[kernel-sec-discuss] r536 - patch-tracking
Dann Frazier
dannf at costa.debian.org
Mon Aug 14 06:27:08 UTC 2006
Author: dannf
Date: 2006-08-14 06:27:06 +0000 (Mon, 14 Aug 2006)
New Revision: 536
Modified:
patch-tracking/CVE-2002-0704
patch-tracking/CVE-2004-0813
patch-tracking/CVE-2004-1190
patch-tracking/CVE-2004-2135
patch-tracking/CVE-2004-2136
patch-tracking/CVE-2004-2660
patch-tracking/CVE-2005-0109
patch-tracking/CVE-2005-0124
patch-tracking/CVE-2005-0179
patch-tracking/CVE-2005-0977
patch-tracking/CVE-2005-1264
patch-tracking/CVE-2005-1265
patch-tracking/CVE-2005-1763
patch-tracking/CVE-2005-2873
patch-tracking/CVE-2005-3044
patch-tracking/CVE-2005-3105
patch-tracking/CVE-2005-3527
patch-tracking/CVE-2005-3660
patch-tracking/CVE-2005-4440
patch-tracking/CVE-2005-4441
patch-tracking/CVE-2005-4798
patch-tracking/CVE-2006-0454
patch-tracking/CVE-2006-0558
patch-tracking/CVE-2006-0744
patch-tracking/CVE-2006-1052
patch-tracking/CVE-2006-1343
patch-tracking/CVE-2006-1528
patch-tracking/CVE-2006-1855
patch-tracking/CVE-2006-2275
patch-tracking/CVE-2006-2448
patch-tracking/CVE-2006-2629
patch-tracking/CVE-2006-2934
patch-tracking/CVE-2006-2935
patch-tracking/CVE-2006-2936
patch-tracking/CVE-2006-3085
patch-tracking/block-all-signals-race
Log:
* remove empty and N/A woody entries since we've dropped woody security support
* assorted other updates
Modified: patch-tracking/CVE-2002-0704
===================================================================
--- patch-tracking/CVE-2002-0704 2006-08-14 05:21:40 UTC (rev 535)
+++ patch-tracking/CVE-2002-0704 2006-08-14 06:27:06 UTC (rev 536)
@@ -45,9 +45,3 @@
linux-2.6: N/A
2.6.8-sarge-security: ignored (2.6.8-16sarge4)
2.4.27-sarge-security: ignored (2.4.27-10sarge4)
-2.4.19-woody-security: ignored (2.4.19-4.woody3)
-2.4.18-woody-security: ignored (2.4.18-14.4)
-2.4.17-woody-security: ignored (2.4.17-1woody4)
-2.4.16-woody-security: ignored (2.4.16-1woody3)
-2.4.17-woody-security-hppa: ignored (2.4.17-hppa_32.5)
-2.4.17-woody-security-ia64: ignored (2.4.17-ia64_011226.18)
Modified: patch-tracking/CVE-2004-0813
===================================================================
--- patch-tracking/CVE-2004-0813 2006-08-14 05:21:40 UTC (rev 535)
+++ patch-tracking/CVE-2004-0813 2006-08-14 06:27:06 UTC (rev 536)
@@ -25,10 +25,3 @@
linux-2.6: N/A
2.6.8-sarge-security: released (2.6.8-14)
2.4.27-sarge-security: ignored (2.4.27-10sarge3)
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Modified: patch-tracking/CVE-2004-1190
===================================================================
--- patch-tracking/CVE-2004-1190 2006-08-14 05:21:40 UTC (rev 535)
+++ patch-tracking/CVE-2004-1190 2006-08-14 06:27:06 UTC (rev 536)
@@ -16,9 +16,3 @@
linux-2.6: N/A
2.6.8-sarge-security: released (2.6.8-14) [scsi-ioctl-cmd-warned.dpatch, scsi-ioctl-remove-dup.dpatch, scsi-ioctl-permit.dpatch, SG_IO-cap.dpatch, SG_IO-safe-commands-2.dpatch, SG_IO-safe-commands-3.dpatch, SG_IO-safe-commands-5.dpatch]
2.4.27-sarge-security: ignored (2.4.27-10sarge3)
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
Modified: patch-tracking/CVE-2004-2135
===================================================================
--- patch-tracking/CVE-2004-2135 2006-08-14 05:21:40 UTC (rev 535)
+++ patch-tracking/CVE-2004-2135 2006-08-14 06:27:06 UTC (rev 536)
@@ -21,9 +21,3 @@
linux-2.6:
2.6.8-sarge-security: ignored (2.6.8-16sarge4)
2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Modified: patch-tracking/CVE-2004-2136
===================================================================
--- patch-tracking/CVE-2004-2136 2006-08-14 05:21:40 UTC (rev 535)
+++ patch-tracking/CVE-2004-2136 2006-08-14 06:27:06 UTC (rev 536)
@@ -17,9 +17,3 @@
linux-2.6:
2.6.8-sarge-security: ignored (2.6.8-16sarge4)
2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Modified: patch-tracking/CVE-2004-2660
===================================================================
--- patch-tracking/CVE-2004-2660 2006-08-14 05:21:40 UTC (rev 535)
+++ patch-tracking/CVE-2004-2660 2006-08-14 06:27:06 UTC (rev 536)
@@ -9,9 +9,3 @@
linux-2.6: N/A
2.6.8-sarge-security: needed
2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Modified: patch-tracking/CVE-2005-0109
===================================================================
--- patch-tracking/CVE-2005-0109 2006-08-14 05:21:40 UTC (rev 535)
+++ patch-tracking/CVE-2005-0109 2006-08-14 06:27:06 UTC (rev 536)
@@ -48,9 +48,3 @@
linux-2.6:
2.6.8-sarge-security: ignored (2.6.8-16sarge4)
2.4.27-sarge-security: ignored (2.4.27-10sarge4)
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
Modified: patch-tracking/CVE-2005-0124
===================================================================
--- patch-tracking/CVE-2005-0124 2006-08-14 05:21:40 UTC (rev 535)
+++ patch-tracking/CVE-2005-0124 2006-08-14 06:27:06 UTC (rev 536)
@@ -21,10 +21,3 @@
linux-2.6:
2.6.8-sarge-security: released (2.6.8-16sarge2) [fs_coda_coverty.dpatch]
2.4.27-sarge-security: released (2.4.27-8)
-2.4.19-woody-security: released (2.4.19-4.woody3)
-2.4.18-woody-security: released (2.4.18-14.4)
-2.4.17-woody-security: released (2.4.17-1woody4)
-2.4.16-woody-security: released (2.4.16-1woody3)
-2.4.17-woody-security-hppa: released (32.5)
-2.4.17-woody-security-ia64: released (011226.18)
-2.4.18-woody-security-hppa: released (62.4)
Modified: patch-tracking/CVE-2005-0179
===================================================================
--- patch-tracking/CVE-2005-0179 2006-08-14 05:21:40 UTC (rev 535)
+++ patch-tracking/CVE-2005-0179 2006-08-14 06:27:06 UTC (rev 536)
@@ -15,10 +15,3 @@
linux-2.6:
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
-2.4.18-woody-security-hppa: N/A
Modified: patch-tracking/CVE-2005-0977
===================================================================
--- patch-tracking/CVE-2005-0977 2006-08-14 05:21:40 UTC (rev 535)
+++ patch-tracking/CVE-2005-0977 2006-08-14 06:27:06 UTC (rev 536)
@@ -18,9 +18,3 @@
linux-2.6: N/A
2.6.8-sarge-security: released (2.6.8-16) [mm-shmem-truncate.dpatch]
2.4.27-sarge-security: ignored (2.4.27-10sarge3)
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
Modified: patch-tracking/CVE-2005-1264
===================================================================
--- patch-tracking/CVE-2005-1264 2006-08-14 05:21:40 UTC (rev 535)
+++ patch-tracking/CVE-2005-1264 2006-08-14 06:27:06 UTC (rev 536)
@@ -22,10 +22,3 @@
linux-2.6: N/A
2.6.8-sarge-security: released (2.6.8-16) [drivers-block-raw-ioctl.dpatch]
2.4.27-sarge-security: ignored (2.4.27-10sarge3)
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Modified: patch-tracking/CVE-2005-1265
===================================================================
--- patch-tracking/CVE-2005-1265 2006-08-14 05:21:40 UTC (rev 535)
+++ patch-tracking/CVE-2005-1265 2006-08-14 06:27:06 UTC (rev 536)
@@ -13,10 +13,3 @@
linux-2.6:
2.6.8-sarge-security: released (2.6.8-16sarge1) [mm-mmap-range-test.dpatch]
2.4.27-sarge-security: ignored (2.4.27-10sarge3)
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Modified: patch-tracking/CVE-2005-1763
===================================================================
--- patch-tracking/CVE-2005-1763 2006-08-14 05:21:40 UTC (rev 535)
+++ patch-tracking/CVE-2005-1763 2006-08-14 06:27:06 UTC (rev 536)
@@ -13,10 +13,3 @@
linux-2.6: N/A
2.6.8-sarge-security: released (2.6.8-16sarge1) [arch-x86_64-kernel-ptrace-boundary-check.dpatch]
2.4.27-sarge-security: ignored (2.4.27-10sarge4)
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Modified: patch-tracking/CVE-2005-2873
===================================================================
--- patch-tracking/CVE-2005-2873 2006-08-14 05:21:40 UTC (rev 535)
+++ patch-tracking/CVE-2005-2873 2006-08-14 06:27:06 UTC (rev 536)
@@ -24,10 +24,3 @@
2.6.8-sarge-security: ignored (2.6.8-16sarge4)
2.4.27-sid/sarge: needed
2.4.27-sarge-security: ignored (2.4.27-10sarge4)
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Modified: patch-tracking/CVE-2005-3044
===================================================================
--- patch-tracking/CVE-2005-3044 2006-08-14 05:21:40 UTC (rev 535)
+++ patch-tracking/CVE-2005-3044 2006-08-14 06:27:06 UTC (rev 536)
@@ -28,10 +28,3 @@
2.6.8-sarge-security: released (2.6.8-16sarge2) [lost-fput-in-32bit-ioctl-on-x86-64.dpatch, lost-sockfd_put-in-32bit-compat-routing_ioctl.patch]
2.4.27-sid/sarge: needed
2.4.27-sarge-security: ignored (2.4.27-10sarge4)
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Modified: patch-tracking/CVE-2005-3105
===================================================================
--- patch-tracking/CVE-2005-3105 2006-08-14 05:21:40 UTC (rev 535)
+++ patch-tracking/CVE-2005-3105 2006-08-14 06:27:06 UTC (rev 536)
@@ -31,10 +31,3 @@
2.4.27-sarge-security: ignored (2.4.27-10sarge3)
linux-2.6.16:
linux-2.6: N/A
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Modified: patch-tracking/CVE-2005-3527
===================================================================
--- patch-tracking/CVE-2005-3527 2006-08-14 05:21:40 UTC (rev 535)
+++ patch-tracking/CVE-2005-3527 2006-08-14 06:27:06 UTC (rev 536)
@@ -31,10 +31,3 @@
linux-2.6: N/A
2.6.8-sarge-security: ignored (2.6.8-16sarge4)
2.4.27-sarge-security: ignored (2.4.27-10sarge4)
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
Modified: patch-tracking/CVE-2005-3660
===================================================================
--- patch-tracking/CVE-2005-3660 2006-08-14 05:21:40 UTC (rev 535)
+++ patch-tracking/CVE-2005-3660 2006-08-14 06:27:06 UTC (rev 536)
@@ -18,9 +18,3 @@
linux-2.6:
2.6.8-sarge-security: ignored (2.6.8-16sarge4)
2.4.27-sarge-security: ignored (2.4.27-10sarge4)
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
Modified: patch-tracking/CVE-2005-4440
===================================================================
--- patch-tracking/CVE-2005-4440 2006-08-14 05:21:40 UTC (rev 535)
+++ patch-tracking/CVE-2005-4440 2006-08-14 06:27:06 UTC (rev 536)
@@ -38,9 +38,3 @@
linux-2.6:
2.6.8-sarge-security: ignored (2.6.8-16sarge4)
2.4.27-sarge-security: ignored (2.4.27-10sarge4)
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
Modified: patch-tracking/CVE-2005-4441
===================================================================
--- patch-tracking/CVE-2005-4441 2006-08-14 05:21:40 UTC (rev 535)
+++ patch-tracking/CVE-2005-4441 2006-08-14 06:27:06 UTC (rev 536)
@@ -42,9 +42,3 @@
linux-2.6:
2.6.8-sarge-security: ignored (2.6.8-16sarge4)
2.4.27-sarge-security: ignored (2.4.27-10sarge4)
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
Modified: patch-tracking/CVE-2005-4798
===================================================================
--- patch-tracking/CVE-2005-4798 2006-08-14 05:21:40 UTC (rev 535)
+++ patch-tracking/CVE-2005-4798 2006-08-14 06:27:06 UTC (rev 536)
@@ -13,9 +13,3 @@
linux-2.6:
2.6.8-sarge-security:
2.4.27-sarge-security:
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
Modified: patch-tracking/CVE-2006-0454
===================================================================
--- patch-tracking/CVE-2006-0454 2006-08-14 05:21:40 UTC (rev 535)
+++ patch-tracking/CVE-2006-0454 2006-08-14 06:27:06 UTC (rev 536)
@@ -15,9 +15,3 @@
linux-2.6: pending (2.6.16-5) [2.6.15.3.patch]
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Modified: patch-tracking/CVE-2006-0558
===================================================================
--- patch-tracking/CVE-2006-0558 2006-08-14 05:21:40 UTC (rev 535)
+++ patch-tracking/CVE-2006-0558 2006-08-14 06:27:06 UTC (rev 536)
@@ -22,9 +22,3 @@
linux-2.6: released (2.6.16-1)
2.6.8-sarge-security: released (2.6.8-16sarge3)
2.4.27-sarge-security:
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
Modified: patch-tracking/CVE-2006-0744
===================================================================
--- patch-tracking/CVE-2006-0744 2006-08-14 05:21:40 UTC (rev 535)
+++ patch-tracking/CVE-2006-0744 2006-08-14 06:27:06 UTC (rev 536)
@@ -12,9 +12,3 @@
linux-2.6: released (2.6.16-7)
2.6.8-sarge-security: released (2.6.8-16sarge3) [em64t-uncanonical-return-addr.dpatch]
2.4.27-sarge-security: ignored (2.4.27-10sarge3)
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
Modified: patch-tracking/CVE-2006-1052
===================================================================
--- patch-tracking/CVE-2006-1052 2006-08-14 05:21:40 UTC (rev 535)
+++ patch-tracking/CVE-2006-1052 2006-08-14 06:27:06 UTC (rev 536)
@@ -14,9 +14,3 @@
linux-2.6: released (2.6.16-1)
2.6.8-sarge-security: needed
2.4.27-sarge-security: N/A
-2.4.19-woody-security: N/A
-2.4.18-woody-security: N/A
-2.4.17-woody-security: N/A
-2.4.16-woody-security: N/A
-2.4.17-woody-security-hppa: N/A
-2.4.17-woody-security-ia64: N/A
Modified: patch-tracking/CVE-2006-1343
===================================================================
--- patch-tracking/CVE-2006-1343 2006-08-14 05:21:40 UTC (rev 535)
+++ patch-tracking/CVE-2006-1343 2006-08-14 06:27:06 UTC (rev 536)
@@ -17,9 +17,3 @@
linux-2.6: released (2.6.16-15)
2.6.8-sarge-security: ignored (2.6.8-16sarge3)
2.4.27-sarge-security: released (2.4.27-10sarge3)
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
Modified: patch-tracking/CVE-2006-1528
===================================================================
--- patch-tracking/CVE-2006-1528 2006-08-14 05:21:40 UTC (rev 535)
+++ patch-tracking/CVE-2006-1528 2006-08-14 06:27:06 UTC (rev 536)
@@ -13,9 +13,3 @@
linux-2.6: released (2.6.13-1)
2.6.8-sarge-security:
2.4.27-sarge-security:
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
Modified: patch-tracking/CVE-2006-1855
===================================================================
--- patch-tracking/CVE-2006-1855 2006-08-14 05:21:40 UTC (rev 535)
+++ patch-tracking/CVE-2006-1855 2006-08-14 06:27:06 UTC (rev 536)
@@ -15,9 +15,3 @@
linux-2.6: N/A
2.6.8-sarge-security: needed
2.4.27-sarge-security: N/A
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
Modified: patch-tracking/CVE-2006-2275
===================================================================
--- patch-tracking/CVE-2006-2275 2006-08-14 05:21:40 UTC (rev 535)
+++ patch-tracking/CVE-2006-2275 2006-08-14 06:27:06 UTC (rev 536)
@@ -16,9 +16,3 @@
linux-2.6: released (2.6.16-13)
2.6.8-sarge-security: ignored (2.6.8-16sarge4)
2.4.27-sarge-security: ignored (2.4.27-10sarge4)
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
Modified: patch-tracking/CVE-2006-2448
===================================================================
--- patch-tracking/CVE-2006-2448 2006-08-14 05:21:40 UTC (rev 535)
+++ patch-tracking/CVE-2006-2448 2006-08-14 06:27:06 UTC (rev 536)
@@ -9,9 +9,3 @@
linux-2.6: released (2.6.16-15)
2.6.8-sarge-security:
2.4.27-sarge-security:
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
Modified: patch-tracking/CVE-2006-2629
===================================================================
--- patch-tracking/CVE-2006-2629 2006-08-14 05:21:40 UTC (rev 535)
+++ patch-tracking/CVE-2006-2629 2006-08-14 06:27:06 UTC (rev 536)
@@ -15,9 +15,3 @@
linux-2.6:
2.6.8-sarge-security:
2.4.27-sarge-security:
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
Modified: patch-tracking/CVE-2006-2934
===================================================================
--- patch-tracking/CVE-2006-2934 2006-08-14 05:21:40 UTC (rev 535)
+++ patch-tracking/CVE-2006-2934 2006-08-14 06:27:06 UTC (rev 536)
@@ -1,16 +1,21 @@
Candidate: CVE-2006-2934
References:
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=dd7271feba61d5dc0fab1cb5365db9926d35ea3a
-Description: SCTP conntrack: fix crash triggered by packet without chunks
+Description:
+ SCTP conntrack (ip_conntrack_proto_sctp.c) in netfilter for Linux kernel
+ 2.6.17 before 2.6.17.3 and 2.6.16 before 2.6.16.23 allows remote attackers to
+ cause a denial of service (crash) via a packet without any chunks, which
+ causes a variable to contain an invalid value that is later used to
+ dereference a pointer.
Ubuntu-Description:
A Denial of service vulnerability was reported in iptables' SCTP
conntrack module. On computers which use this iptables module, a
remote attacker could expoit this to trigger a kernel crash.
Notes:
Bugs:
-upstream:
-linux-2.6.16:
-linux-2.6:
+upstream: released (2.6.16.23, 2.6.17.3)
+linux-2.6.16: released (2.6.16-17)
+linux-2.6: released (2.6.17-3)
2.6.8-sarge-security:
2.4.27-sarge-security:
2.6.10-hoary-security: needed
Modified: patch-tracking/CVE-2006-2935
===================================================================
--- patch-tracking/CVE-2006-2935 2006-08-14 05:21:40 UTC (rev 535)
+++ patch-tracking/CVE-2006-2935 2006-08-14 06:27:06 UTC (rev 536)
@@ -1,7 +1,11 @@
Candidate: CVE-2006-2935
References:
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=454d6fbc48374be8f53b9bafaa86530cf8eb3bc1
-Description: cdrom: fix bad cgc.buflen assignment
+Description:
+ The dvd_read_bca function in the DVD handling code in drivers/cdrom/cdrom.c
+ in Linux kernel 2.2.16, and later versions, assigns the wrong value to a
+ length variable, which allows local users to execute arbitrary code via a
+ crafted USB Storage device that triggers a buffer overflow.
Ubuntu-Description:
A buffer overflow has been discovered in the dvd_read_bca() function.
By inserting a specially crafted DVD, USB stick, or similar
Modified: patch-tracking/CVE-2006-2936
===================================================================
--- patch-tracking/CVE-2006-2936 2006-08-14 05:21:40 UTC (rev 535)
+++ patch-tracking/CVE-2006-2936 2006-08-14 06:27:06 UTC (rev 536)
@@ -2,7 +2,11 @@
References:
http://www.kernel.org/git/?p=linux/kernel/git/gregkh/patches.git;a=blob;h=4b4d9cfea17618b80d3ac785b701faeaf60141f1;hb=396eb2aac5+50ec55856c6843ef9017e800c3d656;f=usb/usb-serial-ftdi_sio-prevent-userspace-dos.patch
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=224654004ca688af67cec44d9300e8c3f647577c
-Description: USB serial ftdi_sio: Prevent userspace DoS
+Description:
+ The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up to
+ 2.6.17, and possibly later versions, allows local users to cause a denial of
+ service (memory consumption) by writing more data to the serial port than the
+ hardware can handle, which causes the data to be queued.
Ubuntu-Description:
The ftdi_sio driver for serial USB ports did not limit the amount of
pending data to be written. A local user could exploit this to drain
@@ -12,7 +16,7 @@
Bugs:
upstream: released (2.6.16.26)
linux-2.6.16:
-linux-2.6:
+linux-2.6: released (2.6.17-5)
2.6.8-sarge-security:
2.4.27-sarge-security: N/A
2.6.10-hoary-security: needed
Modified: patch-tracking/CVE-2006-3085
===================================================================
--- patch-tracking/CVE-2006-3085 2006-08-14 05:21:40 UTC (rev 535)
+++ patch-tracking/CVE-2006-3085 2006-08-14 06:27:06 UTC (rev 536)
@@ -1,9 +1,11 @@
Candidate: CVE-2006-3085
References:
Description:
+ xt_sctp in netfilter for Linux kernel before 2.6.17.1 allows attackers to
+ cause a denial of service (infinite loop) via an SCTP chunk with a 0 length.
Notes:
Bugs:
-upstream: released (2.6.16.21)
+upstream: released (2.6.16.21, 2.6.17.1)
linux-2.6.16:
linux-2.6: released (2.6.16-15)
2.6.8-sarge-security:
Modified: patch-tracking/block-all-signals-race
===================================================================
--- patch-tracking/block-all-signals-race 2006-08-14 05:21:40 UTC (rev 535)
+++ patch-tracking/block-all-signals-race 2006-08-14 06:27:06 UTC (rev 536)
@@ -14,9 +14,3 @@
2.6.8-sarge-security:
2.4.27-sarge-security:
2.4.27:
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
More information about the kernel-sec-discuss
mailing list