-quench.dpatch]
+2.4.27-sarge-security: released (2.4.27-10) [164_net-ipv4-icmp-quench.diff]
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2004-0812 (from rev 520, patch-tracking/CVE-2004-0812)
===================================================================
--- patch-tracking/CVE-2004-0812 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-0812 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,36 @@
+Candidate: CVE-2004-0812
+References:
+ REDHAT:RHSA-2004:549
+ URL:http://www.redhat.com/support/errata/RHSA-2004-549.html
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@3fad673ber4GuU7iWppydzNIyLntEQ
+ CIAC:P-047
+ URL:http://www.ciac.org/ciac/bulletins/p-047.shtml
+ BID:11794
+ URL:http://www.securityfocus.com/bid/11794
+ SECUNIA:13359
+ URL:http://secunia.com/advisories/13359
+ XF:linux-tss-gain-privilege(18346)
+ URL:http://xforce.iss.net/xforce/xfdb/18346
+Description:
+ Unknown vulnerability in the Linux kernel before 2.4.23, on the AMD AMD64 and
+ Intel EM64T architectures, associated with "setting up TSS limits," allows
+ local users to cause a denial of service (crash) and possibly execute
+ arbitrary code.
+Notes:
+ jmm> I've verified that above bkbits fixed is included in 2.6.8, so I'm
+ jmm> marking 2.6 N/A
+ jmm> The vulnerable code doesn't seem to be present in 2.4.27. Plus, 2.4
+ jmm> is unsupported for amd64 anyway, so I'm marking it N/A as well for
+ jmm> the 2.4 kernels
+Bugs:
+upstream: released (2.6.0-test10)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
Copied: patch-tracking/retired/CVE-2004-0814 (from rev 520, patch-tracking/CVE-2004-0814)
===================================================================
--- patch-tracking/CVE-2004-0814 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-0814 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,38 @@
+Candidate: CVE-2004-0814
+References:
+ BUGTRAQ:20041020 CVE-2004-0814: Linux terminal layer races
+ URL:http://www.securityfocus.com/archive/1/379005
+ CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=131672
+ CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=133110
+ FEDORA:FLSA:2336
+ URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
+ MANDRAKE:MDKSA-2005:022
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ BUGTRAQ:20041214 [USN-38-1] Linux kernel vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110306397320336&w=2
+ BID:11491
+ URL:http://www.securityfocus.com/bid/11491
+ BID:11492
+ URL:http://www.securityfocus.com/bid/11492
+ XF:linux-tiocsetd-race-condition(17816)
+ URL:http://xforce.iss.net/xforce/xfdb/17816
+Description:
+ Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6.x
+ before 2.6.9, allow (1) local users to obtain portions of kernel data via a
+ TIOCSETD ioctl call to a terminal interface that is being accessed by another
+ thread, or (2) remote attackers to cause a denial of service (panic) by
+ switching from console to PPP line discipline, then quickly sending data that
+ is received during the switch.
+Notes:
+Bugs:
+upstream: released (2.6.9)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-8) [tty-locking-fixes.dpatch, tty-locking-fixes2.dpatch, tty-locking-fixes3.dpatch, tty-locking-fixes4.dpatch, tty-locking-fixes5.dpatch, tty-locking-fixes6.dpatch, tty-locking-fixes7.dpatch, tty-locking-fixes8.dpatch]
+2.4.27-sarge-security: released (2.4.27-7) [093_tty_lockup.diff, 093_tty_lockup-2.diff, 115_tty_lockup-3.diff, 093-tty_lockup-3.diff]
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2004-0816 (from rev 520, patch-tracking/CVE-2004-0816)
===================================================================
--- patch-tracking/CVE-2004-0816 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-0816 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,35 @@
+Candidate: CVE-2004-0816
+References:
+ MANDRAKE:MDKSA-2005:022
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ SUSE:SUSE-SA:2004:037
+ URL:http://www.novell.com/linux/security/advisories/2004_37_kernel.html
+ BID:11488
+ URL:http://www.securityfocus.com/bid/11488
+ SECUNIA:11202
+ URL:http://secunia.com/advisories/11202/
+ XF:linux-ip-packet-dos(17800)
+ URL:http://xforce.iss.net/xforce/xfdb/17800
+Description:
+ Integer underflow in the firewall logging rules for iptables in Linux before
+ 2.6.8 allows remote attackers to cause a denial of service (application crash)
+ via a malformed IP packet.
+Notes:
+ jmm> Quoting from http://groups.google.com/group/nz.comp/msg/71ec927b491f247d:
+ jmm> The bug, discovered by Richard Hart, does not affect the 2.4 series kernel
+ jmm> Quoting from http://www.novell.com/linux/security/advisories/2004_37_kernel.html:
+ jmm> This problem has already been fixed in the 2.6.8 upstream Linux kernel,
+ jmm> this update contains a backport of the fix.
+ jmm> So I'm marking all kernels N/A
+Bugs:
+upstream:
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
Copied: patch-tracking/retired/CVE-2004-0883 (from rev 520, patch-tracking/CVE-2004-0883)
===================================================================
--- patch-tracking/CVE-2004-0883 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-0883 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,48 @@
+Candidate: CVE-2004-0883
+References:
+ BUGTRAQ:20041117 Advisory 14/2004: Linux 2.x smbfs multiple remote vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110072140811965&w=2
+ MISC:http://security.e-matters.de/advisories/142004.html
+ BUGTRAQ:20041118 [USN-30-1] Linux kernel vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110082989725345&w=2
+ FEDORA:FLSA:2336
+ URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
+ MANDRAKE:MDKSA-2005:022
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ REDHAT:RHSA-2004:537
+ URL:http://www.redhat.com/support/errata/RHSA-2004-537.html
+ CERT-VN:VU#726198
+ URL:http://www.kb.cert.org/vuls/id/726198
+ SECUNIA:13232
+ URL:http://secunia.com/advisories/13232/
+ BID:11695
+ URL:http://www.securityfocus.com/bid/11695
+ XF:linux-smbprocreadxdata-dos(18135)
+ URL:http://xforce.iss.net/xforce/xfdb/18135
+ XF:linux-smb-response-dos(18134)
+ URL:http://xforce.iss.net/xforce/xfdb/18134
+ XF:linux-smbreceivetrans2-dos(18136)
+ URL:http://xforce.iss.net/xforce/xfdb/18136
+Description:
+ Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4
+ and 2.6 allow remote samba servers to cause a denial of service (crash) or
+ gain sensitive information from kernel memory via a samba server (1) returning
+ more data than requested to the smb_proc_read function, (2) returning a data
+ offset from outside the samba packet to the smb_proc_readX function, (3)
+ sending a certain TRANS2 fragmented packet to the smb_receive_trans2 function,
+ (4) sending a samba packet with a certain header size to the
+ smb_proc_readX_data function, or (5) sending a certain packet based offset for
+ the data in a packet to the smb_receive_trans2 function.
+Notes:
+Bugs:
+upstream: released (2.4.28-rc3), released (2.6.10)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-9) [smbfs-overflow-fixes-2.dpatch]
+2.4.27-sarge-security: released (2.4.27-6) [111-smb-client-overflow-fix-1.diff, 111-smb-client-overflow-fix-2.diff]
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
Copied: patch-tracking/retired/CVE-2004-0887 (from rev 520, patch-tracking/CVE-2004-0887)
===================================================================
--- patch-tracking/CVE-2004-0887 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-0887 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,23 @@
+Candidate: CVE-2004-0887
+References:
+ http://www.novell.com/linux/security/advisories/2004_37_kernel.html
+ http://www.securityfocus.com/bid/11489
+ http://xforce.iss.net/xforce/xfdb/17801
+Description:
+ SUSE Linux Enterprise Server 9 on the S/390 platform does not properly
+ handle a certain privileged instruction, which allows local users to
+ gain root privileges.
+Notes:
+ dannf> 2.4 looks vulnerable; I've asked waldi's advice on applying it.
+Bugs:
+upstream:
+linux-2.6:
+2.6.8-sarge-security: released (2.6.8-10) [s390-sacf-fix.dpatch]
+2.4.27-sarge-security: released (2.4.27-10sarge2) [206_s390-sacf-fix.diff]
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2004-0949 (from rev 520, patch-tracking/CVE-2004-0949)
===================================================================
--- patch-tracking/CVE-2004-0949 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-0949 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,40 @@
+Candidate: CVE-2004-0949
+References:
+ BUGTRAQ:20041117 Advisory 14/2004: Linux 2.x smbfs multiple remote vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110072140811965&w=2
+ MISC:http://security.e-matters.de/advisories/142004.html
+ FEDORA:FLSA:2336
+ URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
+ MANDRAKE:MDKSA-2005:022
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ REDHAT:RHSA-2004:537
+ URL:http://www.redhat.com/support/errata/RHSA-2004-537.html
+ TRUSTIX:2004-0061
+ URL:http://www.trustix.org/errata/2004/0061/
+ UBUNTU:USN-30-1
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110082989725345&w=2
+ XF:linux-smbrecvtrans2-memory-leak(18137)
+ URL:http://xforce.iss.net/xforce/xfdb/18137
+ BID:11695
+ URL:http://www.securityfocus.com/bid/11695
+ SECUNIA:13232
+ URL:http://secunia.com/advisories/13232/
+Description:
+ The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux
+ kernel 2.4 and 2.6 does not properly handle the re-assembly of fragmented
+ packets correctly, which could allow remote samba servers to (1) read
+ arbitrary kernel information or (2) raise a counter value to an arbitrary
+ number by sending the first part of the fragmented packet multiple times.
+Notes:
+Bugs:
+upstream: released (2.4.28-rc3), released (2.6.10)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-13) [smbfs-overrun.dpatch]
+2.4.27-sarge-security: released (2.4.27-6) [111-smb-client-overflow-fix-1.diff, 111-smb-client-overflow-fix-2.diff]
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
Copied: patch-tracking/retired/CVE-2004-1016 (from rev 520, patch-tracking/CVE-2004-1016)
===================================================================
--- patch-tracking/CVE-2004-1016 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-1016 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,36 @@
+Candidate: CVE-2004-1016
+References:
+ VULNWATCH:20041214 Linux kernel scm_send local DoS
+ MISC:http://isec.pl/vulnerabilities/isec-0019-scm.txt
+ UBUNTU:USN-38-1
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110306397320336&w=2
+ FEDORA:FLSA:2336
+ URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
+ MANDRAKE:MDKSA-2005:022
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ REDHAT:RHSA-2004:689
+ URL:http://www.redhat.com/support/errata/RHSA-2004-689.html
+ XF:linux-scmsend-dos(18483)
+ URL:http://xforce.iss.net/xforce/xfdb/18483
+Description:
+ The scm_send function in the scm layer for Linux kernel 2.4.x up to 2.4.28,
+ and 2.6.x up to 2.6.9, allows local users to cause a denial of service (system
+ hang) via crafted auxiliary messages that are passed to the sendmsg function,
+ which causes a deadlock condition.
+Notes:
+ dannf> 2.4.27 has a reference to CVE-2004-1016 in the changelog, but it looks
+ like it referred to the wrong issue - our 2.4.27 may still be
+ vulnerable.
+ dannf> on second review, those patches look correct
+Bugs:
+upstream:
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-11) [scm_send-dos-fix.dpatch, scm_send-dos-fix2.dpatch]
+2.4.27-sarge-security: released (2.4.27-7) [116-cmsg-validation-checks.patch, 118-cmsg-validation-checks-compat.patch]
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
Copied: patch-tracking/retired/CVE-2004-1017 (from rev 520, patch-tracking/CVE-2004-1017)
===================================================================
--- patch-tracking/CVE-2004-1017 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-1017 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,27 @@
+Candidate: CVS-2004-1017
+References:
+ FEDORA:FLSA:2336
+ URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
+ REDHAT:RHSA-2004:689
+ URL:http://www.redhat.com/support/errata/RHSA-2004-689.html
+ XF:linux-ioedgeport-bo(18433)
+ URL:http://xforce.iss.net/xforce/xfdb/18433
+Description:
+ Multiple "overflows" in the io_edgeport driver for Linux kernel 2.4.x have
+ unknown impact and unknown attack vectors.
+Notes:
+ jmm> I've checked 2.6.14, but I didn't find the exact upstream version when
+ jmm> this was fixed
+ jmm> The fix is required for 2.6.8
+Bugs:
+upstream:
+linux-2.6: released (2.4.31-rc1, 2.6.10)
+2.6.8-sarge-security: released (2.6.8-16sarge2) [io_edgeport_overflow.dpatch]
+2.4.27-sarge-security: released (2.4.27-9) [137_io_edgeport_overflow.diff]
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
Copied: patch-tracking/retired/CVE-2004-1056 (from rev 520, patch-tracking/CVE-2004-1056)
===================================================================
--- patch-tracking/CVE-2004-1056 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-1056 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,27 @@
+Candidate: CVE-2004-1056
+References:
+ UBUNTU:USN-38-1
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110306397320336&w=2
+ FEDORA:FLSA:2336
+ URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
+ REDHAT:RHSA-2005:092
+ URL:http://www.redhat.com/support/errata/RHSA-2005-092.html
+ XF:linux-i810-dma-dos(15972)
+ URL:http://xforce.iss.net/xforce/xfdb/15972
+Description:
+ Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does not properly
+ check the DMA lock, which could allow remote attackers or local users to cause
+ a denial of service (X Server crash) and possibly modify the video output.
+Notes:
+Bugs:
+upstream:
+linux-2.6:
+2.6.8-sarge-security: released (2.6.8-11) [drm-locking-fixes.dpatch]
+2.4.27-sarge-security: released (2.4.27-8) [121_drm-locking-checks-1.diff, 121_drm-locking-checks-2.diff]
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2004-1057 (from rev 520, patch-tracking/CVE-2004-1057)
===================================================================
--- patch-tracking/CVE-2004-1057 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-1057 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,27 @@
+Candidate: CVE-2004-1057
+References:
+ MISC:http://www.kernel.org/pub/linux/kernel/people/andrea/kernels/v2.4/2.4.23aa3/00_VM_IO-4
+ REDHAT:RHSA-2005:016
+ URL:http://www.redhat.com/support/errata/RHSA-2005-016.html
+ CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=137821
+ XF:linux-kernel-vmio-dos(19275)
+ URL:http://xforce.iss.net/xforce/xfdb/19275
+Description:
+ Multiple drivers in Linux kernel 2.4.19 and earlier do not properly mark
+ memory with the VM_IO flag, which causes incorrect reference counts and may
+ lead to a denial of service (kernel panic) when accessing freed kernel pages.
+Notes:
+ dannf> I see the PageReserved() check in the 2.6 code, going back to 2.4.0
+ dannf> so I'll mark 2.6 N/A
+Bugs:
+upstream:
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: released (2.4.27-10) [165_VM_IO.diff]
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2004-1058 (from rev 520, patch-tracking/CVE-2004-1058)
===================================================================
--- patch-tracking/CVE-2004-1058 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-1058 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,28 @@
+Candidate: CVE-2004-1058
+References:
+ FEDORA:FLSA:152532
+ URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532
+ GENTOO:GLSA-200408-24
+ URL:http://www.gentoo.org/security/en/glsa/glsa-200408-24.xml
+ MANDRAKE:MDKSA-2005:022
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ UBUNTU:USN-38-1
+ URL:http://www.ubuntulinux.org/support/documentation/usn/usn-38-1
+ XF:linux-spawning-race-condition(17151)
+ URL:http://xforce.iss.net/xforce/xfdb/17151
+Description:
+ Race condition in Linux kernel 2.6 allows local users to read the environment
+ variables of another process that is still spawning via /proc/.../cmdline.
+Notes:
+Bugs:
+upstream: released (2.4.33-pre2)
+linux-2.6:
+2.6.8-sarge-security: released (2.6.8-14) [proc-cmdline-mmput-leak.dpatch]
+2.4.27-sarge-security: released (2.4.27-10sarge2) [203_proc_pid_cmdline_race.diff]
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2004-1068 (from rev 520, patch-tracking/CVE-2004-1068)
===================================================================
--- patch-tracking/CVE-2004-1068 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-1068 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,33 @@
+Candidate: CVE-2004-1068
+References:
+ BUGTRAQ:20041119 Addendum, recent Linux <= 2.4.27 vulnerabilities
+ URL:http://www.securityfocus.com/archive/1/381689
+ FEDORA:FLSA:2336
+ URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
+ MANDRAKE:MDKSA-2005:022
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ REDHAT:RHSA-2004:537
+ URL:http://www.redhat.com/support/errata/RHSA-2004-537.html
+ BUGTRAQ:20041214 [USN-38-1] Linux kernel vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110306397320336&w=2
+ BID:11715
+ URL:http://www.securityfocus.com/bid/11715
+ XF:linux-afunix-race-condition(18230)
+ URL:http://xforce.iss.net/xforce/xfdb/18230
+Description:
+ A "missing serialization" error in the unix_dgram_recvmsg function in Linux
+ 2.4.27 and earlier, and 2.6.x up to 2.6.9, allows local users to gain
+ privileges via a race condition.
+Notes:
+Bugs:
+upstream: released (2.4.27, 2.6.9)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-11)
+2.4.27-sarge-security: released (2.4.27-7)
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
Copied: patch-tracking/retired/CVE-2004-1069 (from rev 520, patch-tracking/CVE-2004-1069)
===================================================================
--- patch-tracking/CVE-2004-1069 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-1069 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,24 @@
+Candidate: CVE-2004-1069
+References:
+ http://marc.theaimsgroup.com/?l=linux-kernel&m=110045613004761
+ http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ http://marc.theaimsgroup.com/?l=bugtraq&m=110306397320336&w=2
+ http://xforce.iss.net/xforce/xfdb/18312
+Description:
+ Race condition in SELinux 2.6.x through 2.6.9 allows local users to
+ cause a denial of service (kernel crash) via SOCK_SEQPACKET unix
+ domain sockets, which are not properly handled in the sock_dgram_sendmsg
+ function.
+Notes:
+Bugs:
+upstream:
+linux-2.6:
+2.6.8-sarge-security: released (2.6.8-11)
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2004-1070 (from rev 520, patch-tracking/CVE-2004-1070)
===================================================================
--- patch-tracking/CVE-2004-1070 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-1070 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,30 @@
+Candidate: CVE-2004-1070
+References:
+ MISC:http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt
+ FEDORA:FLSA:2336
+ URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
+ MANDRAKE:MDKSA-2005:022
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ REDHAT:RHSA-2004:549
+ URL:http://www.redhat.com/support/errata/RHSA-2004-549.html
+ XF:linux-elf-setuid-gain-privileges(18025)
+ URL:http://xforce.iss.net/xforce/xfdb/18025
+Description:
+ The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux
+ kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8 , does not properly check
+ return values from calls to the kernel_read function, which may allow local
+ users to modify sensitive memory in a setuid program and execute arbitrary
+ code.
+Notes:
+Bugs:
+upstream:
+linux-2.6:
+2.6.8-sarge-security: released (2.6.8-9) [elf-loader-fixes.dpatch, elf-loader-fixes-the-return.dpatch]
+2.4.27-sarge-security: released (2.4.27-6) [097-elf_loader_overflow-1.diff, 097-elf_loader_overflow-2.diff, 097-elf_loader_overflow-3.diff, 097-elf_loader_overflow-4.diff]
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
Copied: patch-tracking/retired/CVE-2004-1071 (from rev 520, patch-tracking/CVE-2004-1071)
===================================================================
--- patch-tracking/CVE-2004-1071 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-1071 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,29 @@
+Candidate: CVE-2004-1071
+References:
+ MISC:http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt
+ FEDORA:FLSA:2336
+ URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
+ MANDRAKE:MDKSA-2005:022
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ REDHAT:RHSA-2004:537
+ URL:http://www.redhat.com/support/errata/RHSA-2004-537.html
+ XF:linux-elf-setuid-gain-privileges(18025)
+ URL:http://xforce.iss.net/xforce/xfdb/18025
+Description:
+ The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and
+ 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap
+ function, which causes an incorrect mapped image and may allow local users to
+ execute arbitrary code.
+Notes:
+Bugs:
+upstream:
+linux-2.6:
+2.6.8-sarge-security: released (2.6.8-9) [elf-loader-fixes.dpatch, elf-loader-fixes-the-return.dpatch]
+2.4.27-sarge-security: released (2.4.27-6) [097-elf_loader_overflow-1.diff, 097-elf_loader_overflow-2.diff, 097-elf_loader_overflow-3.diff, 097-elf_loader_overflow-4.diff]
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
Copied: patch-tracking/retired/CVE-2004-1072 (from rev 520, patch-tracking/CVE-2004-1072)
===================================================================
--- patch-tracking/CVE-2004-1072 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-1072 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,32 @@
+Candidate: CVE-2004-1072
+References:
+ MISC:http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt
+ FEDORA:FLSA:2336
+ URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
+ MANDRAKE:MDKSA-2005:022
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ REDHAT:RHSA-2004:537
+ URL:http://www.redhat.com/support/errata/RHSA-2004-537.html
+ REDHAT:RHSA-2005:275
+ URL:http://www.redhat.com/support/errata/RHSA-2005-275.html
+ XF:linux-elf-setuid-gain-privileges(18025)
+ URL:http://xforce.iss.net/xforce/xfdb/18025
+Description:
+ The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and
+ 2.6.x up to 2.6.8, may create an interpreter name string that is not NULL
+ terminated, which could cause strings longer than PATH_MAX to be used, leading
+ to buffer overflows that allow local users to cause a denial of service (hang)
+ and possibly execute arbitrary code.
+Notes:
+Bugs:
+upstream:
+linux-2.6:
+2.6.8-sarge-security: released (2.6.8-9) [elf-loader-fixes.dpatch, elf-loader-fixes-the-return.dpatch]
+2.4.27-sarge-security: released (2.4.27-6) [097-elf_loader_overflow-1.diff, 097-elf_loader_overflow-2.diff, 097-elf_loader_overflow-3.diff, 097-elf_loader_overflow-4.diff]
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
Copied: patch-tracking/retired/CVE-2004-1073 (from rev 520, patch-tracking/CVE-2004-1073)
===================================================================
--- patch-tracking/CVE-2004-1073 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-1073 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,28 @@
+Candidate: CVE-2004-1073
+References:
+ MISC:http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt
+ FEDORA:FLSA:2336
+ URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
+ MANDRAKE:MDKSA-2005:022
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ REDHAT:RHSA-2004:549
+ URL:http://www.redhat.com/support/errata/RHSA-2004-549.html
+ XF:linux-elf-setuid-gain-privileges(18025)
+ URL:http://xforce.iss.net/xforce/xfdb/18025
+Description:
+ The open_exec function in the execve functionality (exec.c) in Linux kernel
+ 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read
+ non-readable ELF binaries by using the interpreter (PT_INTERP) functionality.
+Notes:
+Bugs:
+upstream:
+linux-2.6:
+2.6.8-sarge-security: released (2.6.8-9) [elf-loader-fixes.dpatch, elf-loader-fixes-the-return.dpatch]
+2.4.27-sarge-security: released (2.4.27-6) [097-elf_loader_overflow-1.diff, 097-elf_loader_overflow-2.diff, 097-elf_loader_overflow-3.diff, 097-elf_loader_overflow-4.diff]
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
Copied: patch-tracking/retired/CVE-2004-1137 (from rev 520, patch-tracking/CVE-2004-1137)
===================================================================
--- patch-tracking/CVE-2004-1137 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-1137 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,39 @@
+Candidate: CVE-2004-1137
+References:
+ VULNWATCH:20041214 Linux kernel IGMP vulnerabilities
+ BUGTRAQ:20041214 Linux kernel IGMP vulnerabilities
+ MISC:http://isec.pl/vulnerabilities/isec-0018-igmp.txt
+ CONECTIVA:CLA-2005:930
+ URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
+ FEDORA:FLSA:2336
+ URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
+ MANDRAKE:MDKSA-2005:022
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ REDHAT:RHSA-2005:092
+ URL:http://www.redhat.com/support/errata/RHSA-2005-092.html
+ BUGTRAQ:20041214 [USN-38-1] Linux kernel vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110306397320336&w=2
+ XF:linux-igmpmarksources-dos(18482)
+ URL:http://xforce.iss.net/xforce/xfdb/18482
+ XF:linux-ipmcsource-code-execution(18481)
+ URL:http://xforce.iss.net/xforce/xfdb/18481
+Description:
+ Multiple vulnerabilities in the IGMP functionality for Linux kernel 2.4.22 to
+ 2.4.28, and 2.6.x to 2.6.9, allow local and remote attackers to cause a denial
+ of service or execute arbitrary code via (1) the ip_mc_source function, which
+ decrements a counter to -1, or (2) the igmp_marksources function, which does
+ not properly validate IGMP message parameters and performs an out-of-bounds
+ read.
+Notes:
+Bugs:
+upstream:
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-11) [igmp-src-list-fix.dpatch]
+2.4.27-sarge-security: released (2.4.27-7) [117-igmp-source-filter-fixes.patch]
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2004-1144 (from rev 520, patch-tracking/CVE-2004-1144)
===================================================================
--- patch-tracking/CVE-2004-1144 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-1144 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,27 @@
+Candidate: CVE-2004-1144
+References:
+ REDHAT:RHSA-2004:689
+ URL:http://www.redhat.com/support/errata/RHSA-2004-689.html
+ SUSE:SUSE-SA:2004:046
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110376890429798&w=2
+ XF:linux-32bit-emulation-gain-privileges(18686)
+ URL:http://xforce.iss.net/xforce/xfdb/18686
+Description:
+ Unknown vulnerability in the 32bit emulation code in Linux 2.4 on AMD64
+ systems allows local users to gain privileges.
+Notes:
+ jmm> 2.6 is not affected, see the comment by Andi Kleen from the patch:
+ jmm> # The problem only occurs on 2.4 x86-64 kernels, 2.6 doesn't have this
+ jmm> # hole because some unrelated changes in 2.5 fixed it as a side effect.
+Bugs:
+upstream:
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: released (2.4.27-9) [138_amd64_syscall_vuln.diff]
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2004-1151 (from rev 520, patch-tracking/CVE-2004-1151)
===================================================================
--- patch-tracking/CVE-2004-1151 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-1151 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,28 @@
+Candidate: CVE-2004-1151
+References:
+ MLIST:[linux-kernel] 20041130 Buffer overrun in arch/x86_64/sys_ia32.c:sys32_ni_syscall()
+ URL:http://www.ussg.iu.edu/hypermail/linux/kernel/0411.3/1467.html
+ MISC:http://linux.bkbits.net:8080/linux-2.6/cset@1.2079
+ MISC:http://linux.bkbits.net:8080/linux-2.6/gnupatch@41ae6af1cR3mJYlW6D8EHxCKSxuJiQ
+ MANDRAKE:MDKSA-2005:022
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ BUGTRAQ:20041214 [USN-38-1] Linux kernel vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110306397320336&w=2
+Description:
+ Multiple buffer overflows in the (1) sys32_ni_syscall and (2)
+ sys32_vm86_warning functions in sys_ia32.c for Linux 2.6.x may allow local
+ attackers to modify kernel memory and gain privileges.
+Notes:
+ <= 2.4.27 doesn't look vulnerable, and we don't have 2.4/x86_64 anyway.
+Bugs:
+upstream: released (2.6.10)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-11) [arch-x86_64-sys32_ni-overflow.dpatch]
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
Copied: patch-tracking/retired/CVE-2004-1190 (from rev 520, patch-tracking/CVE-2004-1190)
===================================================================
--- patch-tracking/CVE-2004-1190 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-1190 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,24 @@
+Candidate: CVE-2004-1190
+References:
+ http://www.novell.com/linux/security/advisories/2004_42_kernel.html
+ http://xforce.iss.net/xforce/xfdb/18370
+Description:
+ SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not
+ properly check commands sent to CD devices that have been opened read-only,
+ which could allow local users to conduct unauthorized write activities to
+ modify the firmware of associated SCSI devices.
+ .
+ dannf> skipping for 2.4/sarge3 - not sure if 2.4 is affected, but we should
+ revisit
+Notes:
+Bugs: 300162
+upstream: released (2.6.10)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-14) [scsi-ioctl-cmd-warned.dpatch, scsi-ioctl-remove-dup.dpatch, scsi-ioctl-permit.dpatch, SG_IO-cap.dpatch, SG_IO-safe-commands-2.dpatch, SG_IO-safe-commands-3.dpatch, SG_IO-safe-commands-5.dpatch]
+2.4.27-sarge-security: ignored (2.4.27-10sarge3)
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Copied: patch-tracking/retired/CVE-2004-1234 (from rev 520, patch-tracking/CVE-2004-1234)
===================================================================
--- patch-tracking/CVE-2004-1234 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-1234 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,35 @@
+Candidate: CVE-2004-1234
+References:
+ FEDORA:FLSA:2336
+ URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
+ REDHAT:RHSA-2004:689
+ URL:http://www.redhat.com/support/errata/RHSA-2004-689.html
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.4/cset@4076466d_SqUm4azg4_v3FIG2-X6XQ
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.4/cset@4076466d_SqUm4azg4_v3FIG2-X6XQ
+ CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=142965
+ BID:12101
+ URL:http://www.securityfocus.com/bid/12101
+ XF:linux-loadelfbinary-dos(18687)
+ URL:http://xforce.iss.net/xforce/xfdb/18687
+Description:
+ load_elf_binary in Linux before 2.4.26 allows local users to cause a denial of
+ service (system crash) via an ELF binary in which the interpreter is NULL.
+Notes:
+ jmm> I don't know at which version this was merged into 2.6, but I've verified
+ jmm> that above-mentioned fix is included in 2.6.8's binfmt_elf.c:
+ jmm> out_free_dentry:
+ jmm> allow_write_access(interpreter);
+ jmm> if (interpreter)
+ jmm> fput(interpreter);
+Bugs:
+upstream: released (2.4.26-rc3)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
Copied: patch-tracking/retired/CVE-2004-1235 (from rev 520, patch-tracking/CVE-2004-1235)
===================================================================
--- patch-tracking/CVE-2004-1235 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-1235 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,43 @@
+Candidate: CVE-2004-1235
+References:
+ BUGTRAQ:20050107 Linux kernel sys_uselib local root vulnerability
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110512575901427&w=2
+ MISC:http://isec.pl/vulnerabilities/isec-0021-uselib.txt
+ CONECTIVA:CLA-2005:930
+ URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
+ FEDORA:FEDORA-2005-013
+ URL:http://www.securityfocus.com/advisories/7806
+ FEDORA:FEDORA-2005-014
+ URL:http://www.securityfocus.com/advisories/7805
+ FEDORA:FLSA:2336
+ URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
+ MANDRAKE:MDKSA-2005:022
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ REDHAT:RHSA-2005:043
+ URL:http://www.redhat.com/support/errata/RHSA-2005-043.html
+ REDHAT:RHSA-2005:092
+ URL:http://www.redhat.com/support/errata/RHSA-2005-092.html
+ TRUSTIX:2005-0001
+ URL:http://www.trustix.org/errata/2005/0001/
+ CONFIRM:http://www.securityfocus.com/advisories/7804
+ BID:12190
+ URL:http://www.securityfocus.com/bid/12190
+ XF:linux-uselib-gain-privileges(18800)
+ URL:http://xforce.iss.net/xforce/xfdb/18800
+Description:
+ Race condition in the (1) load_elf_library and (2) binfmt_aout function calls
+ for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows
+ local users to execute arbitrary code by manipulating the VMA descriptor.
+Notes:
+Bugs:
+upstream:
+linux-2.6:
+2.6.8-sarge-security: released (2.6.8-12) [028-do_brk_security_fixes.dpatch]
+2.4.27-sarge-security: released (2.4.27-8) [122_sec_brk-locked.diff]
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
Copied: patch-tracking/retired/CVE-2004-1237 (from rev 520, patch-tracking/CVE-2004-1237)
===================================================================
--- patch-tracking/CVE-2004-1237 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-1237 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,28 @@
+Candidate: CVE-2004-1237
+References:
+ http://www.redhat.com/support/errata/RHSA-2005-043.html
+ https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=132245
+ https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=141996
+ https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=142091
+ https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=142442
+ https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=143886
+ https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=144048
+Description:
+ Unknown vulnerability in the system call filtering code in the audit
+ subsystem for Red Hat Enterprise Linux 3 allows local users to cause
+ a denial of service (system crash) via unknown vectors.
+Notes:
+ jmm> What a remarkably concrete description :-)
+ jmm> I found the Bugzilla entries above and this seems RHEL specific.
+ jmm> I'm marking it at such, but please double-check someone
+Bugs:
+upstream: N/A
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2004-1333 (from rev 520, patch-tracking/CVE-2004-1333)
===================================================================
--- patch-tracking/CVE-2004-1333 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-1333 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,32 @@
+Candidate: CVE-2004-1333
+References:
+ FULLDISC:20041215 fun with linux kernel
+ URL:http://www.securitytrap.com/mail/full-disclosure/2004/Dec/0323.html
+ MISC:http://www.guninski.com/where_do_you_want_billg_to_go_today_2.html
+ FEDORA:FLSA:152532
+ URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532
+ SUSE:SUSE-SA:2005:018
+ URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html
+ UBUNTU:USN-47-1
+ URL:http://www.ubuntulinux.org/support/documentation/usn/usn-47-1
+ BID:11956
+ URL:http://www.securityfocus.com/bid/11956
+ XF:linux-vcresize-dos(18523)
+ URL:http://xforce.iss.net/xforce/xfdb/18523
+Description:
+ Integer overflow in the vc_resize function in the Linux kernel 2.4 and 2.6
+ before 2.6.10 allows local users to cause a denial of service (kernel crash)
+ via a short new screen value, which leads to a buffer overflow.
+Notes:
+Bugs:
+upstream: released (2.6.10)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-11) [vt-of-death.dpatch]
+2.4.27-sarge-security: released (2.4.27-9) [136_vc_resizing_overflow.diff]
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
Copied: patch-tracking/retired/CVE-2004-1334 (from rev 520, patch-tracking/CVE-2004-1334)
===================================================================
--- patch-tracking/CVE-2004-1334 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-1334 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,25 @@
+Candidate: CVE-2004-1334
+References:
+ http://www.securitytrap.com/mail/full-disclosure/2004/Dec/0323.html
+ http://marc.theaimsgroup.com/?l=bugtraq&m=110383108211524&w=2
+ http://www.guninski.com/where_do_you_want_billg_to_go_today_2.html
+ http://www.securityfocus.com/bid/11956
+ http://xforce.iss.net/xforce/xfdb/18522
+Description:
+ Integer overflow in the ip_options_get function in the Linux kernel before
+ 2.6.10 allows local users to cause a denial of service (kernel crash) via a
+ cmsg_len that contains a -1, which leads to a buffer overflow.
+Notes:
+ dannf> This is a duplicate of CAN-2004-1016
+Bugs:
+upstream:
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-11) [scm_send-dos-fix.dpatch, scm_send-dos-fix2.dpatch]
+2.4.27-sarge-security: released (2.4.27-7) [116-cmsg-validation-checks.patch, 118-cmsg-validation-checks-compat.patch]
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
Copied: patch-tracking/retired/CVE-2004-1335 (from rev 520, patch-tracking/CVE-2004-1335)
===================================================================
--- patch-tracking/CVE-2004-1335 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-1335 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,28 @@
+Candidate: CVE-2004-1335
+References:
+ FULLDISC:20041215 fun with linux kernel
+ URL:http://www.securitytrap.com/mail/full-disclosure/2004/Dec/0323.html
+ MISC:http://www.guninski.com/where_do_you_want_billg_to_go_today_2.html
+ BUGTRAQ:20041215 [USN-47-1] Linux kernel vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110383108211524&w=2
+ BID:11956
+ URL:http://www.securityfocus.com/bid/11956
+ XF:linux-ipoptionsget-memory-leak(18524)
+ URL:http://xforce.iss.net/xforce/xfdb/18524
+Description:
+ Memory leak in the ip_options_get function in the Linux kernel before 2.6.10
+ allows local users to cause a denial of service (memory consumption) by
+ repeatedly calling the ip_cmsg_send function.
+Notes:
+Bugs:
+upstream: released (2.6.10)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-11) [fix-ip-options-leak.dpatch]
+2.4.27-sarge-security: released (2.4.27-9) [135_fix_ip_options_leak.diff]
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
Copied: patch-tracking/retired/CVE-2004-1337 (from rev 520, patch-tracking/CVE-2004-1337)
===================================================================
--- patch-tracking/CVE-2004-1337 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-1337 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,28 @@
+Candidate:
+References:
+ BUGTRAQ:20041223 Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110384535113035&w=2
+ CONECTIVA:CLA-2005:930
+ URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
+ BID:12093
+ URL:http://www.securityfocus.com/bid/12093
+ XF:linux-security-module-gain-privileges(18673)
+ URL:http://xforce.iss.net/xforce/xfdb/18673
+Description:
+ The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 does not
+ properly handle the credentials of a process that is launched before the
+ module is loaded, which allows local users to gain privileges.
+Notes:
+ dannf> This code isn't in <= 2.4.27
+Bugs:
+upstream: released (2.6.11)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-14) [025-track_dummy_capability.dpatch, 027-track_dummy_capability.dpatch]
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
Copied: patch-tracking/retired/CVE-2004-2013 (from rev 520, patch-tracking/CVE-2004-2013)
===================================================================
--- patch-tracking/CVE-2004-2013 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-2013 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,27 @@
+Candidate: CVE-2004-2013
+References:
+ http://archives.neohapsis.com/archives/bugtraq/2004-05/0091.html
+ http://lists.netsys.com/pipermail/full-disclosure/2004-May/021223.html
+ http://marc.theaimsgroup.com/?l=bugtraq&m=108456230815842&w=2
+ http://www.securityfocus.com/bid/10326
+ http://xforce.iss.net/xforce/xfdb/16117
+Description:
+ Integer overflow in the SCTP_SOCKOPT_DEBUG_NAME SCTP socket option in socket.c
+ in the Linux kernel 2.4.25 and earlier allows local users to execute arbitrary
+ code via an optlen value of -1, which causes kmalloc to allocate 0 bytes of
+ memory.
+Notes:
+ jmm> http://archives.neohapsis.com/archives/bugtraq/2004-05/0091.html
+ jmm> The vulnerable socket option was removed entirely in 2.4.26 and 2.6.*,
+ jmm> Woody could be affected, though
+Bugs:
+upstream: released (2.4.26)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Copied: patch-tracking/retired/CVE-2004-2302 (from rev 520, patch-tracking/CVE-2004-2302)
===================================================================
--- patch-tracking/CVE-2004-2302 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-2302 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,25 @@
+Candidate: CVE-2004-2302
+References:
+ http://linux.bkbits.net:8080/linux-2.6/cset%404186a4deVoR88JjTwMa3ZnIp-_YJsA
+ http://kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.10-rc1/2.6.10-rc1-mm1/broken-out/fix-race-in-sysfs_read_file-and-sysfs_write_file.patch
+ http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:218
+ http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:219
+ http://www.novell.com/linux/security/advisories/2005_44_kernel.html
+Description:
+ Race condition in the sysfs_read_file and sysfs_write_file functions in Linux
+ kernel before 2.6.10 allows local users to read kernel memory and cause a
+ denial of service (crash) via large offsets in sysfs files.
+Notes:
+ dannf> sysfs is only in 2.6, so marking 2.4 N/A
+Bugs: 322339
+upstream: released (2.6.10)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-16sarge1) [fs-sysfs-read-write-race.dpatch]
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
Copied: patch-tracking/retired/CVE-2004-2536 (from rev 520, patch-tracking/CVE-2004-2536)
===================================================================
--- patch-tracking/CVE-2004-2536 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-2536 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,28 @@
+Candidate: CVE-2004-2536
+References:
+ http://www.ussg.iu.edu/hypermail/linux/kernel/0405.0/1242.html
+ http://www.ussg.iu.edu/hypermail/linux/kernel/0405.0/1265.html
+ http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.6
+Description:
+ The exit_thread function (process.c) in Linux kernel 2.6 through
+ 2.6.5 does not invalidate the per-TSS io_bitmap pointers if a
+ process obtains IO access permissions from the ioperm function but
+ does not drop those permissions when it exits, which allows other
+ processes to access the per-TSS pointers, access restricted memory
+ locations, and possibly gain privileges.
+Notes:
+ Horms> Tested against kernel-image-2.4.27-2-686 2.4.27-11 which does not
+ seem to exhibit the problem, although the code suggests it might. I guess
+ its just a 2.6 problem. I marked 2.4.27 and the woody kernels N/A
+Bugs:
+upstream: released (2.6.6)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
Copied: patch-tracking/retired/CVE-2004-2607 (from rev 520, patch-tracking/CVE-2004-2607)
===================================================================
--- patch-tracking/CVE-2004-2607 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-2607 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,30 @@
+Candidate: CVE-2004-2607
+References:
+ http://www.uwsg.iu.edu/hypermail/linux/kernel/0404.2/0313.html
+ http://www.kernel.org/git/?p=linux/kernel/git/tglx/history.git;a=commitdiff;h=98cd917c1ac348d5cd94beabecc3011dcaa0a0f2
+Description:
+ A numeric casting discrepancy in sdla_xfer in Linux kernel 2.6.x up to
+ 2.6.5 and 2.4 up to 2.4.29-rc1 allows local users to read portions of
+ kernel memory via a large len argument, which is received as an int but
+ cast to a short, which prevents a read loop from filling a buffer.
+Notes:
+ jmm> The referenced patch was applied by Jeff Garzik on 2004-04-16,
+ jmm> 2.6.6 was released on 2004-05-09, so Sarge seems not affected, should
+ jmm> be double-checked against the source though, but my bandwidth is currently
+ jmm> too slim to download 2.6.8
+ jmm>
+ jmm> The fix below is for a completely different issue, I've split it out
+ horms> Fix was included in 2.6.6. Checked source and 2.6.8 is not vulnerable
+ horms> 2.4.27 is vulnerable, added fix to SVN. Woody is likely vulnerable
+Bugs:
+upstream: released (2.4.33-pre2), released (2.6.6)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: released (2.4.27-10sarge2) [200_net_sdla_xfer_leak.diff]
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2004-2660 (from rev 520, patch-tracking/CVE-2004-2660)
===================================================================
--- patch-tracking/CVE-2004-2660 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2004-2660 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,17 @@
+Candidate: CVE-2004-2660
+References:
+Description:
+Notes:
+ jmm> This was only covered by MITRE in May 2006
+ jmm> Vulnerable code not present in 2.4
+Bugs:
+upstream: released (2.6.10)
+linux-2.6: N/A
+2.6.8-sarge-security: needed
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2005-0001 (from rev 520, patch-tracking/CVE-2005-0001)
===================================================================
--- patch-tracking/CVE-2005-0001 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-0001 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,42 @@
+Candidate: CVE-2005-0001
+References:
+ BUGTRAQ:20050112 Linux kernel i386 SMP page fault handler privilege escalation
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110554694522719&w=2
+ FULLDISC:20050112 Linux kernel i386 SMP page fault handler privilege escalation
+ URL:http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030826.html
+ MISC:http://isec.pl/vulnerabilities/isec-0022-pagefault.txt
+ CONECTIVA:CLA-2005:930
+ URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
+ FEDORA:FLSA:2336
+ URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
+ MANDRAKE:MDKSA-2005:022
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ REDHAT:RHSA-2005:043
+ URL:http://www.redhat.com/support/errata/RHSA-2005-043.html
+ REDHAT:RHSA-2005:092
+ URL:http://www.redhat.com/support/errata/RHSA-2005-092.html
+ TRUSTIX:2005-0001
+ URL:http://www.trustix.org/errata/2005/0001/
+ BUGTRAQ:20050114 [USN-60-0] Linux kernel vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110581146702951&w=2
+ XF:linux-fault-handler-gain-privileges(18849)
+ URL:http://xforce.iss.net/xforce/xfdb/18849
+Description:
+ Race condition in the page fault handler (fault.c) for Linux kernel 2.2.x to
+ 2.2.7, 2.4 to 2.4.29, and 2.6 to 2.6.10, when running on multiprocessor
+ machines, allows local users to execute arbitrary code via concurrent threads
+ that share the same virtual memory space and simultaneously request stack
+ expansion.
+Notes:
+Bugs:
+upstream:
+linux-2.6:
+2.6.8-sarge-security: released (2.6.8-13) [034-stack_resize_exploit.dpatch]
+2.4.27-sarge-security: released (2.4.27-8) [131_expand_stack_race.diff]
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
Copied: patch-tracking/retired/CVE-2005-0003 (from rev 520, patch-tracking/CVE-2005-0003)
===================================================================
--- patch-tracking/CVE-2005-0003 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-0003 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,34 @@
+Candidate: CVE-2005-0003
+References:
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.4/cset@41c36fb6q1Z68WUzKQFjJR-40Ev3tw
+ MANDRAKE:MDKSA-2005:022
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ REDHAT:RHSA-2005:043
+ URL:http://www.redhat.com/support/errata/RHSA-2005-043.html
+ SUSE:SUSE-SA:2005:018
+ URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html
+ TRUSTIX:2005-0001
+ URL:http://www.trustix.org/errata/2005/0001/
+ MISC:http://linux.bkbits.net:8080/linux-2.6/cset@41a6721cce-LoPqkzKXudYby_3TUmg
+ BID:12261
+ URL:http://www.securityfocus.com/bid/12261
+ XF:linux-vma-gain-privileges(18886)
+ URL:http://xforce.iss.net/xforce/xfdb/18886
+Description:
+ The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit
+ architectures, does not properly check for overlapping VMA (virtual memory
+ address) allocations, which allows local users to cause a denial of service
+ (system crash) or execute arbitrary code via a crafted ELF or a.out file.
+Notes:
+Bugs:
+upstream: released (2.6.10)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-11) [binfmt-huge-vma-dos2.dpatch]
+2.4.27-sarge-security: released (2.4.27-9) [145_insert_vm_struct-no-BUG.patch]
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
Copied: patch-tracking/retired/CVE-2005-0090 (from rev 520, patch-tracking/CVE-2005-0090)
===================================================================
--- patch-tracking/CVE-2005-0090 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-0090 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,22 @@
+Candidate: CVE-2005-0090
+References:
+ A regression error in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split
+ patch omits an "access check," which allows local users to cause a denial
+ of service (crash).
+Description:
+ http://www.redhat.com/support/errata/RHSA-2005-092.html
+ http://www.securityfocus.com/bid/12599
+ http://xforce.iss.net/xforce/xfdb/20618
+Notes:
+ Red Hat specific vulnerability
+Bugs:
+upstream:
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2005-0091 (from rev 520, patch-tracking/CVE-2005-0091)
===================================================================
--- patch-tracking/CVE-2005-0091 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-0091 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,22 @@
+Candidate: CVE-2005-0091
+References:
+ http://www.redhat.com/support/errata/RHSA-2005-092.html
+ http://www.securityfocus.com/bid/12599
+ http://xforce.iss.net/xforce/xfdb/20619
+Description:
+ Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split
+ patch, when using the hugemem kernel, allows local users to read and write to
+ arbitrary kernel memory and gain privileges via certain syscalls.
+Notes:
+ Red Hat specific.
+Bugs:
+upstream: N/A
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2005-0092 (from rev 520, patch-tracking/CVE-2005-0092)
===================================================================
--- patch-tracking/CVE-2005-0092 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-0092 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,22 @@
+Candidate: CVE-2005-0092
+References:
+ http://www.redhat.com/support/errata/RHSA-2005-092.html
+ http://www.securityfocus.com/bid/12599
+ http://xforce.iss.net/xforce/xfdb/20620
+Description:
+ Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split
+ patch, when running on x86 with the hugemem kernel, allows local users to
+ cause a denial of service (crash).
+Notes:
+ Red Hat specific.
+Bugs:
+upstream: N/A
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2005-0135 (from rev 520, patch-tracking/CVE-2005-0135)
===================================================================
--- patch-tracking/CVE-2005-0135 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-0135 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,28 @@
+Candidate: CVE-2005-0135
+References:
+ REDHAT:RHSA-2005:284
+ URL:http://www.redhat.com/support/errata/RHSA-2005-284.html
+ REDHAT:RHSA-2005:366
+ URL:http://www.redhat.com/support/errata/RHSA-2005-366.html
+ CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=148868
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@41f2beablXVnAs_6fznhhITh1j5hZg
+ SECUNIA:15019
+ URL:http://secunia.com/advisories/15019
+Description:
+ The unw_unwind_to_user function in unwind.c on Itanium (ia64) architectures in
+ Linux kernel 2.6 allows local users to cause a denial of service (system
+ crash).
+Notes:
+ dannf> This is fixed in kernel-patch-2.4.27-ia64
+Bugs:
+upstream: released (linux-2.4.29-ia64-050312.diff, 2.6.11)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-14) [ia64-unwind-fix.dpatch]
+2.4.27-sarge-security: released (2.4.27-10)
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
Copied: patch-tracking/retired/CVE-2005-0136 (from rev 520, patch-tracking/CVE-2005-0136)
===================================================================
--- patch-tracking/CVE-2005-0136 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-0136 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,18 @@
+Candidate: CVE-2005-0136
+References:
+ ** RESERVED **
+Description:
+Notes:
+ dannf> This is fixed in kernel-patch-2.4.27-ia64
+Bugs:
+upstream: released (linux-2.4.29-ia64-050312.diff, 2.6.11)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-14) [ia64-ptrace-fixes.dpatch, ia64-ptrace-speedup.dpatch]
+2.4.27-sarge-security: released (2.4.27-10)
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-0137 (from rev 520, patch-tracking/CVE-2005-0137)
===================================================================
--- patch-tracking/CVE-2005-0137 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-0137 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,23 @@
+Candidate: CVE-2005-0137
+References:
+ REDHAT:RHSA-2005:284
+ URL:http://www.redhat.com/support/errata/RHSA-2005-284.html
+ REDHAT:RHSA-2005:293
+ URL:http://www.redhat.com/support/errata/RHSA-2005-293.html
+Description:
+ Linux kernel 2.6 on Itanium (ia64) architectures allows local users to cause a
+ denial of service via a "missing Itanium syscall table entry."
+Notes:
+ dannf> This is actually 2.4 specific - the mitre description is incorrect.
+Bugs:
+upstream: released (2.4.30-rc2)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: released (2.4.27-10) [165_arch-ia64-kernel-missing-sysctl.diff]
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-0176 (from rev 521, patch-tracking/CVE-2005-0176)
===================================================================
--- patch-tracking/CVE-2005-0176 2006-08-14 01:02:16 UTC (rev 521)
+++ patch-tracking/retired/CVE-2005-0176 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,27 @@
+Candidate: CVE-2005-0176
+References:
+ http://marc.theaimsgroup.com/?l=full-disclosure&m=110846102231365&w=2
+ http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
+ http://www.redhat.com/support/errata/RHSA-2005-092.html
+ http://oval.mitre.org/oval/definitions/data/oval1225.html
+ http://www.kernel.org/git/?p=linux/kernel/git/tglx/history.git;a=commit;h=2637792e3d9ae50079238615fd16384a0d393b30
+Description:
+ The shmctl function in Linux 2.6.9 and earlier allows local users to unlock
+ the memory of other processes, which could cause sensitive memory to be swapped
+ to disk, which could allow it to be read by other users once it has been released.
+Notes:
+ It appears that 2.6.8 and earlier are not vulnerable as prior to the
+ following patch, local users could not effect lock or unlock
+ http://www.kernel.org/git/?p=linux/kernel/git/tglx/history.git;a=commit;h=16698c49bbb42567c0bbc528d3820d18885e4642
+ That is, only 2.6.10 is effected.
+Bugs:
+upstream:
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2005-0177 (from rev 520, patch-tracking/CVE-2005-0177)
===================================================================
--- patch-tracking/CVE-2005-0177 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-0177 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,26 @@
+Candidate: CVE-2005-0177
+References:
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@41e2bfbeOiXFga62XrBhzm7Kv9QDmQ
+ CONECTIVA:CLA-2005:930
+ URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
+ REDHAT:RHSA-2005:092
+ URL:http://www.redhat.com/support/errata/RHSA-2005-092.html
+ BUGTRAQ:20050215 [USN-82-1] Linux kernel vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=110846102231365&w=2
+Description:
+ nls_ascii.c in Linux before 2.6.8.1 uses an incorrect table size, which allows
+ attackers to cause a denial of service (kernel crash) via a buffer overflow.
+Notes:
+ dannf> nls_ascii.c isn't in <= 2.4.27
+Bugs:
+upstream: released (2.6.8.1, 2.6.11)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-14) [nls-table-overflow.dpatch]
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
Copied: patch-tracking/retired/CVE-2005-0178 (from rev 520, patch-tracking/CVE-2005-0178)
===================================================================
--- patch-tracking/CVE-2005-0178 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-0178 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,30 @@
+Candidate: CVE-2005-0178
+References:
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@41ddda70CWJb5nNL71T4MOlG2sMG8A
+ CONECTIVA:CLA-2005:930
+ URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
+ REDHAT:RHSA-2005:092
+ URL:http://www.redhat.com/support/errata/RHSA-2005-092.html
+ BUGTRAQ:20050215 [USN-82-1] Linux kernel vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=110846102231365&w=2
+Description:
+ Race condition in the setsid function in Linux before 2.6.8.1 allows local
+ users to cause a denial of service (crash) and possibly access portions of
+ kernel memory, related to TTY changes, locking, and semaphores.
+Notes:
+ dannf> Alan Cox suggested that this is not a 2.4 issue:
+ Alan> Is it actually needed for 2.4. In the 2.4 case your controlling tty is
+ Alan> private not thread group so a setsid() can't race because you can't
+ Alan> setsid in the same thread as is opening current->tty.
+Bugs:
+upstream: released (2.6.8.1, 2.6.11)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-14) [setsid-race.dpatch]
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
Copied: patch-tracking/retired/CVE-2005-0180 (from rev 520, patch-tracking/CVE-2005-0180)
===================================================================
--- patch-tracking/CVE-2005-0180 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-0180 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,28 @@
+Candidate: CVE-2005-0180
+References:
+ http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030660.html
+ http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
+ http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:218
+ http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:219
+ http://www.redhat.com/support/errata/RHSA-2005-092.html
+Description:
+ Multiple integer signedness errors in the sg_scsi_ioctl function in
+ scsi_ioctl.c for Linux 2.6.x allow local users to read or modify kernel
+ memory via negative integers in arguments to the scsi ioctl, which
+ bypass a maximum length check before calling the copy_from_user and
+ copy_to_user functions.
+Notes:
+ jmm> The 2.4.27 version, scsi_ioctl_send_command(), is not affected, as
+ jmm> intlen and outlen are unsigned ints
+Bugs:
+upstream:
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-12) [031-sg_scsi_ioctl_int_overflows.dpatch]
+2.4.27-sarge-security: N/A
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-0204 (from rev 520, patch-tracking/CVE-2005-0204)
===================================================================
--- patch-tracking/CVE-2005-0204 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-0204 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,23 @@
+Candidate: CVE-2005-0204
+References:
+ REDHAT:RHSA-2005:092
+ URL:http://www.redhat.com/support/errata/RHSA-2005-092.html
+Description:
+ Linux kernel before 2.6.9, when running on the AMD64 and Intel EM64T
+ architectures, allows local users to write to privileged IO ports via the OUTS
+ instruction.
+Notes:
+ jmm> 190_outs-2.diff had regressions
+Bugs: 296700
+upstream:
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-14) [outs.dpatch]
+2.4.27-sarge-security: released (2.4.27-9) [143_outs.diff]
+2.4.27-sid: released (2.4.27-12) [190_outs-2.diff]
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-0207 (from rev 520, patch-tracking/CVE-2005-0207)
===================================================================
--- patch-tracking/CVE-2005-0207 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-0207 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,27 @@
+Candidate: CVE-2005-0207
+References:
+ CONECTIVA:CLA-2005:930
+ URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000930
+ SUSE:SUSE-SA:2005:003
+ URL:http://www.securityfocus.com/advisories/7880
+ BID:12330
+ URL:http://www.securityfocus.com/bid/12330
+ http://www.acm.cs.rpi.edu/~dilinger/patches/2.6.10/as2/linux-2.6.10-as2/026-nfs_o_direct_error.patch
+ http://linux.bkbits.net:8080/linux-2.6/cset@41db2d65wbgJvuXTv4x9_quExW0vEA
+Description:
+ Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows NFS
+ clients to cause a denial of service via O_DIRECT.
+Notes:
+ dannf> The vulnerable code doesn't exist in <= 2.4.27
+Bugs:
+upstream: released (2.6.11)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-14) [nfs-O_DIRECT-fix.dpatch]
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
Copied: patch-tracking/retired/CVE-2005-0209 (from rev 520, patch-tracking/CVE-2005-0209)
===================================================================
--- patch-tracking/CVE-2005-0209 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-0209 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,25 @@
+Candidate: CVE-2005-0209
+References:
+ BUGTRAQ:20050315 [USN-95-1] Linux kernel vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111091402626556&w=2
+ CONECTIVA:CLA-2005:945
+ URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000945
+ SUSE:SUSE-SA:2005:018
+ URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html
+ http://oss.sgi.com/archives/netdev/2005-01/msg01072.html
+Description:
+ Netfilter in Linux kernel 2.6.8.1 allows remote attackers to cause a denial of
+ service (kernel crash) via crafted IP packet fragments.
+Notes:
+Bugs:
+upstream:
+linux-2.6:
+2.6.8-sarge-security: released (2.6.8-14) [skb-reset-ip_summed.dpatch]
+2.4.27-sarge-security: released (2.4.27-9) [134_skb_reset_ip_summed.diff]
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-0210 (from rev 520, patch-tracking/CVE-2005-0210)
===================================================================
--- patch-tracking/CVE-2005-0210 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-0210 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,25 @@
+Candidate: CVE-2005-0210
+References:
+ BUGTRAQ:20050315 [USN-95-1] Linux kernel vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111091402626556&w=2
+ CONECTIVA:CLA-2005:945
+ URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000945
+ SUSE:SUSE-SA:2005:018
+ URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html
+Description:
+ Netfilter in the Linux kernel 2.6.8.1 allows local users to cause a denial of
+ service (memory consumption) via certain packet fragments that are reassembled
+ twice, which causes a data structure to be allocated twice.
+Notes:
+Bugs:
+upstream:
+linux-2.6:
+2.6.8-sarge-security: released (2.6.8-15) [ip_copy_metadata_leak.dpatch, ip6_copy_metadata_leak.dpatch]
+2.4.27-sarge-security: released (2.4.27-9) [146_ip6_copy_metadata_leak.diff, 147_ip_copy_metadata_leak.diff]
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-0384 (from rev 520, patch-tracking/CVE-2005-0384)
===================================================================
--- patch-tracking/CVE-2005-0384 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-0384 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,31 @@
+Candidate: CVE-2005-0384
+References:
+ FEDORA:FLSA:152532
+ URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532
+ REDHAT:RHSA-2005:283
+ URL:http://www.redhat.com/support/errata/RHSA-2005-283.html
+ REDHAT:RHSA-2005:284
+ URL:http://www.redhat.com/support/errata/RHSA-2005-284.html
+ SUSE:SUSE-SA:2005:018
+ URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html
+ TRUSTIX:2005-0009
+ URL:http://www.trustix.org/errata/2005/0009/
+ UBUNTU:USN-95-1
+ URL:http://www.ubuntulinux.org/support/documentation/usn/usn-95-1
+Description:
+ Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 allows
+ remote attackers to cause a denial of service (kernel crash) via a pppd
+ client.
+Notes:
+Bugs:
+upstream:
+linux-2.6:
+2.6.8-sarge-security: released (2.6.8-15) [drivers-net-ppp_async-fix-dos.dpatch]
+2.4.27-sarge-security: released (2.4.27-9) [153_ppp_async_dos.diff]
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
+2.4.18-woody-security-hppa: released (62.4)
Copied: patch-tracking/retired/CVE-2005-0400 (from rev 520, patch-tracking/CVE-2005-0400)
===================================================================
--- patch-tracking/CVE-2005-0400 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-0400 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,32 @@
+Candidate: CVE-2005-0400
+References:
+ BUGTRAQ:20050401 Information leak in the Linux kernel ext2 implementation
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111238764720696&w=2
+ MISC:http://arkoon.net/advisories/ext2-make-empty-leak.txt
+ FEDORA:FLSA:152532
+ URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532
+ UBUNTU:USN-103-1
+ URL:http://www.ubuntulinux.org/support/documentation/usn/usn-103-1
+ XF:kernel-ext2-information-disclosure(19866)
+ URL:http://xforce.iss.net/xforce/xfdb/19866
+ CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.6
+ SECUNIA:14713
+ URL:http://secunia.com/advisories/14713/
+Description:
+ The ext2_make_empty function call in the Linux kernel before 2.6.11.6 does not
+ properly initialize memory when creating a block for a new directory entry,
+ which allows local users to obtain potentially sensitive information by
+ reading the block.
+Notes:
+Bugs: 301799 303294
+upstream: released (2.6.11.6)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-16) [fs-ext2-info-leak.dpatch]
+2.4.27-sarge-security: released (2.4.27-10) [156_fs-ext2-info-leak.diff]
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-0449 (from rev 520, patch-tracking/CVE-2005-0449)
===================================================================
--- patch-tracking/CVE-2005-0449 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-0449 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,20 @@
+Candidate: CVE-2005-0449
+References:
+ http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0449
+ http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1e01441051dda3bb01c455b6e20bce6d00563\d82
+ http://oss.sgi.com/archives/netdev/2005-01/msg01107.html
+Description:
+ The netfilter/iptables module in Linux before 2.6.8.1 allows remote attackers to
+ cause a denial of service (kernel crash) or bypass firewall rules via crafted
+ packets, which are not properly handled by the skb_checksum_help function.
+Notes:
+ ** CHANGES ABI **
+ ipv4-fragment-queues-[1,2,2.1].dpatch are in sarge's 2.6.8.
+ ipv4-fragment-queues-[3,4].dpatch are awaiting an ABI event
+ .
+ 150_private_fragment_queues-[1,2].diff are awaiting a 2.4.27 ABI event
+Bugs:
+upstream: released (2.6.8.1)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-16sarge2) [ipv4-fragment-queues-1.dpatch, ipv4-fragment-queues-2.dpatch, ipv4-fragment-queues-3.dpatch, ipv4-fragment-queues-4.dpatch]
+2.4.27-sarge-security: released (2.4.27-10sarge2) [150_private_fragment_queues-1.diff, 150_private_fragment_queues-2.diff]
Copied: patch-tracking/retired/CVE-2005-0528 (from rev 520, patch-tracking/CVE-2005-0528)
===================================================================
--- patch-tracking/CVE-2005-0528 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-0528 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,28 @@
+Candidate: CVE-2005-0528
+References:
+Description:
+Notes:
+ From Joey's 2.4.18-14.4 changelog:
+ * Applied patch by Andrea Arcangeli from 2.4.24 to fix privilege
+ escalation in the mremap() syscall [mm/mremap.c, CAN-2004-nnnn]
+ jmm> Isn't this CVE-2004-0077?
+ dannf> Looks like this is a different issue. Joey's patch is here:
+ http://klecker.debian.org/~joey/security/kernel/patches/patch.CAN-2005-0528.mremap
+ dannf> But it doesn't look like mitre has released the details yet:
+ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0528
+ jmm> The patch is merged as of 2.4.27, but I'm not sure at which exact version
+ dannf> It looks like this would apply to 2.6, but isn't necessary because
+ dannf> its already fixed in a different way. 2.6 checks for a 0 new_len
+ dannf> earlier and errors out
+ jmm> This turned out to be a dupe of CVE-2003-0985
+Bugs:
+upstream: N/A
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: released (2.4.19-4.woody3)
+2.4.18-woody-security: released (2.4.18-14.4)
+2.4.17-woody-security: released (2.4.17-1woody4)
+2.4.16-woody-security: released (2.4.16-1woody3)
+2.4.17-woody-security-hppa: released (32.5)
+2.4.17-woody-security-ia64: released (011226.18)
Copied: patch-tracking/retired/CVE-2005-0529 (from rev 520, patch-tracking/CVE-2005-0529)
===================================================================
--- patch-tracking/CVE-2005-0529 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-0529 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,31 @@
+Candidate: CVE-2005-0529
+References:
+ FULLDISC:20050215 linux kernel 2.6 fun. windoze is a joke
+ URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=110846727602817&w=2
+ MISC:http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@4201818eC6aMn0x3GY_9rw3ueb2ZWQ
+ CONECTIVA:CLA-2005:930
+ URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
+ SUSE:SUSE-SA:2005:018
+ URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html
+ BUGTRAQ:20050315 [USN-95-1] Linux kernel vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111091402626556&w=2
+Description:
+ Linux kernel 2.6.10 and 2.6.11rc1-bk6 uses different size types for offset
+ arguments to the proc_file_read and locks_read_proc functions, which leads to
+ a heap-based buffer overflow when a signed comparison causes negative integers
+ to be used in a positive context.
+Notes:
+ dannf> 2.4 doesn't do the signed cast, so it shouldn't be vulnerable
+Bugs:
+upstream: released (2.6.11)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-14) [115-proc_file_read_nbytes_signedness_fix.dpatch]
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
Copied: patch-tracking/retired/CVE-2005-0530 (from rev 520, patch-tracking/CVE-2005-0530)
===================================================================
--- patch-tracking/CVE-2005-0530 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-0530 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,38 @@
+Candidate: CVE-2005-0530
+References:
+ FULLDISC:20050215 linux kernel 2.6 fun. windoze is a joke
+ URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=110846727602817&w=2
+ MISC:http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@420181322LZmhPTewcCOLkubGwOL3w
+ CONECTIVA:CLA-2005:930
+ URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
+ SUSE:SUSE-SA:2005:018
+ URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html
+ BUGTRAQ:20050315 [USN-95-1] Linux kernel vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111091402626556&w=2
+Description:
+ Signedness error in the copy_from_read_buf function in n_tty.c for Linux
+ kernel 2.6.10 and 2.6.11rc1 allows local users to read kernel memory via a
+ negative argument.
+Notes:
+ dannf> This doesn't affect 2.4:
+ marcello> v2.4 does not suffer from the issue mentioned by Guninski because
+ marcello> the first argument of the arithmetic comparison is not casted
+ marcello> to a "signed" value:
+ .
+ marcello> n = min((ssize_t)*nr, n);
+ .
+ marcello> That was the problem in v2.6, where an unsigned value bigger than
+ marcello> 2^31 would be treated as a negative signed.
+Bugs:
+upstream: released (2.6.11)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-14) [116-n_tty_copy_from_read_buf_signedness_fixes.dpatch]
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
Copied: patch-tracking/retired/CVE-2005-0531 (from rev 520, patch-tracking/CVE-2005-0531)
===================================================================
--- patch-tracking/CVE-2005-0531 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-0531 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,20 @@
+Candidate: CVE-2005-0531
+References:
+ FULLDISC:20050215 linux kernel 2.6 fun. windoze is a joke
+ URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=110846727602817&w=2
+ MISC:http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/gnupatch@4208e1fcfccuD-eH2OGM5mBhihmQ3A
+ CONECTIVA:CLA-2005:930
+ URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
+ BUGTRAQ:20050315 [USN-95-1] Linux kernel vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111091402626556&w=2
+Description:
+ The atm_get_addr function in addr.c for Linux kernel 2.6.10 and 2.6.11 before
+ 2.6.11-rc4 may allow local users to trigger a buffer overflow via negative
+ arguments.
+Notes:
+Bugs:
+upstream: released (2.6.11-rc4)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-14) [123-atm_get_addr_signedness_fix.dpatch]
+2.4.27-sarge-security: released (2.4.27-9) [151_atm_get_addr_signedness_fix.diff]
Copied: patch-tracking/retired/CVE-2005-0532 (from rev 520, patch-tracking/CVE-2005-0532)
===================================================================
--- patch-tracking/CVE-2005-0532 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-0532 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,29 @@
+Candidate: CVE-2005-0532
+References:
+ FULLDISC:20050215 linux kernel 2.6 fun. windoze is a joke
+ URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=110846727602817&w=2
+ MISC:http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@42018227TkNpHlX6BefnItV_GqMmzQ
+ SUSE:SUSE-SA:2005:018
+ URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html
+ BUGTRAQ:20050315 [USN-95-1] Linux kernel vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111091402626556&w=2
+Description:
+ The reiserfs_copy_from_user_to_file_region function in reiserfs/file.c for
+ Linux kernel 2.6.10 and 2.6.11 before 2.6.11-rc4, when running on 64-bit
+ architectures, may allow local users to trigger a buffer overflow as a result
+ of casting discrepancies between size_t and int data types.
+Notes:
+ dannf> Vulnerable code didn't exist in 2.4
+Bugs:
+upstream: released (2.6.11-rc3)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-14) [117-reiserfs_file_64bit_size_t_fixes.dpatch]
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
Copied: patch-tracking/retired/CVE-2005-0736 (from rev 520, patch-tracking/CVE-2005-0736)
===================================================================
--- patch-tracking/CVE-2005-0736 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-0736 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,22 @@
+Candidate: CVE-2005-0736
+References:
+ http://lists.grok.org.uk/pipermail/full-disclosure/2005-March/032314.html
+ http://linux.bkbits.net:8080/linux-2.6/cset@422dd06a1p5PsyFhoGAJseinjEq3ew?nav=index.html|ChangeSet@-1d
+ http://www.novell.com/linux/security/advisories/2005_18_kernel.html
+ http://www.ubuntulinux.org/support/documentation/usn/usn-95-1
+ http://www.securityfocus.com/bid/12763
+Description:
+ Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11
+ allows local users to overwrite kernel memory via a large number of events.
+Notes: 2.4.* doesn't have epoll()
+Bugs:
+upstream: released (2.6.11.2)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2005-0749 (from rev 520, patch-tracking/CVE-2005-0749)
===================================================================
--- patch-tracking/CVE-2005-0749 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-0749 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,28 @@
+Candidate: CVE-2005-0749
+References:
+ FEDORA:FLSA:152532
+ URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532
+ UBUNTU:USN-103-1
+ URL:http://www.ubuntulinux.org/support/documentation/usn/usn-103-1
+ CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.6
+ SECUNIA:14713
+ URL:http://secunia.com/advisories/14713/
+ XF:kernel-loadelflibrary-dos(19867)
+ URL:http://xforce.iss.net/xforce/xfdb/19867
+Description:
+ The load_elf_library in the Linux kernel before 2.6.11.6 allows local users to
+ cause a denial of service (kernel crash) via a crafted ELF library or
+ executable, which causes a free of an invalid pointer.
+Notes:
+Bugs: 301799, 303498
+upstream: released (2.6.11.6)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-16) [fs-binfmt_elf-dos.dpatch]
+2.4.27-sarge-security: released (2.4.27-10) [158_fs-binfmt_elf-dos.diff]
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-0750 (from rev 520, patch-tracking/CVE-2005-0750)
===================================================================
--- patch-tracking/CVE-2005-0750 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-0750 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,32 @@
+Candidate: CVE-2005-0750
+References:
+ BUGTRAQ:20050327 local root security bug in linux >= 2.4.6 <= 2.4.30-rc1 and 2.6.x.y <= 2.6.11.5
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111204562102633&w=2
+ FULLDISC:20050327 local root security bug in linux >= 2.4.6 <= 2.4.30-rc1 and 2.6.x.y <= 2.6.11.5
+ URL:http://lists.grok.org.uk/pipermail/full-disclosure/2005-March/032913.html
+ FEDORA:FLSA:152532
+ URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532
+ REDHAT:RHSA-2005:283
+ URL:http://www.redhat.com/support/errata/RHSA-2005-283.html
+ REDHAT:RHSA-2005:284
+ URL:http://www.redhat.com/support/errata/RHSA-2005-284.html
+ XF:kernel-bluezsockcreate-integer-underflow(19844)
+ URL:http://xforce.iss.net/xforce/xfdb/19844
+Description:
+ The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6
+ through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain
+ privileges via (1) socket or (2) socketpair call with a negative protocol
+ value.
+Notes:
+Bugs: 301799
+upstream: released (2.6.11.5)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-16) [net-bluetooth-signdness-fix.dpatch]
+2.4.27-sarge-security: released (2.4.27-10) [155_net-bluetooth-signdness-fix.diff]
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-0756 (from rev 520, patch-tracking/CVE-2005-0756)
===================================================================
--- patch-tracking/CVE-2005-0756 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-0756 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,19 @@
+Candidate: CVE-2005-0756
+References:
+ http://www.ubuntulinux.org/support/documentation/usn/usn-137-1
+Description:
+ ptrace 2.6.8.1 does not properly verify addresses on the amd64 platform,
+ which allows local users to cause a denial of service (kernel crash).
+Notes:
+Bugs:
+upstream:
+linux-2.6:
+2.6.8-sarge-security: released (2.6.8-16sarge1) [arch-x86_64-kernel-ptrace-canonical-rip-2.dpatch]
+2.4.27-sarge-security: released (2.4.27-10sarge1)
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-0757 (from rev 520, patch-tracking/CVE-2005-0757)
===================================================================
--- patch-tracking/CVE-2005-0757 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-0757 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,21 @@
+Candidate: CVE-2005-0757
+References:
+Description:
+ source: Trawled out of Red Hat's kernel-2.4.21-32.0.1.EL.src.rpm by Horms
+ inclusion: upstream code has been reworked and doesn't appear vulnerable
+ descrition: on 64 bit architectures incorrect handling of xattr offsets
+ may cause a local DoS
+ revision date: Fri, 29 Jul 2005 12:04:57 +0900
+Notes:
+Bugs:
+upstream:
+2.4.27-sarge-security: released (2.4.27-10sarge1)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-16sarge1) [fs-ext3-64bit-offset.dpatch]
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-0767 (from rev 520, patch-tracking/CVE-2005-0767)
===================================================================
--- patch-tracking/CVE-2005-0767 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-0767 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,22 @@
+Candidate: CVE-2005-0767
+References:
+ http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000945
+ http://www.ubuntulinux.org/support/documentation/usn/usn-95-1
+Description:
+ Race condition in the Radeon DRI driver for Linux kernel 2.6.8.1 allows
+ local users with DRI privileges to execute arbitrary code as root.
+Notes:
+ horms> For the record:
+ horms> The patch seems to already be present in 2.6.11.
+ horms> And the bug does not seem to be present in 2.4.27.
+Bugs: 297203
+upstream: released (2.6.11-rc4)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-15)
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2005-0815 (from rev 520, patch-tracking/CVE-2005-0815)
===================================================================
--- patch-tracking/CVE-2005-0815 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-0815 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,28 @@
+Candidate: CVE-2005-0815
+References:
+ BUGTRAQ:20050317 Linux ISO9660 handling flaws
+ URL:http://www.securityfocus.com/archive/1/393590
+ CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.12-rc1
+ FEDORA:FLSA:152532
+ URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532
+ BID:12837
+ URL:http://www.securityfocus.com/bid/12837
+ XF:kernel-iso9660-filesystem(19741)
+ URL:http://xforce.iss.net/xforce/xfdb/19741
+Description:
+ Multiple "range checking flaws" in the ISO9660 filesystem handler in Linux
+ 2.6.11 and earlier may allow attackers to cause a denial of service or corrupt
+ memory via a crafted filesystem.
+Notes:
+Bugs: 301799
+upstream: released (2.6.12-rc1)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-16) [fs-isofs-range-check-1.dpatch, fs-isofs-range-check-2.dpatch, fs-isofs-range-check-3.dpatch]
+2.4.27-sarge-security: released (2.4.27-10) [157_fs-isofs-range-check-1.diff, 157_fs-isofs-range-check-2.diff, 157_fs-isofs-range-check-3.diff]
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-0839 (from rev 520, patch-tracking/CVE-2005-0839)
===================================================================
--- patch-tracking/CVE-2005-0839 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-0839 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,23 @@
+Candidate: CVE-2005-0839
+References:
+ MLIST:[linux-kernel] 20050301 Re: Breakage from patch: Only root should be able to set the N_MOUSE line discipline.
+ URL:http://www.mail-archive.com/linux-kernel@vger.kernel.org/msg64704.html
+ MISC:http://linux.bkbits.net:8080/linux-2.6/cset@41fa6464E1UuGu6zmketEYxm73KSyQ
+Description:
+ Linux kernel 2.6 before 2.6.11 does not restrict access to the N_MOUSE line
+ discipline for a TTY, which allows local users to gain privileges by injecting
+ mouse or keyboard events into other user sessions.
+Notes:
+ dannf> This file isn't in <= 2.4.27
+Bugs: 301372
+upstream: released (2.6.11)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-16) [drivers-input-serio-nmouse.dpatch]
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
Copied: patch-tracking/retired/CVE-2005-0867 (from rev 520, patch-tracking/CVE-2005-0867)
===================================================================
--- patch-tracking/CVE-2005-0867 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-0867 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,22 @@
+Candidate: CVE-2005-0867
+References:
+ http://www.novell.com/linux/security/advisories/2005_18_kernel.html
+Description:
+ Integer overflow in Linux kernel 2.6 allows local users to overwrite kernel
+ memory by writing to a sysfs file.
+Notes:
+ horms> The Debian Packages for 2.6.8 and 2.6.11 do not appear to
+ horms> have this bug. 2.4.27 does not include sysfs, and thus
+ horma> also does not have this bug.
+ jmm> The patch for the vulnerability in question can be found in the BTS
+Bugs: 306137
+upstream:
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2005-0916 (from rev 520, patch-tracking/CVE-2005-0916)
===================================================================
--- patch-tracking/CVE-2005-0916 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-0916 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,22 @@
+Candidate: CVE-2005-0916
+References:
+ http://groups-beta.google.com/group/linux.kernel/browse_thread/thread/13b43bd5783842f6/7ce3c5a514a497ab
+ http://linux.bkbits.net:8080/linux-2.6/cset%404248c8c0es30_4YVdwa6vteKi7h_nw
+ http://www.novell.com/linux/security/advisories/2005_50_kernel.html
+Description:
+ AIO in the Linux kernel 2.6.11 on the PPC64 or IA64 architectures with
+ CONFIG_HUGETLB_PAGE enabled allows local panic) via a process that executes
+ the io_queue_init function but exits without running io_queue_release, which
+ to fail.
+Notes:
+Bugs:
+upstream: released (2.6.12)
+linux-2.6: released (2.6.12-1)
+2.6.8-sarge-security: released (2.6.8-16) [arch-ppc64-hugepage-aio-panic.dpatch]
+2.4.27-sarge-security: N/A
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Copied: patch-tracking/retired/CVE-2005-1041 (from rev 520, patch-tracking/CVE-2005-1041)
===================================================================
--- patch-tracking/CVE-2005-1041 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-1041 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,22 @@
+Candidate: CVE-2005-1041
+References:
+ http://marc.theaimsgroup.com/?l=bk-commits-head&m=111186506706769&w=2
+Description:
+ The fib_seq_start function in fib_hash.c in Linux kernel allows local
+ users to cause a denial of service (system crash) via /proc/net/route.
+Notes:
+ horms> 2.4.27 is not effected by 304548 as the buggy code is a complete
+ horms> rework for 2.6. I looked over the way that proc/route is handled
+ horms> for 2.4.27, and it seems fine.
+Bugs: 304548
+upstream: released (2.6.11.5)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-16)
+2.4.27-sarge-security: N/A
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-1263 (from rev 520, patch-tracking/CVE-2005-1263)
===================================================================
--- patch-tracking/CVE-2005-1263 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-1263 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,28 @@
+Candidate: CVE-2005-1263
+References:
+ BUGTRAQ:20050511 Linux kernel ELF core dump privilege elevation
+ URL:http://www.securityfocus.com/archive/1/397966
+ MISC:http://www.isec.pl/vulnerabilities/isec-0023-coredump.txt
+ FRSIRT:ADV-2005-0524
+ URL:http://www.frsirt.com/english/advisories/2005/0524
+ OVAL:OVAL1122
+ URL:http://oval.mitre.org/oval/definitions/data/oval1122.html
+Description:
+ The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to
+ 2.2.27-rc2, 2.4.x to 2.4.31-pre1, and 2.6.x to 2.6.12-rc4 allows local users
+ to execute arbitrary code via an ELF binary that, in certain conditions
+ involving the create_elf_tables function, causes a negative length argument
+ to pass a signed integer comparison, leading to a buffer overflow.
+Notes:
+Bugs:
+upstream: released (2.2.27-rc2, 2.4.31-pre1, 2.6.12-rc4)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-16)
+2.4.27-sarge-security: released (2.4.27-10)
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-1368 (from rev 520, patch-tracking/CVE-2005-1368)
===================================================================
--- patch-tracking/CVE-2005-1368 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-1368 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,23 @@
+Candidate: CVE-2005-1368
+References:
+ http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.8
+ http://linux.bkbits.net:8080/linux-2.6/cset%40423078fafVa6mAyny23YZ87hDipmTw
+Description:
+ The key_user_lookup function in security/keys/key.c in Linux kernel 2.6.10 to 2.6.11.8 may allow
+ attackers to cause a denial of service (oops) via SMP.
+Notes:
+ horms> The fix for CAN-2005-1368 is in SVN for 2.6.11.
+ horms> The code that this bug manifests in is not present
+ horms> in 2.6.8 or 2.4.27.
+ jmm> The code in question isn't present in Woody either
+Bugs:
+upstream: released (2.6.11.8)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2005-1369 (from rev 520, patch-tracking/CVE-2005-1369)
===================================================================
--- patch-tracking/CVE-2005-1369 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-1369 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,24 @@
+Candidate: CVE-2005-1369
+References:
+ http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.8
+ http://lkml.org/lkml/2005/4/20/159
+Description:
+ The (1) it87 and (2) via686a drivers in I2C for Linux 2.6.x before 2.6.11.8,
+ and 2.6.12 before 2.6.12-rc2, create the sysfs "alarms" file with write
+ permissions, which allows local users to cause a denial of service (CPU
+ consumption) by attempting to write to the file, which does not have an
+ associated store function.
+Notes:
+ jmm> These drivers are not present in 2.4
+Bugs: 307552
+upstream: released (2.6.11.8)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-16)
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
Copied: patch-tracking/retired/CVE-2005-1589 (from rev 520, patch-tracking/CVE-2005-1589)
===================================================================
--- patch-tracking/CVE-2005-1589 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-1589 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,36 @@
+Candidate: CVE-2005-1589
+References:
+ http://marc.theaimsgroup.com/?l=linux-kernel&m=111630531515901&w=2
+ http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0045.html
+ http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0046.html
+ http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0047.html
+ http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.10
+ http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:219
+ http://www.frsirt.com/english/advisories/2005/0557
+Description:
+ The pkt_ioctl function in the pktcdvd block device ioctl handler (pktcdvd.c)
+ in Linux kernel 2.6.12-rc4 and earlier calls the wrong function before
+ passing an ioctl to the block device, which crosses security boundaries by
+ making kernel address space accessible from user space and allows local users
+ to cause a denial of service and possibly execute arbitrary code, a similar
+ vulnerability to CVE-2005-1264.
+Notes:
+ horms> (discussing this and a similar problem):
+ horms> 2.6.8 is only vulnerable to the raw ioctl problem,
+ horms> which I believe is CAN-2005-1264.
+ horms> (unstable/testing-proposed-updates) and sarge-security
+ horms> (testing-security) branches and it should appear in 2.6.8-16 and
+ horms> 2.6.8-15sarge1 respectively.
+ horms> 2.4.27 does not appear to be vulnerable to either of these problems.
+Bugs: 309429
+upstream: released (2.6.11.10), released (2.6.12-rc5)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-16)
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
Copied: patch-tracking/retired/CVE-2005-1761 (from rev 520, patch-tracking/CVE-2005-1761)
===================================================================
--- patch-tracking/CVE-2005-1761 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-1761 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,25 @@
+Candidate: CVE-2005-1761
+References:
+ http://www.novell.com/linux/security/advisories/2005_44_kernel.html
+ http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4ea78729b8dbfc400fe165a57b90a394a7275a54
+Description:
+ Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users
+ to cause a denial of service (kernel crash) via ptrace and the
+ restore_sigcontext function.
+Notes:
+ jmm> This uses arch-ia64-ptrace-restore_sigcontext.dpatch, correct?
+ dannf> 2.4 patch for ia64 from SuSE in: CVE-2005-1761-linux24.patch
+ dannf> Unfortunately, its against an older 2.4, so this doesn't apply
+ dannf> trivially
+Bugs:
+upstream: released (2.6.12.1)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-16sarge1) [arch-x86_64-private-tss.dpatch, arch-x86_64-nmi.dpatch, arch-ia64-ptrace-getregs-putregs.dpatch, arch-ia64-ptrace-restore_sigcontext.dpatch]
+2.4.27-sarge-security: released (2.4.27-10sarge2) [204_arch-ia64-ptrace-getregs-putregs.diff, 205_arch-ia64-ptrace-restore_sigcontext.diff]
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-1762 (from rev 520, patch-tracking/CVE-2005-1762)
===================================================================
--- patch-tracking/CVE-2005-1762 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-1762 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,22 @@
+Candidate: CVE-2005-1762
+References:
+ http://www.novell.com/linux/security/advisories/2005_29_kernel.html
+ http://www.ubuntulinux.org/support/documentation/usn/usn-143-1
+ http://secunia.com/advisories/15786
+Description:
+ The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64
+ platform allows local users to cause a denial of service (kernel
+ crash) via a "non-canonical" address.
+Notes:
+Bugs:
+upstream: released (2.6.12-rc5)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-16sarge1) [arch-x86_64-kernel-ptrace-canonical-rip-1.dpatch]
+2.4.27-sarge-security: released (2.4.27-10sarge1) [169_arch-x86_64-kernel-ptrace-canonical-rip-1.dpatch]
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-1763 (from rev 520, patch-tracking/CVE-2005-1763)
===================================================================
--- patch-tracking/CVE-2005-1763 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-1763 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,22 @@
+Candidate: CVE-2005-1763
+References:
+ http://www.novell.com/linux/security/advisories/2005_29_kernel.html
+Description:
+ Buffer overflow in ptrace in the Linux Kernel for 64-bit architectures allows
+ local users to write bytes into kernel memory.
+Notes:
+ dannf> The patch we have is only for x86_64. This code was very different
+ dannf> in 2.4, and we don't ship 2.4/amd64, so we can probably drop this one.
+ dannf> The question is, does this affect other 64-bit archs?
+Bugs:
+upstream: released (2.6.12-rc5)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-16sarge1) [arch-x86_64-kernel-ptrace-boundary-check.dpatch]
+2.4.27-sarge-security: ignored (2.4.27-10sarge4)
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-1764 (from rev 520, patch-tracking/CVE-2005-1764)
===================================================================
--- patch-tracking/CVE-2005-1764 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-1764 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,30 @@
+Candidate: CVE-2005-1764
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1764
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050531
+ Category: SF
+ CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=637716a3825e186555361574aa1fa3c0ebf8018b
+ CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=637716a3825e186555361574aa1fa3c0ebf8018bReference: SUSE:SUSE-SA:2005:029
+ URL:http://freshmeat.net/articles/view/1678/
+Description:
+ Linux 2.6.11 on 64-bit x86 (x86_64) platforms does not use a guard
+ page for the 47-bit address page to protect against an AMD K8 bug,
+ which allows local users to cause a denial of service.
+Notes:
+ horms> I believe that only 2.6.11 is vulnerable to this
+upstream: released (2.6.11.11)
+2.6.8-sarge-security: N/A
+2.4.27-sid/sarge: N/A
+2.4.27-sarge-security: N/A
+linux-2.6: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
Copied: patch-tracking/retired/CVE-2005-1765 (from rev 520, patch-tracking/CVE-2005-1765)
===================================================================
--- patch-tracking/CVE-2005-1765 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-1765 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,24 @@
+Candidate: CVE-2005-1765
+References:
+ http://www.novell.com/linux/security/advisories/2005_29_kernel.html
+ http://www.ubuntulinux.org/support/documentation/usn/usn-143-1
+Description:
+ syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform,
+ when running in 32-bit compatibility mode, allows local users to cause
+ a denial of service (kernel hang) via crafted arguments.
+Notes:
+ jmm> I've extracted the patch from the Ubuntu update (CVE-2005-1765.patch)
+ dannf> This code was very different in 2.4, and we don't ship 2.4/amd64, so
+ I'll mark 2.4 N/A
+Bugs:
+upstream:
+linux-2.6:
+2.6.8-sarge-security: released (2.6.8-16sarge1) [arch-x86_64-mm-mmap.dpatch]
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
Copied: patch-tracking/retired/CVE-2005-1767 (from rev 522, patch-tracking/CVE-2005-1767)
===================================================================
--- patch-tracking/CVE-2005-1767 2006-08-14 01:31:55 UTC (rev 522)
+++ patch-tracking/retired/CVE-2005-1767 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,23 @@
+Candidate: CVE-2005-1767
+References:
+ CONFIRM:http://kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=51e31546a2fc46cb978da2ee0330a6a68f07541e
+ http://www.novell.com/linux/security/advisories/2005_44_kernel.html
+ http://www.ubuntu.com/usn/usn-187-1
+Description:
+ traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment faults on an exception
+ stack, which allows local users to cause a denial of service (oops and stack fault exception).
+Notes:
+ This is already fixed in 2.6 and added for completeness.
+ Horms> This is amd64 specific, and thus should not affect 2.4
+Bugs:
+upstream: released (2.6.12, 2.4.32)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-16sarge1) [arch-x86_64-kernel-stack-faults.dpatch, arch-x86_64-nmi.dpatch, arch-x86_64-kernel-stack-faults.dpatch]
+2.4.27-sarge-security: released (2.4.27-10sarge1) [181_arch-x86_64-kernel-stack-faults.diff]
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
Copied: patch-tracking/retired/CVE-2005-1768 (from rev 520, patch-tracking/CVE-2005-1768)
===================================================================
--- patch-tracking/CVE-2005-1768 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-1768 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,34 @@
+Candidate: CVE-2005-1768
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1768
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050531
+ Category: SF
+ BUGTRAQ:20050711 [ Suresec Advisories ] - Linux kernel ia32 compatibility (ia64/x86-64)
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=112110120216116&w=2
+ MISC:http://www.suresec.org/advisories/adv4.pdf
+Description:
+ Race condition in the ia32 compatibility code for the execve system
+ call in Linux kernel 2.4 before 2.4.31 and 2.6 before 2.6.6 allows
+ local users to cause a denial of service (kernel panic) and possibly
+ execute arbitrary code via a concurrent thread that increments a
+ pointer count after the nargs function has counted the pointers, but
+ before the count is copied from user space to kernel space, which
+ leads to a buffer overflow.
+Notes:
+ 167_arch-ia64-x86_64_execve.diff (note 2.4 is not supported for amd64)
+upstream: released (2.4.31, 2.6.6)
+2.6.8-sarge-security: N/A
+2.4.27-sid/sarge: released (2.4.27-11)
+2.4.27-sarge-security: released (2.4.27-10sarge1)
+linux-2.6: N/A
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-1913 (from rev 520, patch-tracking/CVE-2005-1913)
===================================================================
--- patch-tracking/CVE-2005-1913 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-1913 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,37 @@
+Candidate: CVE-2005-1913
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1913
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050608
+ Category: SF
+ CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.1
+ UBUNTU:USN-178-1
+ URL:http://www.ubuntu.com/usn/usn-178-1
+ BID:14054
+ URL:http://www.securityfocus.com/bid/14054
+ SECUNIA:15786
+ URL:http://secunia.com/advisories/15786/
+ XF:kernel-subthread-dos(21138)
+ URL:http://xforce.iss.net/xforce/xfdb/21138
+Description:
+ The Linux kernel 2.6 before 2.6.12.1 allows local users to cause a
+ denial of service (kernel panic) via a non group-leader thread
+ executing a different program than was pending in itimer, which causes
+ the signal to be delivered to the old group-leader task, which does
+ not exist.
+Notes:
+upstream: released (2.6.12.1)
+2.6.8-sarge-security: N/A
+2.4.27-sid/sarge: N/A
+2.4.27-sarge-security: N/A
+linux-2.6: released (2.6.12-1) [linux-2.6.12.1.patch]
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-2098 (from rev 520, patch-tracking/CVE-2005-2098)
===================================================================
--- patch-tracking/CVE-2005-2098 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-2098 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,33 @@
+Candidate: CVE-2005-2098
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2098
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050630
+ Category: SF
+ CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5
+ UBUNTU:USN-169-1
+ URL:http://www.ubuntulinux.org/support/documentation/usn/usn-169-1
+ SECUNIA:16355
+ URL:http://secunia.com/advisories/16355/
+Description:
+ The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before
+ 2.6.12.5 contains an error path that does not properly release the
+ session management semaphore, which allows local users or remote
+ attackers to cause a denial of service (semaphore hang) via a new
+ session keyring (1) with an empty name string, (2) with a long name
+ string, (3) with the key quota reached, or (4) ENOMEM.
+upstream: released (2.6.12.5)
+2.6.8-sarge-security: N/A
+2.4.27-sid/sarge: N/A
+2.4.27-sarge-security: N/A
+linux-2.6: released (2.6.12-3) [linux-2.6.12.5.patch]
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-2099 (from rev 520, patch-tracking/CVE-2005-2099)
===================================================================
--- patch-tracking/CVE-2005-2099 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-2099 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,32 @@
+Candidate: CVE-2005-2099
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2099
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050630
+ Category: SF
+ CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5
+ UBUNTU:USN-169-1
+ URL:http://www.ubuntulinux.org/support/documentation/usn/usn-169-1
+ SECUNIA:16355
+ URL:http://secunia.com/advisories/16355/
+Description:
+ The Linux kernel before 2.6.12.5 does not properly destroy a keyring
+ that is not instantiated properly, which allows local users or remote
+ attackers to cause a denial of service (kernel oops) via a keyring
+ with a payload that is not empty, which causes the creation to fail,
+ leading toa null dereference in the keyring destructor.
+upstream: released (2.6.12.5)
+2.6.8-sarge-security: N/A
+2.4.27-sid/sarge: N/A
+2.4.27-sarge-security: N/A
+linux-2.6: released (2.6.12-3) [linux-2.6.12.5.patch]
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-2100 (from rev 520, patch-tracking/CVE-2005-2100)
===================================================================
--- patch-tracking/CVE-2005-2100 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-2100 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,24 @@
+Candidate: CVE-2005-2100
+References:
+ CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=165547
+ REDHAT:RHSA-2005:514
+ URL:http://www.redhat.com/support/errata/RHSA-2005-514.html
+Description:
+ The rw_vm function in usercopy.c in the 4GB split patch for the Linux kernel in
+ Red Hat Enterprise Linux 4 does not perform proper bounds checking, which allows
+ local users to cause a denial of service (crash).
+Notes:
+ horms> This is a bug in the Red Hat 4G/4G patch, and doesn't appear
+ in Upstream or Debian Kernels.
+Bugs:
+upstream:
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-2456 (from rev 520, patch-tracking/CVE-2005-2456)
===================================================================
--- patch-tracking/CVE-2005-2456 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-2456 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,32 @@
+Candidate: CVE-2005-2456
+References:
+ http://www.mail-archive.com/netdev@vger.kernel.org/msg00520.html
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a4f1bac62564049ea4718c4624b0fadc9f597c84
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blobdiff;h=8da3e25b2c4c1f305fd85428d3a9eb62b543bfba;hp=ecade4893a139cc35d4fe345ce70242ede5358c4;hb=a4f1bac62564049ea4718c4624b0fadc9f597c84;f=net/xfrm/xfrm_user.c
+ http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:219
+ http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:220
+ http://www.ubuntulinux.org/support/documentation/usn/usn-169-1
+ http://www.novell.com/linux/security/advisories/2005_50_kernel.html
+ http://www.securityfocus.com/bid/14477
+ http://secunia.com/advisories/16298
+ http://secunia.com/advisories/16500
+ http://xforce.iss.net/xforce/xfdb/21710
+Description:
+ Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c
+ in Linux kernel 2.6 allows local users to cause a denial of service (oops
+ or deadlock) and possibly execute arbitrary code via a p->dir value that is
+ larger than XFRM_POLICY_OUT, which is used as an index in the sock->sk_policy
+ array.
+Notes:
+Bugs: 321401
+upstream:
+linux-2.6: released (2.6.12-2)
+2.6.8-sarge-security: released (2.6.8-16sarge1)
+2.4.27-sarge-security: released (2.4.27-10sarge1) [176_ipsec-array-overflow.diff]
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-2457 (from rev 520, patch-tracking/CVE-2005-2457)
===================================================================
--- patch-tracking/CVE-2005-2457 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-2457 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,27 @@
+Candidate: CVE-2005-2457
+References:
+ URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2457
+ CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5
+ UBUNTU:USN-169-1
+ URL:http://www.ubuntulinux.org/support/documentation/usn/usn-169-1
+ BID:14614
+ URL:http://www.securityfocus.com/bid/14614
+ SECUNIA:16355
+ URL:http://secunia.com/advisories/16355/
+Description:
+ The driver for compressed ISO file systems (zisofs) in the Linux
+ kernel before 2.6.12.5 allows local users and remote attackers to
+ cause a denial of service (kernel crash) via a crafted compressed ISO
+ file system.
+upstream: released (2.6.12.5)
+2.6.8-sarge-security: released (2.6.8-16sarge2) [zisofs.diff]
+2.4.27-sid/sarge: pending [187_zisofs-2.diff]
+2.4.27-sarge-security: released (2.4.27-10sarge2) [187_zisofs-2.diff]
+linux-2.6: released (2.6.12-3) [linux-2.6.12.5.patch]
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-2458 (from rev 520, patch-tracking/CVE-2005-2458)
===================================================================
--- patch-tracking/CVE-2005-2458 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-2458 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,32 @@
+Candidate: CVE-2005-2458
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2458
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050805
+ Category: SF
+ MLIST:[bug-gnu-utils] 19990625 Re: bug in gzip: segfault when doing "gzip -t" on a broken file
+ URL:http://sources.redhat.com/ml/bug-gnu-utils/1999-06/msg00183.html
+ CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5
+ UBUNTU:USN-169-1
+ URL:http://www.ubuntulinux.org/support/documentation/usn/usn-169-1
+ SECUNIA:16355
+ URL:http://secunia.com/advisories/16355/
+Description:
+ inflate.c in the zlib routines in the Linux kernel before 2.6.12.5
+ allows remote attackers to cause a denial of service (kernel crash)
+ via a compressed file with "improper tables".
+upstream: released (2.6.12.5)
+linux-2.6: released (2.6.12-3) [linux-2.6.12.5.patch]
+2.6.8-sarge-security: released (2.6.8-16sarge1) [linux-zlib-fixes.dpatch]
+2.4.27-sid/sarge: released (2.4.27-11) [182_linux-zlib-fixes.diff]
+2.4.27-sarge-security: released (2.4.27-10sarge1) [182_linux-zlib-fixes.diff]
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-2459 (from rev 520, patch-tracking/CVE-2005-2459)
===================================================================
--- patch-tracking/CVE-2005-2459 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-2459 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,31 @@
+Candidate: CVE-2005-2459
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2459
+ MISC:http://bugs.gentoo.org/show_bug.cgi?id=94584
+ CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5
+ UBUNTU:USN-169-1
+ URL:http://www.ubuntulinux.org/support/documentation/usn/usn-169-1
+ SECUNIA:16355
+ URL:http://secunia.com/advisories/16355/
+Description:
+ The huft_build function in inflate.c in the zlib routines in the Linux
+ kernel before 2.6.12.5 returns the wrong value, which allows remote
+ attackers to cause a denial of service (kernel crash) via a certain
+ compressed file that leads to a null pointer dereference, a different
+ vulnerability than CVE-2005-2458.
+Notes:
+ This is a bogus fix that was applied in 2.6.12.5 and reverted in 2.6.12.6
+ http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.6
+ We included the broken fix in the sarge1 releases, so this backs it out.
+upstream: released (2.6.12.5)
+linux-2.6: released (2.6.12.3)
+2.6.8-sarge-security: released (2.6.8-16sarge1) [linux-zlib-fixes.dpatch]
+2.4.27-sid/sarge: released (2.4.27-11) [182_linux-zlib-fixes.diff]
+2.4.27-sarge-security: released (2.4.27-10sarge1) [182_linux-zlib-fixes.diff]
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-2490 (from rev 520, patch-tracking/CVE-2005-2490)
===================================================================
--- patch-tracking/CVE-2005-2490 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-2490 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,36 @@
+Candidate: CVE-2005-2490
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2490
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050808
+ Category: SF
+ MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166248
+ CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.13.1
+ UBUNTU:USN-178-1
+ URL:http://www.ubuntu.com/usn/usn-178-1
+ BID:14785
+ URL:http://www.securityfocus.com/bid/14785
+ SECUNIA:16747
+ URL:http://secunia.com/advisories/16747/
+ XF:kernel-sendmsg-bo(22217)
+ URL:http://xforce.iss.net/xforce/xfdb/22217
+Description:
+ Stack-based buffer overflow in the sendmsg function call in the Linux
+ kernel 2.6 before 2.6.13.1 allows local users execute arbitrary code
+ by calling sendmsg and modifying the message contents in another
+ thread.
+upstream: released (2.6.13.1), released (2.4.33-pre1)
+linux-2.6: released (2.6.12-7, 2.6.13-1) [sendmsg-stackoverflow.patch, linux-2.6.13.1.patch]
+2.6.8-sarge-security: released (2.6.8-16sarge2) [sendmsg-stackoverflow.dpatch]
+2.4.27-sid/sarge: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-2492 (from rev 520, patch-tracking/CVE-2005-2492)
===================================================================
--- patch-tracking/CVE-2005-2492 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-2492 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,35 @@
+Candidate: CVE-2005-2492
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2492
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050808
+ Category: SF
+ MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166830
+ CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.13.1
+ UBUNTU:USN-178-1
+ URL:http://www.ubuntu.com/usn/usn-178-1
+ BID:14787
+ URL:http://www.securityfocus.com/bid/14787
+ SECUNIA:16747
+ URL:http://secunia.com/advisories/16747/
+ XF:kernel-rawsendmsg-obtain-information(22218)
+ URL:http://xforce.iss.net/xforce/xfdb/22218
+Description:
+ The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1
+ allows local users to cause a denial of service (change hardware
+ state) or read from arbitrary memory via crafted input.
+upstream: released (2.6.13.1)
+linux-2.6: released (2.6.12-7, 2.6.13-1) [sendmsg-DoS.patch, linux-2.6.13.1.patch]
+2.6.8-sarge-security: N/A
+2.4.27-sid/sarge: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-2548 (from rev 520, patch-tracking/CVE-2005-2548)
===================================================================
--- patch-tracking/CVE-2005-2548 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-2548 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,27 @@
+Candidate: CVE-2005-2548
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2548
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050812
+ Category: SF
+ CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=309308
+Description:
+ vlan_dev.c in Linux kernel 2.6.8 allows remote attackers to cause a
+ denial of service (kernel oops from null dereference) via certain UDP
+ packets that lead to a function call with the wrong argument, as
+ demonstrated using snmpwalk on snmpd.
+upstream: released (2.4.29)
+2.6.8-sarge-security: released (2.6.8-16sarge1) [vlan-mii-ioctl.dpatch]
+2.4.27-sid/sarge: N/A
+2.4.27-sarge-security: N/A
+linux-2.6: N/A
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-2553 (from rev 520, patch-tracking/CVE-2005-2553)
===================================================================
--- patch-tracking/CVE-2005-2553 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-2553 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,24 @@
+Candidate: CVE-2005-2553
+References:
+ URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2553
+ CONFIRM:http://lkml.org/lkml/2005/1/5/245
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.4/cset@41dd3455GwQPufrGvBJjcUOXQa3WXA
+Description:
+ The find_target function in ptrace32.c in the Linux kernel 2.4.x
+ before 2.4.29 does not properly handle a NULL return value from
+ another function, which allows local users to cause a denial of
+ service (kernel crash/oops) by running a 32-bit ltrace program with
+ the -i option on a 64-bit executable program.
+Bugs:
+upstream: released (2.4.29)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sid/sarge: pending [184_arch-x86_64-ia32-ptrace32-oops.diff]
+2.4.27-sarge-security: released (2.4.27-10sarge1) [184_arch-x86_64-ia32-ptrace32-oops.diff]
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-2555 (from rev 520, patch-tracking/CVE-2005-2555)
===================================================================
--- patch-tracking/CVE-2005-2555 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-2555 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,21 @@
+Candidate: CVE-2005-2555
+References:
+ URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2555
+Description:
+ Linux kernel 2.6.x does not properly restrict socket policy access to users
+ with the CAP_NET_ADMIN capability, which could allow local users to conduct
+ unauthorized activities via (1) ipv4/ip_sockglue.c and
+ (2) ipv6/ipv6_sockglue.c.
+Notes:
+Bugs:
+upstream: released (2.6.13)
+linux-2.6: released (2.6.13-1)
+2.6.8-sarge-security: released (2.6.8-16sarge2)
+2.4.27-sarge-security: released (2.4.27-10sarge2)
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-2708 (from rev 520, patch-tracking/CVE-2005-2708)
===================================================================
--- patch-tracking/CVE-2005-2708 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-2708 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,24 @@
+Candidate: CVE-2005-2708
+References:
+ CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=161925
+Description:
+ The search_binary_handler function in exec.c in Linux kernel on 64-bit x86
+ architectures does not check a return code for a particular function call when
+ virtual memory is low, which allows local users to cause a denial of service
+ (panic), as demonstrated by running a process using the bash ulimit -v
+ command.
+Notes:
+ This bug only affects 2.4 and AMD64, a combination that does not exist in
+ Debian
+Bugs:
+upstream: released (2.4.33-pre1)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-2709 (from rev 520, patch-tracking/CVE-2005-2709)
===================================================================
--- patch-tracking/CVE-2005-2709 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-2709 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,30 @@
+Candidate: CVE-2005-2709
+References:
+ CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/chrisw/stable-queue.git;a=blob_plain;h=5dbbdc13a7bdbc132de44bc00e13079afaf033d0;f=2.6.14.1/cve-2005-2709-sysctl-unregistration-oops.patch
+Description:
+ From: Al Viro <viro at zeniv.linux.org.uk>
+ .
+ You could open the /proc/sys/net/ipv4/conf/<if>/<whatever> file, then
+ wait for interface to go away, try to grab as much memory as possible in
+ hope to hit the (kfreed) ctl_table. Then fill it with pointers to your
+ function. Then do read from file you've opened and if you are lucky,
+ you'll get it called as ->proc_handler() in kernel mode.
+Notes:
+ CVE is reserved, so we can't take the description from there yet
+ .
+ dannf> arch/s390/appldata/appldata_base.c doesn't exist in 2.4, so I dropped
+ dannf> that hunk in my backport
+ .
+ **THIS IS AN ABI CHANGE**
+Bug:
+upstream: released (2.6.14.1), released (2.4.33-pre1)
+linux-2.6: released (2.6.14-3)
+2.6.8-sarge-security: released (2.6.8-16sarge2) [sysctl-unregistration-oops.dpatch]
+2.4.27-sarge-security: released (2.4.27-10sarge2) [196_sysctl-unregistration-oops.patch]
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-2800 (from rev 520, patch-tracking/CVE-2005-2800)
===================================================================
--- patch-tracking/CVE-2005-2800 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-2800 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,24 @@
+Candidate: CVE-2005-2800
+References:
+ URL:http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2005-2800
+Description:
+ Memory leak in the seq_file implemenetation in the SCSI procfs interface
+ (sg.c) in Linux kernel 2.6.13 and earlier allows local users to cause a
+ denial of service (memory consumption) via certain repeated reads from the
+ /proc/scsi/sg/devices file, which is not properly handled when the next()
+ iterator returns NULL or an error.
+Notes:
+ dannf> seq_file is a 2.6ism, so marking 2.4 as N/A
+ dannf> There's a trivial test case - can it be reproduce this on 2.4?
+Bugs:
+upstream: released (2.6.12.6)
+linux-2.6: released (2.6.12-6)
+2.6.8-sarge-security: released (2.6.8-16sarge2)
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
Copied: patch-tracking/retired/CVE-2005-2801 (from rev 520, patch-tracking/CVE-2005-2801)
===================================================================
--- patch-tracking/CVE-2005-2801 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-2801 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,26 @@
+Candidate: CVE-2005-2801
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2801
+ MLIST:[Acl-Devel] 20050205 [FIX] Long-standing xattr sharing bug
+ URL:http://acl.bestbits.at/pipermail/acl-devel/2005-February/001848.html
+ MLIST:[debian-kernel] 20050809 Re: ACL patches in Debian 2.4 series kernel.
+ URL:http://lists.debian.org/debian-kernel/2005/08/msg00238.html
+ SUSE:SUSE-SA:2005:018
+ URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html
+Description:
+ xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6
+ does not properly compare the name_index fields when sharing xattr
+ blocks, which could prevent default ACLs from being applied.
+Bugs: 332381
+upstream: released (2.6.11)
+2.6.8-sarge-security: released (2.6.8-16sarge1) [fs_ext2_ext3_xattr-sharing.dpatch]
+2.4.27-sarge-security: released (2.4.27-10sarge1) [178_fs_ext2_ext3_xattr-sharing.diff]
+2.4.27-sid: released (2.4.27-12) [178_fs_ext2_ext3_xattr-sharing.diff]
+linux-2.6: N/A
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-2872 (from rev 520, patch-tracking/CVE-2005-2872)
===================================================================
--- patch-tracking/CVE-2005-2872 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-2872 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,31 @@
+Candidate: CVE-2005-2872
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2872
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050909
+ Category: SF
+ Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322237
+ Reference:
+ CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/chrisw/lsm-2.6.git;a=commit;h=bcfff0b471a60df350338bcd727fc9b8a6aa54b2
+Description:
+ The ipt_recent kernel module (ipt_recent.c) in Linux kernel before
+ 2.6.12, when running on 64-bit processors such as AMD64, allows remote
+ attackers to cause a denial of service (kernel panic) via certain
+ attacks such as SSH brute force, which leads to memset calls using a
+ length based on the u_int32_t type, acting on an array of unsigned
+ long elements, a different vulnerability than CVE-2005-2873.
+upstream: released (2.6.12)
+2.6.8-sarge-security: released (2.6.8-16sarge1) [net-ipv4-netfilter-ip_recent-last_pkts.dpatch]
+2.4.27-sid/sarge: released (2.4.27-12) [179_net-ipv4-netfilter-ip_recent-last_pkts.diff]
+2.4.27-sarge-security: released (2.4.27-10sarge1) [179_net-ipv4-netfilter-ip_recent-last_pkts.diff]
+linux-2.6: N/A
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-2973 (from rev 520, patch-tracking/CVE-2005-2973)
===================================================================
--- patch-tracking/CVE-2005-2973 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-2973 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,21 @@
+Candidate: CVE-2005-2973
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2973
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@4342df67SNhRx_3FGhUrrU-FXLlQIA
+Description:
+ Fix infinite loop in udp_v6_get_port().
+Bugs:
+Notes:
+ submitted for inclusion in 2.4.32-rc2
+upstream: released (2.6.14-rc4)
+2.6.8-sarge-security: released (2.6.8-16sarge2) [net-ipv6-udp_v6_get_port-loop.patch]
+2.4.27-sarge-security: released (2.4.27-10sarge2) [195_net-ipv6-udp_v6_get_port-loop.diff]
+2.4.27-sarge/sid: pending (2.4.27-12)
+linux-2.6: released (2.6.13+2.6.14-rc4-0experimental.1)
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-3053 (from rev 520, patch-tracking/CVE-2005-3053)
===================================================================
--- patch-tracking/CVE-2005-3053 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-3053 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,28 @@
+Candidate: CVE-2005-3053
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3053
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050926
+ Category: SF
+ Reference: CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@42eef8b09C5r6iI0LuMe5Uy3k05c5g
+Description:
+ The sys_set_mempolicy function in mempolicy.c in Linux kernel 2.6.x
+ allows local users to cause a denial of service (kernel BUG()) via a
+ negative first argument.
+Notes:
+ horms> http://lkml.org/lkml/2005/9/30/218
+upstream: released (2.6.12.5)
+linux-2.6: released (2.6.12-3)
+2.6.8-sarge-security: released (2.6.8-16sarge2) [mempolicy-check-mode.dpatch]
+2.4.27-sid/sarge: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-3055 (from rev 520, patch-tracking/CVE-2005-3055)
===================================================================
--- patch-tracking/CVE-2005-3055 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-3055 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,33 @@
+Candidate: CVE-2005-3055
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3055
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050926
+ Category: SF
+ MLIST:[linux-kernel] 20050925 [BUG/PATCH/RFC] Oops while completing async USB via usbdevio
+ URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=112766129313883
+Description:
+ Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial
+ of service (kernel OOPS) via a userspace process that issues a USB
+ Request Block (URB) to a USB device and terminates before the URB is
+ finished, which leads to a stale pointer reference.
+Notes:
+ horms> http://lkml.org/lkml/mbox/2005/10/11/90
+ horms> http://lkml.org/lkml/2005/10/11/90
+ horms> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330287;msg=21
+Bugs: 330287, 332587
+upstream: released (2.6.14-rc4)
+linux-2.6: released (2.6.14-1)
+2.6.8-sarge-security: released (2.6.8-16sarge2)
+2.4.27-sid/sarge: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-3106 (from rev 520, patch-tracking/CVE-2005-3106)
===================================================================
--- patch-tracking/CVE-2005-3106 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-3106 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,33 @@
+Candidate: CVE-2005-3106
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3106
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050930
+ Category: SF
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/diffs/fs/exec.c@1.156?nav=index.html|src/|src/fs|hist/fs/exec.c
+Description:
+ Race condition in Linux 2.6, when threads are sharing memory mapping
+ via CLONE_VM (such as linuxthreads and vfork), might allow local users
+ to cause a denial of service (deadlock) by triggering a core dump
+ while waiting for a thread that has just performed an exec.
+ .
+ Extra information from Moritz Muehlenhof:
+ CVE-2005-3106:
+ DoS through race condition in processes that share a memory mapping through
+ CLONE_VM
+ http://linux.bkbits.net:8080/linux-2.6/diffs/fs/exec.c@1.156?nav=index.html|src/|src/fs|hist/fs/exec.c
+upstream: released (2.6.11)
+2.6.8-sarge-security: released (2.6.8-16sarge1) [fs-exec-ptrace-core-exec-race.dpatch]
+2.4.27-sid/sarge: N/A
+2.4.27-sarge-security: N/A
+linux-2.6: N/A
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-3107 (from rev 520, patch-tracking/CVE-2005-3107)
===================================================================
--- patch-tracking/CVE-2005-3107 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-3107 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,33 @@
+Candidate: CVE-2005-3107
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3107
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050930
+ Category: SF
+ CONFIRM:http://www.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.11-rc1/2.6.11-rc1-mm1/broken-out/fix-coredump_wait-deadlock-with-ptracer-tracee-on-shared-mm.patch
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/diffs/fs/exec.c@1.155?nav=index.html|src/|src/fs|hist/fs/exec.c
+Description:
+ fs/exec.c in Linux 2.6, when one thread is tracing another thread that
+ shares the same memory map, might allow local users to cause a denial
+ of service (deadlock) by forcing a core dump when the traced thread is
+ in the TASK_TRACED state.
+ .
+ Extra information from Moritz Muehlenhof:
+ Local DoS through threads tracing each other by forcing a core dump, while the traced
+ thread is in TASK_TRACED state.
+ http://www.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.11-rc1/2.6.11-rc1-mm1/broken-out/fix-coredump_wait-deadlock-with-ptracer-tracee-on-shared-mm.patch
+upstream: released (2.6.11)
+2.6.8-sarge-security: released (2.6.8-16sarge1) [fs-exec-ptrace-deadlock.dpatch]
+2.4.27-sid/sarge: N/A
+2.4.27-sarge-security: N/A
+linux-2.6: N/A
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-3108 (from rev 520, patch-tracking/CVE-2005-3108)
===================================================================
--- patch-tracking/CVE-2005-3108 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-3108 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,31 @@
+Candidate: CVE-2005-3108
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3108
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050930
+ Category: SF
+ CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=93ef70a217637ade3f335303a112b22a134a1ec2
+Description:
+ mm/ioremap.c in Linux 2.6 on 64-bit x86 systems allows local users to
+ cause a denial of service or an information leak via an iremap on a
+ certain memory map that causes the iounmap to perform a lookup of a
+ page that does not exist.
+Notes:
+ Extra information from Moritz Muehlenhof:
+ DoS and potential information leak in ioremap (seemingly specific to amd64)
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=93ef70a217637ade3f335303a112b22a134a1ec2
+upstream: released (2.6.11.12)
+2.6.8-sarge-security: released (2.6.8-16sarge1) [arch-x86_64-mm-ioremap-page-lookup.dpatch]
+2.4.27-sid/sarge: N/A
+2.4.27-sarge-security: N/A
+linux-2.6: N/A
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-3109 (from rev 520, patch-tracking/CVE-2005-3109)
===================================================================
--- patch-tracking/CVE-2005-3109 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-3109 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,32 @@
+Candidate: CVE-2005-3109
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3109
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050930
+ Category: SF
+ CONFIRM:http://www.kernel.org/git/gitweb.cgi?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=945b092011c6af71a0107be96e119c8c08776f3f
+Description:
+ The HFS and HFS+ (hfsplus) modules in Linux 2.6 allows attackers to
+ cause a denial of service (oops) by using hfsplus to mount a
+ filesystem that is not hfsplus.
+Notes:
+ Extra information from Moritz Muehlenhof:
+ Local DoS through oops by mounting a non-HFS+ filesystem as HFS+.
+ Asking upstream about 2.4: http://lkml.org/lkml/2005/10/7/3/index.html
+ dannf> Looks like, from the above thread, that 2.4 is not affected; marking
+ as such.
+upstream: released (2.6.11.12)
+2.6.8-sarge-security: released (2.6.8-16sarge1) [fs-hfs-oops-and-leak.dpatch]
+2.4.27-sid/sarge: N/A
+2.4.27-sarge-security: N/A
+linux-2.6: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
Copied: patch-tracking/retired/CVE-2005-3110 (from rev 520, patch-tracking/CVE-2005-3110)
===================================================================
--- patch-tracking/CVE-2005-3110 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-3110 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,32 @@
+Candidate: CVE-2005-3110
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3110
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050930
+ Category: SF
+ Reference: CONFIRM:http://sourceforge.net/mailarchive/forum.php?thread_id=6800453&forum_id=8572
+Description:
+ Race condition in ebtables netfilter module (ebtables.c) in Linux 2.6,
+ when running on an SMP system that is operating under a heavy load,
+ might allow remote attackers to cause a denial of service (crash) via
+ a series of packets that cause a value to be modified after it has
+ been read but before it has been locked.
+Notes:
+ Extra information from Moritz Muehlenhof:
+ DoS on SMP, potentially 2.4 and 2.6
+ http://sourceforge.net/mailarchive/forum.php?thread_id=6800453&forum_id=8572
+upstream: released (2.6.11.11)
+2.6.8-sarge-security: released (2.6.8-16sarge1) [net-bridge-netfilter-etables-smp-race.dpatch]
+2.4.27-sid/sarge: N/A
+2.4.27-sarge-security: N/A
+linux-2.6: N/A
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-3119 (from rev 520, patch-tracking/CVE-2005-3119)
===================================================================
--- patch-tracking/CVE-2005-3119 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-3119 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,30 @@
+Candidate: CVE-2005-3119
+References:
+ URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3119
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@43483fddCiQX1WyG_orbko06TrjMVA
+ REDHAT:RHSA-2005:808
+ URL:http://www.redhat.com/support/errata/RHSA-2005-808.html
+ SECUNIA:17364
+ URL:http://secunia.com/advisories/17364
+Description:
+ Memory leak in the request_key_auth_destroy function in request_key_auth in Linux
+ kernel 2.6.13 and earlier allows local users to cause a denial of service (memory
+ consumption) via a large number of authorization token keys.
+Notes:
+ Plug request_key_auth memleak. This can be triggered by unprivileged
+ users, so is local DoS.
+ http://www.ussg.iu.edu/hypermail/linux/kernel/0510.0/1860.html
+ .
+ dannf> This file doesn't exist in 2.6.8, so sarge isn't vulnerable
+upstream: released (2.6.13.4, 2.6.14)
+linux-2.6: released (2.6.13+2.6.14-rc4-0experimental.1)
+2.6.8-sarge-security: N/A
+2.4.27-sid/sarge: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-3179 (from rev 520, patch-tracking/CVE-2005-3179)
===================================================================
--- patch-tracking/CVE-2005-3179 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-3179 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,27 @@
+Candidate: CVE-2005-3179
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3179
+ Reference: CONFIRM:http://www.kernel.org/hg/linux-2.6/?cmd=changeset;node=d7067d7d1f92cba14963a430cfbd53098cbbc8fd
+ Reference: CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=107893
+Description:
+ drm.c in Linux kernel 2.6.13 and earlier creates a debug file in sysfs
+ with world-readable and world-writable permissions, which allows local
+ users to enable DRM debugging and obtain sensitive information.
+Notes:
+ (from Horms)
+ > > From: Dave Jones <davej at redhat.com>
+ > >
+ > > Please consider for next 2.6.13, it is a minor security issue allowing
+ > > users to turn on drm debugging when they shouldn't...
+upstream: released (2.6.13.4)
+linux-2.6: released (2.6.13+2.6.14-rc4-0experimental.1)
+2.6.8-sarge-security: N/A
+2.4.27-sid/sarge: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-3180 (from rev 520, patch-tracking/CVE-2005-3180)
===================================================================
--- patch-tracking/CVE-2005-3180 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-3180 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,31 @@
+Candidate: CVE-2005-3180
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3180
+ CONFIRM:http://www.kernel.org/hg/linux-2.6/?cmd=changeset;node=feecb2ffde28639e60ede769c6f817dc536c677b
+Description:
+ The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does
+ not properly clear memory from a previously used packet whose length
+ is increased, which allows remote attackers to obtain sensitive
+ information.
+Notes:
+ > > From: Pavel Roskin <proski at gnu.org>
+ > >
+ > > The orinoco driver can send uninitialized data exposing random pieces of
+ > > the system memory. This happens because data is not padded with zeroes
+ > > when its length needs to be increased.
+ horms> a better fix for this is
+ horms> http://mirror.local.valinux.co.jp/linux/kernel/v2.6/ChangeLog-2.6.15
+ horms> 192_orinoco-info-leak.diff is missing the ALIGN macro which is not
+ horms> defined elsewhere in 2.4.
+ horms> is added by 192_orinoco-info-leak-2.diff
+upstream: released (2.6.13.4), released (2.4.33-pre2)
+linux-2.6: released (2.6.13+2.6.14-rc4-0experimental.1)
+2.6.8-sarge-security: released (2.6.8-16sarge2) [orinoco-info-leak.dpatch]
+2.4.27-sarge-security: released (2.4.27-10sarge2) [192_orinoco-info-leak.diff, 192_orinoco-info-leak-2.diff]
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-3181 (from rev 520, patch-tracking/CVE-2005-3181)
===================================================================
--- patch-tracking/CVE-2005-3181 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-3181 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,24 @@
+Candidate: CVE-2005-3181
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2005-3181
+ CONFIRM: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=829841146878e082613a49581ae252c071057c23
+Description:
+ Linux kernel before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, uses an
+ incorrect function to free names_cache memory, which prevents the memory
+ from being tracked by AUDITSYSCALL code and leads to a memory leak that
+ allows attackers to cause a denial of service (memory consumption).
+Notes:
+ 2.4 isn't vulnerable because AUDITSYSCALL doesn't exist in 2.4
+Bugs:
+upstream: released (2.6.13.4)
+2.6.8-sarge-security: released (2.6.8-16sarge2)
+2.4.27-sarge-security: N/A
+2.4.27-sarge/sid: N/A
+linux-2.6: released (2.6.13+2.6.14-rc4-0experimental.1)
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-3257 (from rev 520, patch-tracking/CVE-2005-3257)
===================================================================
--- patch-tracking/CVE-2005-3257 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-3257 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,25 @@
+Candidate: CVE-2005-3257
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2005-3257
+ CONFIRM: http://article.gmane.org/gmane.linux.debian.devel.bugs.general/8533
+Description:
+ The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12 allows local
+ users to use the KDSKBSENT ioctl on terminals of other users and gain
+ privileges, as demonstrated by modifying key bindings using loadkeys.
+Bugs: 334113
+Notes:
+ The first patch is the bit that adds the capability check; the second
+ one makes it less anal (only apply to writes).
+ jmm> The patch targeted to 2.6.14.4 is slightly different, needs to be
+ jmm> sorted out.
+upstream: released (2.4.32-rc3), released (2.6.15-rc1), released (2.6.14.4)
+2.6.8-sarge-security: released (2.6.8-16sarge2) [setkeys-needs-root-1.dpatch, setkeys-needs-root-2.dpatch]
+2.4.27-sarge-security: released (2.4.27-10sarge2) [197_setkeys-needs-root-1.diff, 197_setkeys-needs-root-2.diff]
+linux-2.6: released (2.6.14-6)
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-3271 (from rev 520, patch-tracking/CVE-2005-3271)
===================================================================
--- patch-tracking/CVE-2005-3271 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-3271 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,24 @@
+Candidate: CVE-2005-3271
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3271
+ MLIST:[linux-kernel] 20040911 [PATCH] exec: fix posix-timers leak and pending signal loss
+ URL:http://www.ussg.iu.edu/hypermail/linux/kernel/0409.1/1107.html
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@414b332fsZQvEUsfzKJIo-q2_ZH0hg
+Description:
+ Exec in Linux kernel 2.6 does not properly clear posix-timers in
+ multi-threaded environments, which results in a resource leak and
+ could allow a large number of multiple local users to cause a denial
+ of service by using more posix-timers than specified by the quota for
+ a single user.
+Bugs:
+upstream: released (2.6.9)
+2.6.8-sarge-security: released (2.6.8-16sarge1) [fs-exec-posix-timers-leak-1.dpatch]
+2.4.27-sarge-security: N/A
+linux-2.6: N/A
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-3272 (from rev 520, patch-tracking/CVE-2005-3272)
===================================================================
--- patch-tracking/CVE-2005-3272 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-3272 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,20 @@
+Candidate: CVE-2005-3272
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3272
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@1.3097.18.19?nav=index.html|src/|src/net|src/net/bridge|related/net/bridge/br_input.c
+Description:
+ Linux kernel before 2.6.12 allows remote attackers to poison the
+ bridge forwarding table using frames that have already been dropped by
+ filtering, which can cause the bridge to forward spoofed packets.
+Bugs:
+upstream: released (2.6.12)
+2.6.8-sarge-security: released (2.6.8-16sarge1) [net-bridge-forwarding-poison-1.dpatch, net-bridge-mangle-oops-1.dpatch, net-bridge-mangle-oops-2.dpatch]
+2.4.27-sarge-security: N/A
+linux-2.6: released (2.6.12-1)
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-3273 (from rev 520, patch-tracking/CVE-2005-3273)
===================================================================
--- patch-tracking/CVE-2005-3273 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-3273 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,22 @@
+Candidate: CVE-2005-3273
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3273
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/diffs/net/rose/rose_route.c@1.16?nav=index.html|src/|src/net|src/net/rose|related/net/rose/rose_route.c|cset@1.2009.1.46
+ CONFIRM:http://lkml.org/lkml/2005/5/23/169
+Description:
+ The rose_rt_ioctl function in rose_route.c for ROSE in Linux 2.6
+ kernels prior to 2.6.12 does not properly verify the ndigis argument
+ for a new route, which allows attackers to trigger array out-of-bounds
+ errors with a large number of digipeats.
+Bugs:
+upstream: released (2.6.12)
+2.6.8-sarge-security: released (2.6.8-16sarge1) [net-rose-ndigis-verify.dpatch]
+2.4.27-sarge-security: N/A
+linux-2.6: released (2.6.12-1)
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-3274 (from rev 520, patch-tracking/CVE-2005-3274)
===================================================================
--- patch-tracking/CVE-2005-3274 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-3274 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,24 @@
+Candidate: CVE-2005-3274
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3274
+ CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=e684f066dff5628bb61ad1912de6e8058b5b4c7d
+ CONFIRM:http://lkml.org/lkml/2005/6/23/249
+ CONFIRM:http://lkml.org/lkml/2005/6/24/173
+Description:
+ Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4
+ before 2.4.32-pre2, when running on SMP systems, allows local users to
+ cause a denial of service (null dereference) by causing a connection
+ timer to expire while the connection table is being flushed before the
+ appropriate lock is acquired.
+Bugs:
+upstream: released (2.6.13, 2.4.32-pre2)
+linux-2.6: released (2.6.13-1)
+2.6.8-sarge-security: released (2.6.8-16sarge1) [net-ipv4-ipvs-conn_tab-race.dpatch]
+2.4.27-sarge-security: released (2.4.27-10sarge1)
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-3275 (from rev 520, patch-tracking/CVE-2005-3275)
===================================================================
--- patch-tracking/CVE-2005-3275 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-3275 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,23 @@
+Candidate: CVE-2005-3275
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3275
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@1.3596.79.34?nav=index.html|src/|src/net|src/net/ipv4|src/net/ipv4/netfilter|related/net/ipv4/netfilter/ip_nat_proto_udp.c
+Description:
+ The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c in
+ Linux kernel 2.6 before 2.6.13 and 2.4 before 2.4.32-rc1 incorrectly
+ declares a variable to be static, which allows remote attackers to
+ cause a denial of service (memory corruption) by causing two packets
+ for the same protocol to be NATed at the same time, which leads to
+ memory corruption.
+Bugs:
+upstream: released (2.6.12.3)
+2.6.8-sarge-security: released (2.6.8-16sarge1) [netfilter-NAT-memory-corruption.dpatch]
+2.4.27-sarge-security: released (2.4.27-10sarge1) [174_net-ipv4-netfilter-nat-mem.diff]
+linux-2.6: released (2.6.12-1)
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-3276 (from rev 520, patch-tracking/CVE-2005-3276)
===================================================================
--- patch-tracking/CVE-2005-3276 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-3276 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,21 @@
+Candidate: CVE-2005-3276
+References:
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@1.3700.4.106?nav=index.html|src/|src/arch|src/arch/i386|src/arch/i386/kernel|related/arch/i386/kernel/process.c
+ CONFIRM: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=71ae18ec690953e9ba7107c7cc44589c2cc0d9f1
+ URL:http://lkml.org/lkml/2005/8/3/36
+Description:
+ The sys_get_thread_area function in Linux 2.6 kernels prior to 2.6.12.4 and
+ 2.6.13 does not entirely clear a user_desc structure before copying it
+ to userspace, resulting in a small information leak.
+Bugs:
+upstream: released (2.6.12.4)
+linux-2.6: released (2.6.12-2)
+2.6.8-sarge-security: released (2.6.8-16sarge1) [sys_get_thread_area-leak.dpatch]
+2.4.27-sarge-security: N/A
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-3356 (from rev 520, patch-tracking/CVE-2005-3356)
===================================================================
--- patch-tracking/CVE-2005-3356 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-3356 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,34 @@
+Candidate: CVE-2005-3356
+References:
+ http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff_plain;h=7c7dce9209161eb260cdf9e9172f72c3a02379e6h+p=12dbf3fc4d06d2c0c4c44dc0612df04248b3cfd3
+Description:
+ [PATCH] Fix double decrement of mqueue_mnt->mnt_count in sys_mq_open
+ .
+ Fixed the refcounting on failure exits in sys_mq_open() and
+ cleaned the logics up. Rules are actually pretty simple - dentry_open()
+ expects vfsmount and dentry to be pinned down and it either transfers
+ them into created struct file or drops them. Old code had been very
+ confused in that area - if dentry_open() had failed either in do_open()
+ or do_create(), we ended up dentry and mqueue_mnt dropped twice, once
+ by dentry_open() cleanup and then by sys_mq_open().
+ .
+ Fix consists of making the rules for do_create() and do_open()
+ same as for dentry_open() and updating the sys_mq_open() accordingly;
+ that actually leads to more straightforward code and less work on
+ normal path.
+ .
+ Signed-off-by: Al Viro <aviro at redhat.com>
+ Signed-off-by: Linus Torvalds <torvalds at osdl.org>
+Notes:
+ jmm> Discovered by Doug Chapman
+Bugs:
+upstream: released (2.6.15.2)
+linux-2.6: released (2.6.15-4)
+2.6.8-sarge-security: released (2.6.8-16sarge2)
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2005-3358 (from rev 520, patch-tracking/CVE-2005-3358)
===================================================================
--- patch-tracking/CVE-2005-3358 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-3358 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,22 @@
+Candidate: CVE-2005-3358
+References:
+ https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175683
+Description:
+ Linux kernel 2.6.x, possibly before 2.6.11, allows local users to
+ cause a denial of service (panic) via a set_mempolicy call with a
+ 0 bitmask, which causes a panic when a page fault occurs.
+Notes:
+ jmm> This was initially believed to be fixed as of 2.6.11, but this
+ jmm> turned out to be wrong.
+Bugs:
+upstream: released (2.6.15)
+linux-2.6: released (2.6.15-1)
+2.6.8-sarge-security: released (2.6.8-16sarge2) [mempolicy-undefined-nodes.dpatch]
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
Copied: patch-tracking/retired/CVE-2005-3359 (from rev 520, patch-tracking/CVE-2005-3359)
===================================================================
--- patch-tracking/CVE-2005-3359 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-3359 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,35 @@
+Candidate: CVE-2005-3359
+References:
+ http://linux.bkbits.net:8080/linux-2.6/cset@4339c66aLroC1_zunYKhEIbtIWrnwg
+ https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175769
+ http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=a79af59efd20990473d579b1d8d70bb120f0920c
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@4339c66aLroC1_zunYKhEIbtIWrnwg
+ CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175769
+ UBUNTU:USN-263-1
+ URL:http://www.ubuntulinux.org/support/documentation/usn/usn-263-1
+ BID:17078
+ URL:http://www.securityfocus.com/bid/17078
+ SECUNIA:19220
+ URL:http://secunia.com/advisories/19220
+Description:
+ The atm module in Linux kernel 2.6 before 2.6.14 allows local users to cause a
+ denial of service (panic) via certain socket calls that produce inconsistent
+ reference counts for loadable protocol modules.
+Notes:
+ dannf> Easily reproduced on 2.6.8, not reproducible on 2.4.27, so marking
+ dannf> 2.4 N/A
+ .
+ dannf> Note that atm is marked experimental in 2.6.8, and is not built
+ dannf> as a module on i386, amd64 or ia64 - but of course users could
+ dannf> build their own kernels, and this isn't atm specific
+Bugs:
+upstream: released (2.6.14)
+linux-2.6: released (2.6.14-1)
+2.6.8-sarge-security: released (2.6.8-16sarge3)
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2005-3623 (from rev 520, patch-tracking/CVE-2005-3623)
===================================================================
--- patch-tracking/CVE-2005-3623 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-3623 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,21 @@
+Candidate: CVE-2005-3623
+References:
+ http://permalink.gmane.org/gmane.linux.kernel/360868
+Description:
+ We must check for MAY_SATTR before setting acls, which includes
+ checking for read-only exports: the lower-level setxattr operation
+ that eventually sets the acl cannot check export-level restrictions.
+Notes:
+ jmm> NFS ACLs were only introduced somewhere between 2.6.12-2.6.14, so
+ jmm> Sarge and Woody are not vulnerable
+Bugs:
+upstream: released (2.6.14.5), released (2.6.15-pre7)
+linux-2.6: released (2.6.14-7)
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2005-3783 (from rev 520, patch-tracking/CVE-2005-3783)
===================================================================
--- patch-tracking/CVE-2005-3783 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-3783 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,22 @@
+Candidate: CVE-2005-3783
+References:
+ http://www.kernel.org/git/?p=linux/kernel/git/gregkh/linux-2.6.14.y.git;a=commit;h=082d52c56f642d21b771a13221068d40915a1409
+ http://www.kernel.org/git/?p=linux/kernel/git/gregkh/linux-2.6.14.y.git;a=blobdiff;h=fcfc4568b45f3f190ba320b0d5853836921cb8bc;hp=019e04ec065a55d8f28157d3a1f7ba06cafd347f;hb=082d52c56f642d21b771a13221068d40915a1409;f=kernel/ptrace.c
+Description:
+ The ptrace functionality (ptrace.c) in Linux kernel 2.6 before 2.6.14.2,
+ using CLONE_THREAD, does not use the thread group ID to check whether it
+ is attaching to itself, which allows local users to cause a denial of
+ service (crash).
+Notes:
+Bugs:
+upstream: released (2.4.33-pre1, 2.6.14.2)
+linux-2.6: released (2.6.14-3)
+2.6.8-sarge-security: released (2.6.8-16sarge2) [ptrace-fix_self-attach_rule.dpatch]
+2.4.27-sarge-security: released (2.4.27-10sarge2) [201_ptrace-fix_self-attach_rule.diff]
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-3784 (from rev 523, patch-tracking/CVE-2005-3784)
===================================================================
--- patch-tracking/CVE-2005-3784 2006-08-14 01:45:21 UTC (rev 523)
+++ patch-tracking/retired/CVE-2005-3784 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,21 @@
+Candidate: CVE-2005-3784
+References:
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7ed0175a462c4c30f6df6fac1cccac058f997739
+Description:
+ The auto-reap of child processes in Linux kernel 2.6 before 2.6.15 includes processes
+ with ptrace attached,which leads to a dangling ptrace reference and allows local users
+ to cause a denial of service (crash).
+Notes:
+ jmm,horms> 2.4 code seems very different and not vulnerable
+Bugs:
+upstream: released (2.6.15)
+linux-2.6: released (2.6.15-1)
+2.6.8-sarge-security: released (2.6.8-16sarge2) [kernel-dont-reap-traced.dpatch]
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
Copied: patch-tracking/retired/CVE-2005-3805 (from rev 520, patch-tracking/CVE-2005-3805)
===================================================================
--- patch-tracking/CVE-2005-3805 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-3805 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,22 @@
+Candidate: CVE-2005-3805
+References:
+ http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=25f407f0b668f5e4ebd5d13e1fb4306ba6427ead
+Description:
+ A locking problem in POSIX timer cleanup handling on exit in Linux kernel
+ 2.6.10 to 2.6.14, when running on SMP systems, allows local users to cause
+ a denial of service (deadlock) involving process CPU timers.
+Notes:
+ The referenced patch was actually added in 2.6.14, so I think the vulnerable
+ versions listed in the description are wrong.
+Bugs:
+upstream: released (2.6.14)
+linux-2.6: released (2.6.14-1)
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
Copied: patch-tracking/retired/CVE-2005-3806 (from rev 520, patch-tracking/CVE-2005-3806)
===================================================================
--- patch-tracking/CVE-2005-3806 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-3806 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,23 @@
+Candidate: CVE-2005-3806
+References:
+ http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4ea6a8046bb49d43c950898f0cb4e1994ef6c89d
+ http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blobdiff;h=bbbe80cdaf72a75a463aff9551e60b31e2f69061;hp=f841bde30c18493a94fd5d522b84724a8eb82a4a;hb=4ea6a8046bb49d43c950898f0cb4e1994ef6c89d;f=net/ipv6/ip6_flowlabel.c
+Description:
+ The IPv6 flowlabel handling code (ip6_flowlabel.c) in Linux kernels
+ 2.4 up to 2.4.32 and 2.6 before 2.6.14 modifies the wrong variable in
+ certain circumstances, which allows local users to corrupt kernel memory
+ or cause a denial of service (crash) by triggering a free of non-allocated
+ memory.
+Notes:
+Bugs:
+upstream: released (2.6.14)
+linux-2.6: released (2.6.14-1)
+2.6.8-sarge-security: released (2.6.8-16sarge2) [net-ipv6-flowlabel-refcnt.dpatch]
+2.4.27-sarge-security: released (2.4.27-10sarge2) [net-ipv6-flowlabel-refcnt.dpatch]
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-3807 (from rev 520, patch-tracking/CVE-2005-3807)
===================================================================
--- patch-tracking/CVE-2005-3807 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-3807 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,24 @@
+Candidate: CVE-2005-3807
+References:
+ CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=dc15ae14e97ee9d5ed740cbb0b94996076d8b37e
+Description:
+ [PATCH] VFS: Fix memory leak with file leases
+ .
+ Memory leak in the VFS file lease handling in locks.c in Linux kernels
+ 2.6.10 to 2.6.15 allows local users to cause a denial of service
+ (memory exhaustion) via certain Samba activities that cause an fasync
+ entry to be re-allocated by the fcntl_setlease function after the
+ fasync queue has already
+Notes:
+Bugs:
+upstream: released (2.6.14.3)
+linux-2.6: released (2.6.14-4)
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-3808 (from rev 520, patch-tracking/CVE-2005-3808)
===================================================================
--- patch-tracking/CVE-2005-3808 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-3808 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,19 @@
+Candidate: CVE-2005-3808
+References: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=479ef592f3664dd629417098c8599261c0f689ab
+Description:
+ Fix a 32 bit integer overflow in invalidate_inode_pages2_range. Local DoS
+Notes:
+ horms> I don't see any evidence of this on 2.6.8 or 2.4.27
+ I didn't check the woody kernels, but it seems very unlikely it is there
+Bugs:
+upstream: released (2.6.14.4)
+linux-2.6: released (2.6.14-4)
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-3809 (from rev 520, patch-tracking/CVE-2005-3809)
===================================================================
--- patch-tracking/CVE-2005-3809 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-3809 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,16 @@
+Candidate: CVE-2005-3809
+References: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=51df784ed739246a3774b300e5f536e17bec36ed
+Description:
+Notes:
+Bugs:
+upstream: released (2.6.15-rc1, 2.6.14.3)
+linux-2.6: pending (2.6.14-4)
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-3810 (from rev 524, patch-tracking/CVE-2005-3810)
===================================================================
--- patch-tracking/CVE-2005-3810 2006-08-14 01:47:14 UTC (rev 524)
+++ patch-tracking/retired/CVE-2005-3810 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,20 @@
+Candidate: CVE-2005-3810
+References: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=439a9994bb6ae3c7cab1f0b776bca6bc7aa58a11
+Description:
+ [NETFILTER] ctnetlink: Fix oops when no ICMP ID info in message
+ .
+ This patch fixes an userspace triggered oops. If there is no ICMP_ID
+ info the reference to attr will be NULL.
+Notes:
+Bugs:
+upstream: released (2.6.15-rc1, 2.6.14.3)
+linux-2.6: released (2.6.14-4)
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-3847 (from rev 520, patch-tracking/CVE-2005-3847)
===================================================================
--- patch-tracking/CVE-2005-3847 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-3847 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,30 @@
+Candidate: CVE-2005-3847
+References:
+ CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=dd12f48d4e8774415b528d3991ae47c28f26e1ac;hp=ade6648b3b11a5d81f6f28135193ab6d85d621db
+ MISC:http://groups.google.com/group/linux.kernel/browse_thread/thread/74683bcc8dbf0df3/bf540370894d3de0%23bf540370894d3de0?sa=X&oi=groupsr&start=0&num=3
+ MISC:http://svn.debian.org/wsvn/kernel/dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/nptl-signal-delivery-deadlock-fix.dpatch?op=file&rev=4458&sc=0
+Description:
+ Bhavesh P. Davda reported a race condition that exists in Linux 2.6 kernels prior to
+ 2.6.13 and 2.6.12.6. A deadlock can occur when a SIGKILL signal is sent to a real-time
+ threaded process that is dumping core, which can be used by a local user to initiate
+ a denial of service attack.
+Notes:
+ handle_stop_signal() in 2.4 looks significantly different, and since this bug
+ is associated with NPTL, I don't think we need to worry about in 2.4.
+ CVE description is actually as follows:
+ signal.c in Linux kernel before 2.6.13 and 2.6.12.6 and earlier allows
+ local users to cause a denial of service (deadlock) by sending a
+ SIGKILL to a real-time threaded process while it is performing a core
+ dump.
+Bug:
+upstream: released (2.6.12.6, 2.6.13)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-16sarge2) [nptl-signal-delivery-deadlock-fix.dpatch]
+2.4.27-sarge-security: N/A
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-3848 (from rev 520, patch-tracking/CVE-2005-3848)
===================================================================
--- patch-tracking/CVE-2005-3848 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-3848 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,32 @@
+Candidate: CVE-2005-3848
+References:
+ CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cb94c62c252796f42bb83fe40960d12f3ea5a82a
+ MISC:http://lkml.org/lkml/2005/8/26/173
+Description:
+ Ollie Wild discovered a leak in the icmp_push_reply() function in Linux 2.6,
+ in which an ignored error returned by ip_append_data() would result in the
+ route and net_device not being freed. A malicious remote user could exploit
+ this in order to initiate a denial of service attack. This issue was fixed
+ in Linux 2.6.12.6 and 2.6.13.
+Notes:
+ This code looks completely different in 2.4; neither ip_append_data() (the
+ function that returns an error) nor icmp_push_reply() (the function that fails
+ to check this error) exist. So, I'm marking 2.4 as unaffected.
+ Actual CVE description:
+ Memory leak in the icmp_push_reply function in Linux 2.6 before
+ 2.6.12.6 and 2.6.13 allows remote attackers to cause a denial of
+ service (memory consumption) via a large number of crafted packets
+ that cause the ip_append_data function to fail, aka "DST leak in
+ icmp_push_reply."
+upstream: released (2.6.12.6, 2.6.13)
+2.6.8-sarge-security: released (2.6.8-16sarge2) [fix-dst-leak-in-icmp_push_reply.dpatch]
+2.4.27-sid/sarge: released (2.4.27-12) [188_fix-dst-leak-in-icmp_push_reply.diff]
+2.4.27-sarge-security: released (2.4.27-10sarge2) [188_fix-dst-leak-in-icmp_push_reply.diff]
+linux-2.6:
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-3857 (from rev 525, patch-tracking/CVE-2005-3857)
===================================================================
--- patch-tracking/CVE-2005-3857 2006-08-14 01:48:20 UTC (rev 525)
+++ patch-tracking/retired/CVE-2005-3857 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,24 @@
+Candidate: CVE-2005-3857
+References:
+ CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f3a9388e4ebea57583272007311fffa26ebbb305
+Description:
+ [PATCH] VFS: local denial-of-service with file leases
+ .
+ The time_out_leases function in locks.c for Linux kernel before 2.6.15
+ allows local users to cause a denial of service (kernel log message
+ consumption) by causing a large number of broken leases, which is
+ recorded to the log using the printk function.
+Notes:
+ Sent for inclusion in 2.4.33
+Bugs:
+upstream: released (2.6.15-rc2), needed (2.6.33)
+linux-2.6: released (2.6.14+2.6.15-rc5-0experimental.1)
+2.6.8-sarge-security: released (2.6.8-16sarge2)
+2.4.27-sarge-security: released (2.4.27-10sarge2)
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-3858 (from rev 520, patch-tracking/CVE-2005-3858)
===================================================================
--- patch-tracking/CVE-2005-3858 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-3858 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,24 @@
+Candidate: CVE-2005-3858
+References:
+ CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/chrisw/linux-2.6.12.y.git;a=commit;h=f982542ed2f495cbe94e6d9001878f27ea738b36
+ MISC:http://lkml.org/lkml/2005/8/26/175
+Description:
+ ip6_input_finish() contains a memory leak in Linux kernels prior to
+ 2.6.12.6 and 2.6.13. This could potentially be used to trigger a remote
+ denial of service (DoS) attack.
+Notes:
+ dannf> Though the code in 2.4 is quite different, it looks to me like the
+ dannf> 2.4 code could be vulnerable.
+Bugs:
+upstream: released (2.6.12.6, 2.6.13)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-16sarge2)
+2.4.27-sarge-security: released (2.4.27-10sarge2) [189_ipv6-skb-leak.diff]
+2.4.27-sid: released (2.4.27-12) [189_ipv6-skb-leak.diff]
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
+2.4.18-woody-security-hppa:
Copied: patch-tracking/retired/CVE-2005-4351 (from rev 520, patch-tracking/CVE-2005-4351)
===================================================================
--- patch-tracking/CVE-2005-4351 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-4351 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,22 @@
+Candidate: CVE-2005-4351
+References:
+ http://www.redteam-pentesting.de/advisories/rt-sa-2005-15.txt
+Description:
+ The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up to 3.8,
+ DragonFly up to 1.2, and Linux up to 2.6.15 allows root users to bypass
+ immutable settings for files by mounting another filesystem that masks the
+ immutable files while the system is running.
+Notes:
+ jmm> This affects the LSM module for BSD secure levels, not included in 2.4 and
+ jmm> 2.6.8
+Bugs:
+upstream:
+linux-2.6:
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2005-4352 (from rev 520, patch-tracking/CVE-2005-4352)
===================================================================
--- patch-tracking/CVE-2005-4352 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-4352 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,23 @@
+Candidate: CVE-2005-4352
+References:
+ http://www.redteam-pentesting.de/advisories/rt-sa-2005-16.txt
+Description:
+ The securelevels implementation in NetBSD 2.1 and earlier, and Linux 2.6.15
+ and earlier, allows local users to bypass time setting restrictions and set
+ the clock backwards by setting the clock ahead to the maximum unixtime value
+ (19 Jan 2038), which then wraps around to the minimum value (13 Dec 1901),
+ which can then be set ahead to the desired time, aka "settimeofday() time wrap."
+Notes:
+ jmm> This affects the LSM module for BSD secure levels, not included in 2.6.8
+ jmm> and 2.4.27
+Bugs:
+upstream:
+linux-2.6:
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2005-4605 (from rev 520, patch-tracking/CVE-2005-4605)
===================================================================
--- patch-tracking/CVE-2005-4605 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-4605 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,25 @@
+Candidate: CVE-2005-4605
+References:
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8b90db0df7187a01fb7177f1f812123138f562cf
+ http://marc.theaimsgroup.com/?l=full-disclosure&m=113535380422339&w=2
+ http://linux.bkbits.net:8080/linux-2.6/gnupatch@43b562ae6hJGLWZA4TNf2k-RzXnVlQ
+Description:
+ The procfs code (proc_misc.c) in Linux 2.6.14.3 and other versions
+ before 2.6.15 allows attackers to read sensitive kernel memory via
+ unspecified vectors in which a signed value is added to an unsigned
+ value.
+Notes:
+ jmm> 2.4 not affected as proc_file_lseek() contains a check for this
+ jmm> if (offset>=0 && (unsigned long long)offset<=file->f_dentry->d_inode->i_sb->s_maxbytes) {
+ jmm> Discovered by Karl Janmar
+Bugs:
+upstream: released (2.6.15), released (2.6.14.6)
+linux-2.6: released (2.6.15-1)
+2.6.8-sarge-security: released (2.6.8-16sarge2) [proc-legacy-loff-underflow.dpatch]
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2005-4618 (from rev 520, patch-tracking/CVE-2005-4618)
===================================================================
--- patch-tracking/CVE-2005-4618 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-4618 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,22 @@
+Candidate: CVE-2005-4618
+References:
+ http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8febdd85adaa41fa1fc1cb31286210fc2cd3ed0c
+Description:
+ Buffer overflow in sysctl in the Linux Kernel 2.6 before 2.6.15 allows
+ local users to cause a denial of service and possibly execute arbitrary
+ code via a long string, which causes sysctl to write a zero byte outside
+ the buffer.
+Notes:
+ jmm> Discovered by Yi Ying
+Bugs:
+upstream: released (2.6.15)
+linux-2.6: released (2.6.15-1)
+2.6.8-sarge-security: released (2.6.8-16sarge2)
+2.4.27-sarge-security: released (2.4.27-10sarge2)
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Copied: patch-tracking/retired/CVE-2005-4635 (from rev 520, patch-tracking/CVE-2005-4635)
===================================================================
--- patch-tracking/CVE-2005-4635 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-4635 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,29 @@
+Candidate: CVE-2005-4635
+References:
+ MISC:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ea86575eaf99a9262a969309d934318028dbfacb
+ CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15
+ BID:16139
+ URL:http://www.securityfocus.com/bid/16139
+ FRSIRT:ADV-2006-0035
+ URL:http://www.frsirt.com/english/advisories/2006/0035
+ SECUNIA:18216
+ URL:http://secunia.com/advisories/18216
+Description:
+ The nl_fib_input function in fib_frontend.c in the Linux kernel before 2.6.15
+ does not check for valid lengths of the header and payload, which allows
+ remote attackers to cause a denial of service (invalid memory reference) via
+ malformed fib_lookup netlink messages.
+Notes:
+ dannf> Well, I don't know how it could be exploited by an unpriveleged user - dannf> but I don't think we need to worry about it. The vulnerable function
+ dannf> wasn't added until after 2.6.12, and is already fixed in 2.6.15.
+Bugs:
+upstream: released (2.6.15)
+linux-2.6: released (2.6.15-1)
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2005-4639 (from rev 520, patch-tracking/CVE-2005-4639)
===================================================================
--- patch-tracking/CVE-2005-4639 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2005-4639 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,25 @@
+Candidate: CVE-2005-4639
+References:
+ CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15
+ URL:http://www.securityfocus.com/bid/16142
+ URL:http://www.frsirt.com/english/advisories/2006/0035
+ URL:http://secunia.com/advisories/18216
+Description:
+ Buffer overflow in the CA-driver (dst_ca.c) for TwinHan DST Frontend/
+ Card in Linux kernel 2.6.12 and other versions before 2.6.15 allows
+ local users to cause a denial of service (crash) and possibly execute
+ arbitrary code by "reading more than 8 bytes into an 8 byte long array".
+Notes:
+ jmm> Discovered by Perceval Anichini
+ dannf> Driver wasn't added till after 2.6.8
+Bugs:
+upstream: released (2.6.15)
+linux-2.6: released (2.6.15-1)
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2006-0035 (from rev 520, patch-tracking/CVE-2006-0035)
===================================================================
--- patch-tracking/CVE-2006-0035 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2006-0035 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,19 @@
+Candidate: CVE-2006-0035
+References:
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ad8e4b75c8a7bed475d72ce09bf5267188621961
+Description:
+ Sanity check nlmsg_len during netlink_rcv_skb. An nlmsg_len == 0 can cause
+ infinite loop in kernel, effectively DoSing machine. Noted by Matin Murray.
+Notes:
+ dannf> The vulnerable code doesn't exist in <= 2.6.8
+Bugs:
+upstream: released (2.6.15.1)
+linux-2.6: released (2.6.15-3)
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2006-0036 (from rev 520, patch-tracking/CVE-2006-0036)
===================================================================
--- patch-tracking/CVE-2006-0036 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2006-0036 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,21 @@
+Candidate: CVE-2006-0036
+References:
+ http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=15db34702cfafd24acc60295cf14861e4975\02ab
+Description:
+ When an inbound PPTP_IN_CALL_REQUEST packet is received the
+ PPTP NAT helper uses a NULL pointer in pointer arithmentic to
+ calculate the offset in the packet which needs to be mangled
+ and corrupts random memory or crashes.
+Notes:
+ jmm> This is not included in 2.4 and 2.6.8
+Bugs:
+upstream: released (2.6.15.1)
+linux-2.6: released (2.6.15-3)
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2006-0037 (from rev 520, patch-tracking/CVE-2006-0037)
===================================================================
--- patch-tracking/CVE-2006-0037 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2006-0037 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,21 @@
+Candidate: CVE-2006-0037
+References: http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=03b9feca89366952ae5dfe4ad8107b1ece50b710
+Description:
+ The PPTP NAT helper calculates the offset at which the packet needs
+ to be mangled as difference between two pointers to the header. With
+ non-linear skbs however the pointers may point to two seperate buffers
+ on the stack and the calculation results in a wrong offset beeing
+ used.
+Notes:
+ jmm> The vulnerable code isn't present in 2.4 and 2.6.8
+Bugs:
+upstream: released (2.6.15.1)
+linux-2.6: released (2.6.15-3)
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2006-0038 (from rev 520, patch-tracking/CVE-2006-0038)
===================================================================
--- patch-tracking/CVE-2006-0038 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2006-0038 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,22 @@
+Candidate: CVE-2006-0038
+References:
+ https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=186295
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ee4bb818ae35f68d1f848eae0a7b150a38eb4168
+Description:
+ Integer overflow in the do_replace function in netfilter for Linux
+ before 2.6.16-rc3, when using "virtualization solutions" such as OpenVZ,
+ allows local users with CAP_NET_ADMIN rights to cause a buffer overflow
+ in the copy_from_user function.
+Notes:
+ dannf> Submitted to Marcelo for 2.4
+Bugs:
+upstream: released (2.6.16-rc3)
+linux-2.6: released (2.6.16-1)
+2.6.8-sarge-security: released (2.6.8-16sarge3) [netfilter-do_replace-overflow.dpatch]
+2.4.27-sarge-security: released (2.4.27-10sarge3) [221_netfilter-do_replace-overflow.diff]
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Copied: patch-tracking/retired/CVE-2006-0039 (from rev 520, patch-tracking/CVE-2006-0039)
===================================================================
--- patch-tracking/CVE-2006-0039 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2006-0039 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,13 @@
+Candidate: CVE-2006-0039
+References:
+ https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191698
+Description: netfilter do_add_counters race
+Notes:
+ jmm> Only exploitable with CAP_NET_ADMIN privilege
+ jmm> exposure is leakage of sensitive information
+ dannf> Submitted to Marcelo for 2.4
+Bugs:
+upstream: released (2.6.16.17)
+linux-2.6: released (2.6.16-14)
+2.6.8-sarge-security: released (2.6.8-16sarge3)
+2.4.27-sarge-security: released (2.4.27-10sarge3)
Copied: patch-tracking/retired/CVE-2006-0095 (from rev 520, patch-tracking/CVE-2006-0095)
===================================================================
--- patch-tracking/CVE-2006-0095 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2006-0095 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,22 @@
+Candidate: CVE-2006-0095
+References:
+ http://article.gmane.org/gmane.linux.kernel/363528/match=dm+crypt
+Description:
+ dm-crypt does not clear struct crypt_config before freeing it. Thus,
+ information on the key could leak f.e. to a swsusp image even after the
+ encrypted device has been removed. The attached patch against 2.6.14 /
+ 2.6.15 fixes it.
+Notes:
+ jhorms> 2.4 not affected as dm-crypt doesn't seem to exist
+ jmm> Discovered by Stefan Rompf
+Bugs:
+upstream: released (2.6.16-rc1)
+linux-2.6: released (2.6.16-1)
+2.6.8-sarge-security: released (2.6.8-16sarge2) [dm-crypt-zero-key.dpatch]
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2006-0096 (from rev 520, patch-tracking/CVE-2006-0096)
===================================================================
--- patch-tracking/CVE-2006-0096 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2006-0096 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,34 @@
+Candidate: CVE-2006-0096
+References:
+http://www.kernel.org/git/?p=linux/kernel/git/tglx/history.git;a=commitdiff;h=0f1d4813a4a65296e1131f320a60741732bc068f
+http://linux.bkbits.net:8080/linux-2.4/cset@1.1448.91.23?nav=index.html|src/|src/drivers|src/drivers/net|src/drivers/net/wan|related/drivers/net/wan/sdla.c
+Description:
+Notes:
+ jmm> This was accidentally released as a fix for CVE-2004-2607 in 2.4.27-8:
+ jmm>
+ jmm> diff -Nru a/drivers/net/wan/sdla.c b/drivers/net/wan/sdla.c
+ jmm> --- a/drivers/net/wan/sdla.c 2005-01-13 08:41:42 -08:00
+ jmm> +++ b/drivers/net/wan/sdla.c 2005-01-13 08:41:42 -08:00
+ jmm> @@ -1300,6 +1300,8 @@
+ jmm>
+ jmm> case SDLA_WRITEMEM:
+ jmm> case SDLA_READMEM:
+ jmm> + if(!capable(CAP_SYS_RAWIO))
+ jmm> + return -EPERM;
+ jmm> return(sdla_xfer(dev, (struct sdla_mem *)ifr->ifr_data, cmd == SDLA_READMEM));
+ jmm>
+ jmm> case SDLA_START:
+ horms> I only see reference to CVE-2004-2607 in patch-tracking,
+ horms> not in the changelog for 2.4.27-8, so I don't think the first line
+ horms> of the statement above is correct
+Bugs:
+upstream: released (2.6.11), fixed (2.4.29)
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-16sarge2) [net-sdla-coverty.dpatch]
+2.4.27-sarge-security: released (2.4.27-8) [129_net_sdla_coverty.diff]
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Copied: patch-tracking/retired/CVE-2006-0456 (from rev 520, patch-tracking/CVE-2006-0456)
===================================================================
--- patch-tracking/CVE-2006-0456 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2006-0456 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,20 @@
+Candidate: CVE-2006-0456
+References:
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=331c46591414f7f92b1cec048009abe89892ee79
+Description:
+ strnlen_user() on s390 and s390x does not return a value greater than
+ maxlen if the string is looking at is longer than maxlen; instead it
+ returns maxlen.
+Notes:
+ jmm> 2.4 doesn't have an assembly version
+Bugs:
+upstream: released (2.6.16)
+linux-2.6: released (2.6.16-1)
+2.6.8-sarge-security: released (2.6.8-16sarge3)
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2006-0457 (from rev 520, patch-tracking/CVE-2006-0457)
===================================================================
--- patch-tracking/CVE-2006-0457 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2006-0457 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,31 @@
+Candidate: CVE-2006-0457
+References:
+ http://linux.bkbits.net:8080/linux-2.6/cset@43e385c7rMAIqryXIl7lGGdWgZ1Ivg
+ MANDRIVA:MDKSA-2006:059
+ URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:059
+ UBUNTU:USN-263-1
+ URL:http://www.ubuntulinux.org/support/documentation/usn/usn-263-1
+ BID:17084
+ URL:http://www.securityfocus.com/bid/17084
+ OSVDB:23894
+ URL:http://www.osvdb.org/23894
+ SECUNIA:19220
+ URL:http://secunia.com/advisories/19220
+Description:
+ Race condition in the (1) add_key, (2) request_key, and (3) keyctl functions
+ in Linux kernel 2.6.x allows local users to cause a denial of service (crash)
+ or read sensitive kernel memory by modifying the length of a string argument
+ between the time that the kernel calculates the length and when it copies the
+ data into kernel memory.
+Notes:
+Bugs:
+upstream: released (2.6.10)
+linux-2.6: released (2.6.10-1)
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2006-0482 (from rev 520, patch-tracking/CVE-2006-0482)
===================================================================
--- patch-tracking/CVE-2006-0482 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2006-0482 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,21 @@
+Candidate: CVE-2006-0482
+References: http://lists.debian.org/debian-sparc/2006/01/msg00129.html
+ http://marc.theaimsgroup.com/?t=113861017400002&r=1&w=2
+ http://marc.theaimsgroup.com/?l=linux-sparc&m=113861287813463&w=2
+Description: date -s run as a normal user hangs machine on sparc64
+Notes:
+ Jurij Smakov> sparc32 would be tricky to test and i don't know about 2.4.27
+ dannf> Code isn't present in 2.4, and Jurij couldn't reproduce it there
+ dannf> I can't reproduce on sparc32, which makes sense because the bug is
+ dannf> in sparc64 32-bit compat code
+Bugs:
+upstream: pending (2.6.16-rc2)
+linux-2.6: pending (2.6.16-4) [sparc64-clock-settime.patch]
+2.6.8-sarge-security: released (2.6.8-16sarge2) [sparc64-clock-settime.dpatch]
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2006-0554 (from rev 520, patch-tracking/CVE-2006-0554)
===================================================================
--- patch-tracking/CVE-2006-0554 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2006-0554 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,18 @@
+Candidate: CVE-2006-0554
+References:
+ http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15.5
+Description:
+ Linux kernel 2.6 before 2.6.15.5 allows local users to obtain sensitive
+ information via a crafted XFS ftruncate call, which may return stale data.
+Notes:
+Bugs:
+upstream: released (2.6.15.5)
+linux-2.6: released (2.6.15-8)
+2.6.8-sarge-security: released (2.6.8-16sarge3)
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2006-0555 (from rev 520, patch-tracking/CVE-2006-0555)
===================================================================
--- patch-tracking/CVE-2006-0555 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2006-0555 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,19 @@
+Candidate: CVE-2006-0555
+References:
+ http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15.5
+Description:
+ The Linux Kernel before 2.6.15.5 allows local users to cause a denial of
+ service (NFS client panic) via unknown attack vectors related to the use of
+ O_DIRECT (direct I/O).
+Notes: UBUNTU:USN-263-1
+Bugs:
+upstream: released (2.6.15.5)
+linux-2.6: released (2.6.15-8)
+2.6.8-sarge-security: released (2.6.8-16sarge3)
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2006-0557 (from rev 520, patch-tracking/CVE-2006-0557)
===================================================================
--- patch-tracking/CVE-2006-0557 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2006-0557 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,20 @@
+Candidate: CVE-2006-0557
+References:
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=636f13c174dd7c84a437d3c3e8fa66f03f7fda63
+ http://www.securityfocus.com/bid/16924
+Description:
+ Local DoS in mempolicy code; certain maxnodes values cause a crash.
+Notes:
+ Fixed in git on Feb 17, dunno about 2.6.15.x
+ dannf> mempolicy.c doesn't exist in 2.4, marking N/A
+Bugs:
+upstream: released (2.6.16-rc4)
+linux-2.6: released (2.6.16-1)
+2.6.8-sarge-security: released (2.6.8-16sarge3)
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2006-0558 (from rev 520, patch-tracking/CVE-2006-0558)
===================================================================
--- patch-tracking/CVE-2006-0558 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2006-0558 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,30 @@
+Candidate: CVE-2006-0558
+References:
+ MLIST:[linux-ia64] [PATCH 1/1] ia64: perfmon.c trips BUG_ON in put_page_testzero
+ URL:http://marc.theaimsgroup.com/?l=linux-ia64&m=113882384921688
+ CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=185082
+ BID:17482
+ URL:http://www.securityfocus.com/bid/17482
+Description:
+ perfmon (perfmon.c) in Linux kernel on IA64 architectures allows local users
+ to cause a denial of service (crash) by interrupting a task while another
+ process is accessing the mm_struct, which triggers a BUG_ON action in the
+ put_page_testzero function.proc
+Notes:
+ dannf> This issue is unreproducible in 2.6.16, according to:
+ dannf> http://marc.theaimsgroup.com/?l=linux-ia64&m=114530938403347&w=2
+ dannf> So, I'm marking upstream as 2.6.16
+ .
+ dannf> I have a reproducer from SGI. It causes 2.6.8 to oops, but needs to
+ dannf> be ported to the 2.4 perfmon API to test 2.4.27
+Bugs: 365375
+upstream: released (2.6.16)
+linux-2.6: released (2.6.16-1)
+2.6.8-sarge-security: released (2.6.8-16sarge3)
+2.4.27-sarge-security:
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Copied: patch-tracking/retired/CVE-2006-0741 (from rev 520, patch-tracking/CVE-2006-0741)
===================================================================
--- patch-tracking/CVE-2006-0741 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2006-0741 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,20 @@
+Candidate: CVE-2006-0741
+References:
+Description:
+ Fixes a local DOS on Intel systems that lead to an endless
+recursive fault. AMD machines don't seem to be affected.
+Notes:
+ 2.6: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5342fba5412cead88b61ead07168615dbeba1ee3
+ .
+ This is amd64-specific (em64t in particular), so we could ignore it for 2.4
+Bugs:
+upstream: released (2.6.15.5)
+linux-2.6: released (2.6.15-8)
+2.6.8-sarge-security: released (2.6.8-16sarge3) [binfmt-bad-elf-entry-address.dpatch]
+2.4.27-sarge-security: released (2.4.27-10sarge3) [222_binfmt-bad-elf-entry-address.diff]
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2006-0742 (from rev 520, patch-tracking/CVE-2006-0742)
===================================================================
--- patch-tracking/CVE-2006-0742 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2006-0742 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,21 @@
+Candidate: CVE-2006-0742
+References:
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=e963701a761aede31c9c1bfc74cf8e0ec671f0f4;hp=eb0911e27e8c6778d6c8ec95b7dd60c002d923c3
+Description:
+ The die_if_kernel function in arch/ia64/kernel/unaligned.c in Linux kernel
+ 2.6.x before 2.6.15.6, possibly when compiled with certain versions of gcc,
+ has the "noreturn" attribute set, which allows local users to cause a denial
+ of service by causing user faults on Itanium systems.
+Notes:
+ dannf> Forwarded to Bjorn for 2.4-ia64 inclusion
+Bugs:
+upstream: released (2.6.15.6)
+linux-2.6: released (2.6.15-8)
+2.6.8-sarge-security: released (2.6.8-16sarge3)
+2.4.27-sarge-security: released (2.4.27-10sarge3)
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Copied: patch-tracking/retired/CVE-2006-0744 (from rev 520, patch-tracking/CVE-2006-0744)
===================================================================
--- patch-tracking/CVE-2006-0744 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2006-0744 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,20 @@
+Candidate: CVE-2006-0744
+References:
+Description:
+ signal catching issue on em64t; similar to CVE-2006-0741
+Notes:
+ dannf> looks like redhat has developed a patch for their 2.4
+ .
+ dannf> no upstream 2.4 fix, and it is amd64-specific, so ignoring for
+ 2.4/sarge3
+Bugs:
+upstream:
+linux-2.6: released (2.6.16-7)
+2.6.8-sarge-security: released (2.6.8-16sarge3) [em64t-uncanonical-return-addr.dpatch]
+2.4.27-sarge-security: ignored (2.4.27-10sarge3)
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Copied: patch-tracking/retired/CVE-2006-1055 (from rev 520, patch-tracking/CVE-2006-1055)
===================================================================
--- patch-tracking/CVE-2006-1055 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2006-1055 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,26 @@
+Candidate: CVE-2006-1055
+References:
+Description:
+ Quoting Greg KH:
+ Al just pointed me at an old sysfs patch that went into the tree last
+ year that has some potential security problems. Turns out that if you
+ write to a sysfs file exactly PAGE_SIZE worth of data, with no zeros in
+ it, there's a good chance you could read off the end of the kernel
+ buffer into who knows where.
+Notes:
+ jmm> This was judged non-exploitable by Al Viro, but it's still a local DoS
+ jmm> 2.4 N/A, as it doesn't have sysfs
+ .
+ troyh> N/A for sarge, it was broken in 2.6.12 - 2.6.17-rc1. 2.6.8 is fine,
+ and since its's sysfs 2.4 is N/A.
+Bugs:
+upstream: released (2.6.17-rc1), released (2.6.16.2)
+linux-2.6: released (2.6.16-6)
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2006-1056 (from rev 520, patch-tracking/CVE-2006-1056)
===================================================================
--- patch-tracking/CVE-2006-1056 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2006-1056 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,29 @@
+Candidate: CVE-2006-1056
+References:
+ CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187910
+ CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187911
+ URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=114548768214478&w=2
+ URL:http://www.securityfocus.com/bid/17600
+ URL:http://xforce.iss.net/xforce/xfdb/25871
+Description:
+ The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on
+ AMD64 and other 7th and 8th generation AuthenticAMD processors, only
+ save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an
+ exception is pending, which allows one process to determine portions of the
+ state of floating point instructions of other processes, which can be
+ leveraged to obtain sensitive information such as cryptographic keys. NOTE:
+ this is the documented behavior of AMD64 processors, but it is inconsistent
+ with Intel processers in a security-relevant fashion that was not addressed
+ by the kernels.
+Notes:
+Bugs:
+upstream: released (2.4.33-pre3), released (2.6.16.9)
+linux-2.6: released (2.6.16-9)
+2.6.8-sarge-security: released (2.6.8-16sarge3)
+2.4.27-sarge-security: released (2.4.27-10sarge3)
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Copied: patch-tracking/retired/CVE-2006-1066 (from rev 520, patch-tracking/CVE-2006-1066)
===================================================================
--- patch-tracking/CVE-2006-1066 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2006-1066 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,40 @@
+Candidate: CVE-2006-1066
+References:
+Description: 2.6.8 ia64 kernel w/ PREEMPT enabled permits local DoS (oops)
+Notes:
+ From: dann frazier <dannf at dannf.org>
+ To: team at security.debian.org
+ Subject: kernel-image-2.6.8-ia64 - disable preempt
+ Date: Fri, 25 Mar 2005 18:57:59 -0700
+ .
+ hey security team,
+ Its likely that kernel-image-2.6.8-ia64 (2.6.8-12) will be the version
+ that ships in sarge. This kernel has CONFIG_PREEMPT enabled, which has
+ at least one known issue in ptrace code that lets an unpriveleged
+ userspace process trigger an oops. This issue went away upstream by
+ 2.6.9, but its unclear what actually fixed it. SuSE/RedHat disable
+ PREEMPT for ia64 (or so I'm told), so they are not affected. This same
+ test case does _not_ fail on x86, which also has PREEMPT enabled for
+ sarge.
+ .
+ This issue has been known for a while, but I waited until after d-i
+ RC3 to upload it, since it changes the ABI. This fix is in the 2.6.8-13
+ build in unstable, but the release team is blocking this kernel from
+ normal sarge propagation to keep the kernel udebs in sync.
+ .
+ .
+ dannf> This is only a config change, so it requires no changes to
+ dannf> kernel-source-2.6.8, but I'll use the kernel-source version
+ dannf> for the pending/released tags to match the others.
+Bugs:
+upstream:
+linux-2.6: N/A
+2.6.8-sarge-security: released (2.6.8-16sarge2)
+2.4.27-sarge-security: N/A
+2.6.8: needed
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2006-1242 (from rev 520, patch-tracking/CVE-2006-1242)
===================================================================
--- patch-tracking/CVE-2006-1242 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2006-1242 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,38 @@
+Candidate: CVE-2006-1242
+References:
+http://www.kernel.org/git/gitweb.cgi?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1a55d57b107c3e06935763905dc0fb235214569d
+Description:
+ [TCP]: Do not use inet->id of global tcp_socket when sending RST.
+ .
+ The problem is in ip_push_pending_frames(), which uses:
+ . if (!df) {
+ . __ip_select_ident(iph, &rt->u.dst, 0);
+ . } else {
+ . iph->id = htons(inet->id++);
+ . }
+ .
+ instead of ip_select_ident().
+ .
+ Right now I think the code is a nonsense. Most likely, I copied it from
+ old ip_build_xmit(), where it was really special, we had to decide
+ whether to generate unique ID when generating the first (well, the last)
+ fragment.
+ .
+ In ip_push_pending_frames() it does not make sense, it should use plain
+ ip_select_ident() instead.
+Notes:
+ jmm> 2.4 doesn't seem to be affected, but I'd prefer a second look before
+ jmm> marking it N/A
+ .
+ dannf> troyh gave me a patch for 2.4, so I guess it is affected
+Bugs:
+upstream: released (2.6.16.1)
+linux-2.6: released (2.6.16-4)
+2.6.8-sarge-security: released (2.6.8-16sarge3)
+2.4.27-sarge-security: released (2.4.27-10sarge3)
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Copied: patch-tracking/retired/CVE-2006-1342 (from rev 520, patch-tracking/CVE-2006-1342)
===================================================================
--- patch-tracking/CVE-2006-1342 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2006-1342 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,25 @@
+Candidate: CVE-2006-1342
+References:
+ http://marc.theaimsgroup.com/?l=linux-netdev&m=114148078223594&w=2
+ http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=09d3b3dcfa80c9094f1748c1be064b9326c9ef2b
+Description:
+ net/ipv4/af_inet.c in Linux kernel 2.4 does not clear sockaddr_in.sin_zero
+ before returning IPv4 socket names from the (1) getsockname, (2) getpeername,
+ and (3) accept functions, which allows local users to obtain portions of
+ potentially sensitive memory.
+Notes:
+ jmm> getorigdst() requires the fix in 2.6.8, inet_getname() is already fixed
+ dannf> both CVE-2006-1342 & CVE-2006-1343 were fixed by the same patch;
+ however we actually coincidentally already fixed 1343 in the
+ 043_ipsec.diff patch
+Bugs:
+upstream: released (2.4.33-pre3)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: released (2.4.27-1)
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Copied: patch-tracking/retired/CVE-2006-1368 (from rev 520, patch-tracking/CVE-2006-1368)
===================================================================
--- patch-tracking/CVE-2006-1368 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2006-1368 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,23 @@
+Candidate: CVE-2006-1368
+References:
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8763716bfe4d8a16bef28c9947cf9d799b1796a5
+ http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16
+Description:
+ Buffer overflow in the USB Gadget RNDIS implementation in the Linux kernel before
+ 2.6.16 allows remote attackers to cause a denial of service (kmalloc'd memory
+ corruption) via a remote NDIS response to OID_GEN_SUPPORTED_LIST, which causes
+ memory to be allocated for the reply data but not the reply structure.
+Notes:
+ dannf> Marcelo has posted a patch identical to ours and has asked for
+ feedback, so it should be upstream soon
+Bugs:
+upstream: released (2.6.16)
+linux-2.6: released (2.6.16-1)
+2.6.8-sarge-security: released (2.6.8-16sarge3)
+2.4.27-sarge-security: released (2.4.27-10sarge3)
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Copied: patch-tracking/retired/CVE-2006-1522 (from rev 526, patch-tracking/CVE-2006-1522)
===================================================================
--- patch-tracking/CVE-2006-1522 2006-08-14 02:02:11 UTC (rev 526)
+++ patch-tracking/retired/CVE-2006-1522 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,16 @@
+Candidate: CVE-2006-1522
+References:
+Description:
+Notes:
+ jmm> Vulnerable code not present in 2.6.8 and 2.4
+Bugs:
+upstream: released (2.6.16.3)
+linux-2.6: released (2.6.16-7)
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2006-1523 (from rev 526, patch-tracking/CVE-2006-1523)
===================================================================
--- patch-tracking/CVE-2006-1523 2006-08-14 02:02:11 UTC (rev 526)
+++ patch-tracking/retired/CVE-2006-1523 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,23 @@
+Candidate: CVE-2006-1523
+References:
+ MLIST:[linux-kernel] 20060411 [PATCH] __group_complete_signal: remove bogus BUG_ON
+ URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=114476543426600&w=2
+ CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188604
+ BID:17640
+ URL:http://www.securityfocus.com/bid/17640
+Description:
+ The __group_complete_signal function in the RCU signal handling (signal.c) in
+ Linux kernel 2.6.16, and possibly other versions, has unknown impact and
+ attack vectors related to improper use of BUG_ON.
+Notes:
+Bugs:
+upstream: released (2.6.16.4)
+linux-2.6: released (2.6.16-7)
+2.6.8-sarge-security: released (2.6.8-16sarge3)
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2006-1524 (from rev 520, patch-tracking/CVE-2006-1524)
===================================================================
--- patch-tracking/CVE-2006-1524 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2006-1524 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,28 @@
+Candidate: CVE-2006-1524
+References:
+ CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.6
+ BID:17587
+ URL:http://www.securityfocus.com/bid/17587
+ SECUNIA:19664
+ URL:http://secunia.com/advisories/19664
+ SECUNIA:19657
+ URL:http://secunia.com/advisories/19657
+Description:
+ madvise_remove in Linux kernel 2.6.16 up to 2.6.16.6 does not follow
+ file and mmap restrictions, which allows local users to bypass IPC
+ permissions and replace portions of readonly tmpfs files with zeroes,
+ aka the MADV_REMOVE vulnerability. NOTE: this description was
+ originally written in a way that combined two separate issues. The
+ mprotect issue now has a separate name, CVE-2006-2071.
+Notes:
+Bugs:
+upstream: released (2.6.16.7)
+linux-2.6:
+2.6.8-sarge-security: released (2.6.8-16sarge3)
+2.4.27-sarge-security: released (2.4.27-10sarge3)
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Copied: patch-tracking/retired/CVE-2006-1525 (from rev 520, patch-tracking/CVE-2006-1525)
===================================================================
--- patch-tracking/CVE-2006-1525 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2006-1525 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,23 @@
+Candidate: CVE-2006-1525
+References:
+ CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.8
+ CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189346
+ URL:http://www.securityfocus.com/bid/17593
+ URL:http://xforce.iss.net/xforce/xfdb/25872
+Description:
+ ip_route_input in Linux kernel 2.6 before 2.6.16.8 allows local users to
+ cause a denial of service (panic) via a request for a route for a multicast
+ IP address, which triggers a null dereference.
+Notes:
+ dannf> Submitted to Marcelo for 2.4
+Bugs:
+upstream: released (2.6.16.8)
+linux-2.6: released (2.6.16-9)
+2.6.8-sarge-security: released (2.6.8-16sarge3)
+2.4.27-sarge-security: released (2.4.27-10sarge3)
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Copied: patch-tracking/retired/CVE-2006-1527 (from rev 527, patch-tracking/CVE-2006-1527)
===================================================================
--- patch-tracking/CVE-2006-1527 2006-08-14 02:04:21 UTC (rev 527)
+++ patch-tracking/retired/CVE-2006-1527 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,30 @@
+Candidate: CVE-2006-1527
+References:
+ CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.13
+ TRUSTIX:2006-0024
+ URL:http://www.trustix.org/errata/2006/0024
+ BID:17806
+ URL:http://www.securityfocus.com/bid/17806
+ FRSIRT:ADV-2006-1632
+ URL:http://www.frsirt.com/english/advisories/2006/1632
+ OSVDB:25229
+ URL:http://www.osvdb.org/25229
+ SECUNIA:19926
+ URL:http://secunia.com/advisories/19926
+Description:
+ The SCTP-netfilter code in Linux kernel before 2.6.16.13 allows remote attackers to trigger a denial of
+ service (infinite loop) via unknown vectors that cause an invalid SCTP chunk size to be processed by the
+ for_each_sctp_chunk function.
+Notes:
+ troyh> SCTP-netfilter code didn't exist until after 2.6.8
+Bugs:
+upstream: released (2.6.16.13)
+linux-2.6: released (2.6.16-12)
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2006-1857 (from rev 520, patch-tracking/CVE-2006-1857)
===================================================================
--- patch-tracking/CVE-2006-1857 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2006-1857 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,20 @@
+Candidate: CVE-2006-1857
+References:
+ http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=a601266e4f3c479790f373c2e3122a766d123652;hp=dd2d1c6f2958d027e4591ca5d2a04dfe36ca6512
+Description:
+ Buffer overflow in SCTP in Linux kernel before 2.6.16.17 allows remote
+ attackers to cause a denial of service (crash) and possibly execute arbitrary
+ code via a malformed HB-ACK chunk.
+Notes:
+ dannf> Submitted to Marcelo for 2.4
+Bugs:
+upstream: released (2.6.16.17)
+linux-2.6: released (2.6.16-14)
+2.6.8-sarge-security: released (2.6.8-16sarge3)
+2.4.27-sarge-security: released (2.4.27-10sarge3)
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2006-1858 (from rev 520, patch-tracking/CVE-2006-1858)
===================================================================
--- patch-tracking/CVE-2006-1858 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2006-1858 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,20 @@
+Candidate: CVE-2006-1858
+References:
+ http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=dd2d1c6f2958d027e4591ca5d2a04dfe36ca6512;hp=61c9fed41638249f8b6ca5345064eb1beb50179f
+Description:
+ SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause a
+ denial of service (crash) and possibly execute arbitrary code via a chunk
+ length that is inconsistent with the actual length of provided parameters.
+Notes:
+ dannf> Submitted to Marcello for 2.4
+Bugs:
+upstream: released (2.6.16.17)
+linux-2.6: released (2.6.16-14)
+2.6.8-sarge-security: released (2.6.8-16sarge3)
+2.4.27-sarge-security: released (2.4.27-10sarge3)
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2006-1859 (from rev 520, patch-tracking/CVE-2006-1859)
===================================================================
--- patch-tracking/CVE-2006-1859 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2006-1859 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,25 @@
+Candidate: CVE-2006-1859
+References:
+ http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.16
+ http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.16.y.git;a=commit;h=1f0e637c94a9b0418
+ http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.16.y.git;a=blobdiff;h=aa7f66091823dde953e15895dc427615701c39c7;hp=e75ac392a313f3fad823bf2e46a03f29701e3e34;hb=1f0e637c94a9b041833947c79110d6c02fff8618;f=fs/locks.c
+ http://www.securityfocus.com/bid/17943
+ http://www.frsirt.com/english/advisories/2006/1767
+ http://secunia.com/advisories/20083
+Description:
+ lease_init in fs/locks.c in Linux kernel before 2.6.16.16 allows attackers to
+ cause a denial of service (fcntl_setlease lockup) via actions that cause
+ lease_init to free a lock that might not have been allocated on the stack.
+Notes:
+ jmm> The vulnerable NFS4 leases code was only introduced in 2.6.10
+Bugs:
+upstream: released (2.6.16.6)
+linux-2.6: released (2.6.16-8)
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2006-1860 (from rev 520, patch-tracking/CVE-2006-1860)
===================================================================
--- patch-tracking/CVE-2006-1860 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2006-1860 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,25 @@
+Candidate: CVE-2006-1860
+References:
+ http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.16
+ http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.16.y.git;a=commit;h=1f0e637c94a9b0418
+ http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.16.y.git;a=blobdiff;h=aa7f66091823dde953e15895dc427615701c39c7;hp=e75ac392a313f3fad823bf2e46a03f29701e3e34;hb=1f0e637c94a9b041833947c79110d6c02fff8618;f=fs/locks.c
+ http://www.securityfocus.com/bid/17943
+ http://www.frsirt.com/english/advisories/2006/1767
+ http://secunia.com/advisories/20083
+Description:
+ lease_init in fs/locks.c in Linux kernel before 2.6.16.16 allows attackers to
+ cause a denial of service (fcntl_setlease lockup) via actions that cause
+ lease_init to free a lock that might not have been allocated on the stack.
+Notes:
+ jmm> The vulnerable NFS4 leases code was only introduced in 2.6.10
+Bugs:
+upstream: released (2.6.16.6)
+linux-2.6: released (2.6.16-8)
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2006-1863 (from rev 520, patch-tracking/CVE-2006-1863)
===================================================================
--- patch-tracking/CVE-2006-1863 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2006-1863 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,17 @@
+Candidate: CVE-2006-1863
+References:
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=296034f7de8bdf111984ce1630ac598a9c94a253
+Description: cifs chroot escape
+Notes:
+ jmm> 2.4 doesn't have CIFS
+Bugs:
+upstream: released (2.6.16.11)
+linux-2.6: released (2.6.16-10)
+2.6.8-sarge-security: released (2.6.8-16sarge3)
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2006-1864 (from rev 520, patch-tracking/CVE-2006-1864)
===================================================================
--- patch-tracking/CVE-2006-1864 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2006-1864 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,21 @@
+Candidate: CVE-2006-1864
+References:
+ CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189435
+ URL:http://www.trustix.org/errata/2006/0026
+ URL:http://www.securityfocus.com/bid/17735
+Description:
+ Directory traversal vulnerability in smbfs in Linux 2.6.16 and earlier allows
+ local users to escape chroot restrictions for an SMB-mounted filesystem via
+ "..\\" sequences, a similar vulnerability to CVE-2006-1863.
+Notes:
+Bugs:
+upstream: pending (2.4.33-pre4), released (2.6.16.14)
+linux-2.6: released (2.6.16-10)
+2.6.8-sarge-security: released (2.6.8-16sarge3)
+2.4.27-sarge-security: released (2.4.27-10sarge3)
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Copied: patch-tracking/retired/CVE-2006-2271 (from rev 520, patch-tracking/CVE-2006-2271)
===================================================================
--- patch-tracking/CVE-2006-2271 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2006-2271 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,27 @@
+Candidate: CVE-2006-2271
+References:
+ FULLDISC:20060508 [MU-200605-01] Multiple vulnerabilities in Linux SCTP 2.6.16
+ URL:http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0227.html
+ MISC:http://labs.musecurity.com/advisories/MU-200605-01.txt
+ CONFIRM:http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=35d63edb1c807bc5317e49592260e84637bc432e
+ FRSIRT:ADV-2006-1734
+ URL:http://www.frsirt.com/english/advisories/2006/1734
+ SECUNIA:19990
+ URL:http://secunia.com/advisories/19990
+Description:
+ The ECNE chunk handling in Linux SCTP (lksctp) before 2.6.17 allows remote
+ attackers to cause a denial of service (kernel panic) via an unexpected chunk
+ when the session is in CLOSED state.
+Notes:
+ dannf> Forwarded to Marcelo for 2.4 inclusion
+Bugs:
+upstream: released (2.6.16.15)
+linux-2.6: released (2.6.16-13)
+2.6.8-sarge-security: released (2.6.8-16sarge3)
+2.4.27-sarge-security: released (2.4.27-10sarge3)
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2006-2272 (from rev 520, patch-tracking/CVE-2006-2272)
===================================================================
--- patch-tracking/CVE-2006-2272 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2006-2272 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,22 @@
+Candidate: CVE-2006-2272
+References:
+ CONFIRM:http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=62b08083ec3dbfd7e533c8d230dd1d8191a6e813
+ URL:http://www.securityfocus.com/bid/17910
+ URL:http://xforce.iss.net/xforce/xfdb/26431
+Description:
+ Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial
+ of service (kernel panic) via incoming IP fragmented (1) COOKIE_ECHO and (2)
+ HEARTBEAT SCTP control chunks.
+Notes:
+ dannf> Submitted to Marcelo for inclusion in 2.4
+Bugs:
+upstream: released (2.6.16.15)
+linux-2.6: released (2.6.16-13)
+2.6.8-sarge-security: released (2.6.8-16sarge3)
+2.4.27-sarge-security: released (2.4.27-10sarge3)
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2006-2274 (from rev 520, patch-tracking/CVE-2006-2274)
===================================================================
--- patch-tracking/CVE-2006-2274 2006-08-08 07:44:58 UTC (rev 520)
+++ patch-tracking/retired/CVE-2006-2274 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,25 @@
+Candidate: CVE-2006-2274
+References:
+ CONFIRM:http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=672e7cca17ed6036a1756ed34cf20dbd72d5e5f6
+ URL:http://www.securityfocus.com/bid/17955
+ URL:http://secunia.com/advisories/20237
+ URL:http://xforce.iss.net/xforce/xfdb/26432
+Description:
+ Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial
+ of service (infinite recursion and crash) via a packet that contains two or
+ more DATA fragments, which causes an skb pointer to refer back to itself when
+ the full message is reassembled, leading to infinite recursion in the
+ sctp_skb_pull function.
+Notes:
+ dannf> Submitted to Marcelo for 2.4
+Bugs:
+upstream: released (2.6.16.15)
+linux-2.6: released (2.6.16-13)
+2.6.8-sarge-security: released (2.6.8-16sarge3)
+2.4.27-sarge-security: released (2.4.27-10sarge3)
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Copied: patch-tracking/retired/CVE-2006-2451 (from rev 528, patch-tracking/CVE-2006-2451)
===================================================================
--- patch-tracking/CVE-2006-2451 2006-08-14 02:10:01 UTC (rev 528)
+++ patch-tracking/retired/CVE-2006-2451 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,15 @@
+Candidate: CVE-2006-2451
+References:
+Description:
+ The suid_dumpable support in Linux kernel 2.6.13 up to versions before
+ 2.6.17.4, and 2.6.16 before 2.6.16.24, allows a local user to cause a denial
+ of service (disk consumption) and possibly gain privileges via the
+ PR_SET_DUMPABLE argument of the prctl function and a program that causes a
+ core dump file to be created in a directory for which the user does not have
+ permissions.
+Notes:
+Bugs:
+upstream: released (2.6.16.14), released (2.6.17.4)
+linux-2.6: released (2.6.16-17)
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
Copied: patch-tracking/retired/CVE-2006-3626 (from rev 530, patch-tracking/CVE-2006-3626)
===================================================================
--- patch-tracking/CVE-2006-3626 2006-08-14 02:14:41 UTC (rev 530)
+++ patch-tracking/retired/CVE-2006-3626 2006-08-14 02:24:50 UTC (rev 532)
@@ -0,0 +1,14 @@
+Candidate: CVE-2006-3626
+References:
+ FULLDISC:20060714, http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047907.html
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=18b0bbd8ca6d3cb90425aa0d77b99a762c6d6de3
+Description: Linux kernel 0day - dynamite inside, don't burn your fingers
+ Race condition in Linux kernel 2.6.17.4 and earlier allows local users
+ to gain root privileges by using prctl with PR_SET_DUMPABLE in a way
+ that causes /proc/self/environ to become setuid root.
+Notes:
+Bugs:
+upstream: released (2.6.16.25, 2.6.17.5)
+linux-2.6: released (2.6.16-17, 2.6.17-4)
+2.6.8-sarge-security: released (2.6.8-16sarge4)
+2.4.27-sarge-security: N/A
More information about the kernel-sec-discuss
mailing list