[kernel-sec-discuss] r537 - patch-tracking

Dann Frazier dannf at costa.debian.org
Mon Aug 14 06:35:45 UTC 2006 

Author: dannf
Date: 2006-08-14 06:35:41 +0000 (Mon, 14 Aug 2006)
New Revision: 537

Modified:
   patch-tracking/CVE-2006-2071
   patch-tracking/CVE-2006-2444
   patch-tracking/CVE-2006-2445
   patch-tracking/CVE-2006-2448
Log:
version updates

Modified: patch-tracking/CVE-2006-2071
===================================================================
--- patch-tracking/CVE-2006-2071	2006-08-14 06:27:06 UTC (rev 536)
+++ patch-tracking/CVE-2006-2071	2006-08-14 06:35:41 UTC (rev 537)
@@ -4,14 +4,14 @@
  http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b78b6af66a5fbaf17d7e6bfc32384df5e34408c8 
  https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190073
 Description: 
- Linux kernel 2.4.x and 2.6.x up to 2.6.16 allows local users to bypass IPC permissions
- and modify a readonly attachment of shared memory by using mprotect to give write
- permission to the attachment. NOTE: some original raw sources combined this issue with
- CVE-2006-1524, but they are different bugs.
+ Linux kernel 2.4.x and 2.6.x up to 2.6.16 allows local users to bypass IPC
+ permissions and modify a readonly attachment of shared memory by using
+ mprotect to give write permission to the attachment. NOTE: some original raw
+ sources combined this issue with CVE-2006-1524, but they are different bugs.
 Notes: 
 Bugs: 
 upstream: released (2.6.16.6)
-linux-2.6.16: 
+linux-2.6.16: released (2.6.16-8)
 linux-2.6: released (2.6.16-8)
 2.6.8-sarge-security: needed
 2.4.27-sarge-security: needed

Modified: patch-tracking/CVE-2006-2444
===================================================================
--- patch-tracking/CVE-2006-2444	2006-08-14 06:27:06 UTC (rev 536)
+++ patch-tracking/CVE-2006-2444	2006-08-14 06:35:41 UTC (rev 537)
@@ -3,15 +3,16 @@
  http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.18
  http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.16.y.git;a=commit;h=1db6b5a66e93ff125ab871d6b3f7363412cc87e8
 Description:
- The snmp_trap_decode function in the SNMP NAT helper for Linux kernel before 2.6.16.18 allows
- remote attackers to cause a denial of service (crash) via unspecified remote attack vectors 
- that cause failures in snmp_trap_decode that trigger (1) frees of random memory or (2) frees of
- previously-freed memory (double-free) by snmp_trap_decode as well as its calling function, as
+ The snmp_trap_decode function in the SNMP NAT helper for Linux kernel before
+ 2.6.16.18 allows remote attackers to cause a denial of service (crash) via
+ unspecified remote attack vectors that cause failures in snmp_trap_decode
+ that trigger (1) frees of random memory or (2) frees of previously-freed
+ memory (double-free) by snmp_trap_decode as well as its calling function, as
  demonstrated via certain test cases of the PROTOS SNMP test suite.
 Notes: 
 Bugs: 
 upstream: released (2.6.16.18)
-linux-2.6.16: 
+linux-2.6.16: released (2.6.16-15)
 linux-2.6: released (2.6.16-15)
 2.6.8-sarge-security: needed
 2.4.27-sarge-security: needed

Modified: patch-tracking/CVE-2006-2445
===================================================================
--- patch-tracking/CVE-2006-2445	2006-08-14 06:27:06 UTC (rev 536)
+++ patch-tracking/CVE-2006-2445	2006-08-14 06:35:41 UTC (rev 537)
@@ -1,16 +1,19 @@
-Candidate: 
+Candidate: CVE-2006-2445
 References: 
  http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8f17fc20bfb75bcec4cfeda789738979c8338fdc
  http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=30f1e3dd8c72abda343bcf415f7d8894a02b4290
  http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f53ae1dc3429529a58aa538e0a860d713c7079c3
 Description: 
+ Race condition in run_posix_cpu_timers in Linux kernel before 2.6.16.21
+ allows local users to cause a denial of service (BUG_ON crash) by causing one
+ CPU to attach a timer to a process that is exiting.
 Notes: 
  jmm> Only exploitable on SMP systems
  jmm> 2.6.8 most probably not affected, but there was a reproducer posted to vendor-sec, should be double-checked
  jmm> Vulnerable code not present in 2.4
 Bugs: 
-upstream: 
-linux-2.6.16: 
+upstream: released (2.6.16.21)
+linux-2.6.16: released (2.6.16-15)
 linux-2.6: released (2.6.16-15)
 2.6.8-sarge-security: 
 2.4.27-sarge-security: N/A

Modified: patch-tracking/CVE-2006-2448
===================================================================
--- patch-tracking/CVE-2006-2448	2006-08-14 06:27:06 UTC (rev 536)
+++ patch-tracking/CVE-2006-2448	2006-08-14 06:35:41 UTC (rev 537)
@@ -1,11 +1,16 @@
-Candidate: 
+Candidate: CVE-2006-2448
 References: 
  http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=7c85d1f9d358b24c5b05c3a2783a78423775a080
 Description: 
+ Linux kernel before 2.6.16.21 and 2.6.17, when running on PowerPC, does not
+ perform certain required access_ok checks, which allows local users to read
+ arbitrary kernel memory on 64-bit systems (signal_64.c) and cause a denial of
+ service (crash) and possibly read kernel memory on 32-bit systems
+ (signal_32.c).
 Notes: 
 Bugs: 
 upstream: released (2.6.16.21)
-linux-2.6.16: 
+linux-2.6.16: released (2.6.16-15)
 linux-2.6: released (2.6.16-15)
 2.6.8-sarge-security: 
 2.4.27-sarge-security:

More information about the kernel-sec-discuss mailing list