[kernel-sec-discuss] r553 - active
Dann Frazier
dannf at costa.debian.org
Thu Aug 17 03:54:35 UTC 2006
Author: dannf
Date: 2006-08-17 03:54:32 +0000 (Thu, 17 Aug 2006)
New Revision: 553
Modified:
active/CVE-2004-2135
active/CVE-2004-2136
active/CVE-2005-0109
active/CVE-2005-0977
active/CVE-2005-1265
active/CVE-2005-2873
active/CVE-2005-3044
active/CVE-2005-3105
active/CVE-2005-3527
active/CVE-2005-3660
active/CVE-2005-4440
active/CVE-2005-4441
active/CVE-2005-4798
active/CVE-2006-0454
active/CVE-2006-1052
active/CVE-2006-1343
active/CVE-2006-1528
active/CVE-2006-1855
active/CVE-2006-1862
active/CVE-2006-2275
active/CVE-2006-2445
active/CVE-2006-2629
active/CVE-2006-2935
active/CVE-2006-2936
active/CVE-2006-3085
Log:
a bunch of debian updates
Modified: active/CVE-2004-2135
===================================================================
--- active/CVE-2004-2135 2006-08-17 00:43:17 UTC (rev 552)
+++ active/CVE-2004-2135 2006-08-17 03:54:32 UTC (rev 553)
@@ -17,7 +17,7 @@
jmm> I'm marking all these N/A
Bugs:
upstream:
-linux-2.6.16:
+linux-2.6.16: ignored (2.6.16-18)
linux-2.6:
2.6.8-sarge-security: ignored (2.6.8-16sarge4)
2.4.27-sarge-security: N/A
Modified: active/CVE-2004-2136
===================================================================
--- active/CVE-2004-2136 2006-08-17 00:43:17 UTC (rev 552)
+++ active/CVE-2004-2136 2006-08-17 03:54:32 UTC (rev 553)
@@ -13,7 +13,7 @@
jmm> 2.4 doesn't have dm-crypt, though
Bugs:
upstream:
-linux-2.6.16:
+linux-2.6.16: ignored (2.6.16-18)
linux-2.6:
2.6.8-sarge-security: ignored (2.6.8-16sarge4)
2.4.27-sarge-security: N/A
Modified: active/CVE-2005-0109
===================================================================
--- active/CVE-2005-0109 2006-08-17 00:43:17 UTC (rev 552)
+++ active/CVE-2005-0109 2006-08-17 03:54:32 UTC (rev 553)
@@ -44,7 +44,7 @@
jmm> What did other distributions like Red Hat, SuSE or OWL do?
Bugs:
upstream:
-linux-2.6.16:
+linux-2.6.16: ignored (2.6.16-18)
linux-2.6:
2.6.8-sarge-security: ignored (2.6.8-16sarge4)
2.4.27-sarge-security: ignored (2.4.27-10sarge4)
Modified: active/CVE-2005-0977
===================================================================
--- active/CVE-2005-0977 2006-08-17 00:43:17 UTC (rev 552)
+++ active/CVE-2005-0977 2006-08-17 03:54:32 UTC (rev 553)
@@ -14,7 +14,7 @@
aren't in 2.4, so the port isn't trivial for me.
Bugs: 303177
upstream: released (2.6.11)
-linux-2.6.16:
+linux-2.6.16: N/A
linux-2.6: N/A
2.6.8-sarge-security: released (2.6.8-16) [mm-shmem-truncate.dpatch]
2.4.27-sarge-security: ignored (2.4.27-10sarge3)
Modified: active/CVE-2005-1265
===================================================================
--- active/CVE-2005-1265 2006-08-17 00:43:17 UTC (rev 552)
+++ active/CVE-2005-1265 2006-08-17 03:54:32 UTC (rev 553)
@@ -8,8 +8,8 @@
jmm> I've pulled the patch by Linus from the above-mentioned Ubuntu advisory
dannf> Code is very different in 2.4; dunno if its vulnerable
Bugs:
-upstream:
-linux-2.6.16:
-linux-2.6:
+upstream: released (2.6.12)
+linux-2.6.16: N/A
+linux-2.6: N/A
2.6.8-sarge-security: released (2.6.8-16sarge1) [mm-mmap-range-test.dpatch]
-2.4.27-sarge-security: ignored (2.4.27-10sarge3)
+2.4.27-sarge-security: ignored (2.4.27-10sarge4)
Modified: active/CVE-2005-2873
===================================================================
--- active/CVE-2005-2873 2006-08-17 00:43:17 UTC (rev 552)
+++ active/CVE-2005-2873 2006-08-17 03:54:32 UTC (rev 553)
@@ -20,7 +20,7 @@
jmm> There's now a complete rewrite by Patrick McHardy in 2.6.18
upstream: released (2.6.18)
Bugs: 332381, 332231, 332228
-linux-2.6.16:
+linux-2.6.16: ignored (2.6.16-18)
linux-2.6: needed
-2.6.8-sarge-security: ignored (2.6.8-16sarge4)
+2.6.8-sarge-security: ignored (2.6.8-16sarge5)
2.4.27-sarge-security: ignored (2.4.27-10sarge4)
Modified: active/CVE-2005-3044
===================================================================
--- active/CVE-2005-3044 2006-08-17 00:43:17 UTC (rev 552)
+++ active/CVE-2005-3044 2006-08-17 03:54:32 UTC (rev 553)
@@ -23,8 +23,7 @@
micah> have two patches... if you look at them they look REALLY similar, but they aren't
micah> dont be fooled
upstream: released (2.6.13.2)
-linux-2.6.16:
+linux-2.6.16: N/A
linux-2.6: released (2.6.12-7, 2.6.13-1) [lost-fput-in-32bit-ioctl-on-x86-64.patch, linux-2.6.13.2.patch]
2.6.8-sarge-security: released (2.6.8-16sarge2) [lost-fput-in-32bit-ioctl-on-x86-64.dpatch, lost-sockfd_put-in-32bit-compat-routing_ioctl.patch]
-2.4.27-sid/sarge: needed
2.4.27-sarge-security: ignored (2.4.27-10sarge4)
Modified: active/CVE-2005-3105
===================================================================
--- active/CVE-2005-3105 2006-08-17 00:43:17 UTC (rev 552)
+++ active/CVE-2005-3105 2006-08-17 03:54:32 UTC (rev 553)
@@ -27,7 +27,6 @@
Bugs: 332569
upstream: 2.6.12
2.6.8-sarge-security: released (2.6.8-16sarge1) [mckinley_icache.dpatch]
-2.4.27-sid/sarge: needed
2.4.27-sarge-security: ignored (2.4.27-10sarge3)
-linux-2.6.16:
+linux-2.6.16: N/A
linux-2.6: N/A
Modified: active/CVE-2005-3527
===================================================================
--- active/CVE-2005-3527 2006-08-17 00:43:17 UTC (rev 552)
+++ active/CVE-2005-3527 2006-08-17 03:54:32 UTC (rev 553)
@@ -27,7 +27,7 @@
backporting is too hard for the same reasons as 2.6.8.
Bugs:
upstream: released (2.6.14)
-linux-2.6.16:
+linux-2.6.16: N/A
linux-2.6: N/A
2.6.8-sarge-security: ignored (2.6.8-16sarge4)
2.4.27-sarge-security: ignored (2.4.27-10sarge4)
Modified: active/CVE-2005-3660
===================================================================
--- active/CVE-2005-3660 2006-08-17 00:43:17 UTC (rev 552)
+++ active/CVE-2005-3660 2006-08-17 03:54:32 UTC (rev 553)
@@ -10,11 +10,11 @@
by causing the process to become a zombie, or closing the file
descriptor without closing an associated reference.
Notes:
- dannf> The fix suggested by idefense includes adding a struct user reference
+5~ dannf> The fix suggested by idefense includes adding a struct user reference
dannf> to struct file. No such thing has gone upstream yet, however.
Bugs:
upstream:
-linux-2.6.16:
+linux-2.6.16: ignored (2.6.16-18)
linux-2.6:
-2.6.8-sarge-security: ignored (2.6.8-16sarge4)
+2.6.8-sarge-security: ignored (2.6.8-16sarge5)
2.4.27-sarge-security: ignored (2.4.27-10sarge4)
Modified: active/CVE-2005-4440
===================================================================
--- active/CVE-2005-4440 2006-08-17 00:43:17 UTC (rev 552)
+++ active/CVE-2005-4440 2006-08-17 03:54:32 UTC (rev 553)
@@ -34,7 +34,7 @@
dannf> series of kernels & follow what upstream does.
Bugs:
upstream:
-linux-2.6.16:
+linux-2.6.16: ignored (2.6.16-18)
linux-2.6:
-2.6.8-sarge-security: ignored (2.6.8-16sarge4)
+2.6.8-sarge-security: ignored (2.6.8-16sarge5)
2.4.27-sarge-security: ignored (2.4.27-10sarge4)
Modified: active/CVE-2005-4441
===================================================================
--- active/CVE-2005-4441 2006-08-17 00:43:17 UTC (rev 552)
+++ active/CVE-2005-4441 2006-08-17 03:54:32 UTC (rev 553)
@@ -38,7 +38,7 @@
dannf> series of kernels & follow what upstream does.
Bugs:
upstream:
-linux-2.6.16:
+linux-2.6.16: ignored (2.6.16-18)
linux-2.6:
-2.6.8-sarge-security: ignored (2.6.8-16sarge4)
+2.6.8-sarge-security: ignored (2.6.8-16sarge5)
2.4.27-sarge-security: ignored (2.4.27-10sarge4)
Modified: active/CVE-2005-4798
===================================================================
--- active/CVE-2005-4798 2006-08-17 00:43:17 UTC (rev 552)
+++ active/CVE-2005-4798 2006-08-17 03:54:32 UTC (rev 553)
@@ -4,12 +4,17 @@
http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=87e03738fc15dc3ea4acde3a5dcb5f84b6b6152b
http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commitdiff;h=87e03738fc15dc3ea4acde3a5dcb5f84b6b6152b
Description:
+ Buffer overflow in NFS readlink handling in the Linux Kernel 2.4 up to 2.4.31
+ allows remote NFS servers to cause a denial of service (crash) via a long
+ symlink, which is not properly handled in (1) nfs2xdr.c or (2) nfs3xdr.c and
+ causes a crash in the NFS client.
Notes:
- jmm> Current 2.6 not affected per Ingo Molnar
- jmm> http://www.ussg.iu.edu/hypermail/linux/kernel/0509.1/1333.html
+ dannf> >= 2.6.13 not affected according to:
+ dannf> http://www.ussg.iu.edu/hypermail/linux/kernel/0509.1/1333.html
+ dannf> 2.6.8 looks affected to me - including my shot at a fix...
Bugs:
upstream:
-linux-2.6.16:
-linux-2.6:
-2.6.8-sarge-security:
-2.4.27-sarge-security:
+linux-2.6.16: N/A
+linux-2.6: N/A
+2.6.8-sarge-security: pending (2.6.8-16sarge5) [nfs-handle-long-symlinks.dpatch]
+2.4.27-sarge-security: pending (2.4.27-10sarge4) [223_nfs-handle-long-symlinks.diff]
Modified: active/CVE-2006-0454
===================================================================
--- active/CVE-2006-0454 2006-08-17 00:43:17 UTC (rev 552)
+++ active/CVE-2006-0454 2006-08-17 03:54:32 UTC (rev 553)
@@ -10,8 +10,8 @@
horms> included in 2.6.12
horms> http://www.kernel.org/git/?p=linux/kernel/git/tglx/history.git;a=commitdiff;h=2c7ec2528b5776bd64a7c1240879087198e57da9
Bugs:
-upstream: pending (2.6.15.3)
-linux-2.6.16:
-linux-2.6: pending (2.6.16-5) [2.6.15.3.patch]
+upstream: released (2.6.15.3)
+linux-2.6.16: N/A
+linux-2.6: released (2.6.16-5) [2.6.15.3.patch]
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
Modified: active/CVE-2006-1052
===================================================================
--- active/CVE-2006-1052 2006-08-17 00:43:17 UTC (rev 552)
+++ active/CVE-2006-1052 2006-08-17 03:54:32 UTC (rev 553)
@@ -10,7 +10,7 @@
Notes:
Bugs:
upstream: released (2.6.16)
-linux-2.6.16:
+linux-2.6.16: released (2.6.16-1)
linux-2.6: released (2.6.16-1)
2.6.8-sarge-security: needed
2.4.27-sarge-security: N/A
Modified: active/CVE-2006-1343
===================================================================
--- active/CVE-2006-1343 2006-08-17 00:43:17 UTC (rev 552)
+++ active/CVE-2006-1343 2006-08-17 03:54:32 UTC (rev 553)
@@ -13,7 +13,7 @@
jmm> It's now fixed upstream in 2.6 as well, let's include it in sarge4
Bugs:
upstream: released (2.4.33-pre3), released (2.6.16.19)
-linux-2.6.16:
+linux-2.6.16: released (2.6.16-15)
linux-2.6: released (2.6.16-15)
-2.6.8-sarge-security: ignored (2.6.8-16sarge3)
+2.6.8-sarge-security: needed
2.4.27-sarge-security: released (2.4.27-10sarge3)
Modified: active/CVE-2006-1528
===================================================================
--- active/CVE-2006-1528 2006-08-17 00:43:17 UTC (rev 552)
+++ active/CVE-2006-1528 2006-08-17 03:54:32 UTC (rev 553)
@@ -9,7 +9,7 @@
Notes:
Bugs:
upstream: released (2.6.13)
-linux-2.6.16:
+linux-2.6.16: N/A
linux-2.6: released (2.6.13-1)
2.6.8-sarge-security:
2.4.27-sarge-security:
Modified: active/CVE-2006-1855
===================================================================
--- active/CVE-2006-1855 2006-08-17 00:43:17 UTC (rev 552)
+++ active/CVE-2006-1855 2006-08-17 03:54:32 UTC (rev 553)
@@ -11,7 +11,7 @@
jmm> Vulnerable code not present in 2.4.27
Bugs:
upstream: released (2.6.11.12)
-linux-2.6.16:
+linux-2.6.16: N/A
linux-2.6: N/A
2.6.8-sarge-security: needed
2.4.27-sarge-security: N/A
Modified: active/CVE-2006-1862
===================================================================
--- active/CVE-2006-1862 2006-08-17 00:43:17 UTC (rev 552)
+++ active/CVE-2006-1862 2006-08-17 03:54:32 UTC (rev 553)
@@ -1,15 +1,21 @@
Candidate: CVE-2006-1862
+Description:
+ The virtual memory implementation in Linux kernel 2.6.x allows local users to
+ cause a denial of service (panic) by running lsof a large number of times in
+ a way that produces a heavy system load.
References:
-Description:
Ubuntu-Description:
Notes:
jmm> There's some indication that this is RH-specific, needs to be checked
+ dannf> Yeah, this code is neither in debian's 2.4.27/2.6.8 or 2.6.16 upstream
+ dannf> I also cannot reproduce on debian's 2.6.8 with the test case given in:
+ dannf> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189031
Bugs:
upstream:
-linux-2.6.16:
-linux-2.6:
-2.6.8-sarge-security:
-2.4.27-sarge-security:
+linux-2.6.16: N/A
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
2.6.10-hoary-security:
2.6.12-breezy-security:
2.6.15-dapper-security:
Modified: active/CVE-2006-2275
===================================================================
--- active/CVE-2006-2275 2006-08-17 00:43:17 UTC (rev 552)
+++ active/CVE-2006-2275 2006-08-17 03:54:32 UTC (rev 553)
@@ -12,7 +12,7 @@
jmm> be postponed for now
Bugs:
upstream: released (2.6.16.15)
-linux-2.6.16:
+linux-2.6.16: released (2.6.16-13)
linux-2.6: released (2.6.16-13)
2.6.8-sarge-security: ignored (2.6.8-16sarge4)
2.4.27-sarge-security: ignored (2.4.27-10sarge4)
Modified: active/CVE-2006-2445
===================================================================
--- active/CVE-2006-2445 2006-08-17 00:43:17 UTC (rev 552)
+++ active/CVE-2006-2445 2006-08-17 03:54:32 UTC (rev 553)
@@ -12,11 +12,12 @@
jmm> Only exploitable on SMP systems
jmm> 2.6.8 most probably not affected, but there was a reproducer posted to vendor-sec, should be double-checked
jmm> Vulnerable code not present in 2.4
+ dannf> 2.6.8 didn't have posix-cpu-timers
Bugs:
upstream: released (2.6.16.21)
linux-2.6.16: released (2.6.16-15)
linux-2.6: released (2.6.16-15)
-2.6.8-sarge-security:
+2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
2.6.10-hoary-security: needed (only 4th GIT commit, first three applied in 2.6.10-34.21)
2.6.12-breezy-security: needed (only 4th GIT commit, first three applied in 2.6.12-10.35)
Modified: active/CVE-2006-2629
===================================================================
--- active/CVE-2006-2629 2006-08-17 00:43:17 UTC (rev 552)
+++ active/CVE-2006-2629 2006-08-17 03:54:32 UTC (rev 553)
@@ -9,9 +9,10 @@
leads to a failure in the prune_dcache function or a BUG_ON error in
include/linux/list.h.
Notes:
+ dannf> marking sarge kernels N/A because they are < 2.6.15
Bugs:
upstream:
linux-2.6.16:
-linux-2.6:
-2.6.8-sarge-security:
-2.4.27-sarge-security:
+linux-2.6:
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
Modified: active/CVE-2006-2935
===================================================================
--- active/CVE-2006-2935 2006-08-17 00:43:17 UTC (rev 552)
+++ active/CVE-2006-2935 2006-08-17 03:54:32 UTC (rev 553)
@@ -13,12 +13,13 @@
machine or potentially even execute arbitrary code with full root
privileges.
Notes:
+ dannf> Submitted to Adrian Bunk for inclusion in 2.6.16.y
Bugs:
-upstream:
-linux-2.6.16:
-linux-2.6:
-2.6.8-sarge-security:
-2.4.27-sarge-security:
+upstream: released (2.6.17.7)
+linux-2.6.16: pending (2.6.16-18) [cdrom-bad-cgc.buflen-assign.patch]
+linux-2.6: released (2.6.17-5)
+2.6.8-sarge-security: pending (2.6.8-16sarge5) [cdrom-bad-cgc.buflen-assign.dpatch]
+2.4.27-sarge-security: pending (2.4.27-10sarge4) [224_cdrom-bad-cgc.buflen-assign.diff]
2.6.10-hoary-security: needed
2.6.12-breezy-security: needed
2.6.15-dapper-security: 2.6.15-26.46
Modified: active/CVE-2006-2936
===================================================================
--- active/CVE-2006-2936 2006-08-17 00:43:17 UTC (rev 552)
+++ active/CVE-2006-2936 2006-08-17 03:54:32 UTC (rev 553)
@@ -14,10 +14,10 @@
Notes:
jmm> 2.4 not affected due to different memory allocation
Bugs:
-upstream: released (2.6.16.26)
-linux-2.6.16:
+upstream: released (2.6.16.26, 2.6.17.7)
+linux-2.6.16: pending (2.6.16-18)
linux-2.6: released (2.6.17-5)
-2.6.8-sarge-security:
+2.6.8-sarge-security: pending (2.6.8-16sarge5)
2.4.27-sarge-security: N/A
2.6.10-hoary-security: needed
2.6.12-breezy-security: needed
Modified: active/CVE-2006-3085
===================================================================
--- active/CVE-2006-3085 2006-08-17 00:43:17 UTC (rev 552)
+++ active/CVE-2006-3085 2006-08-17 03:54:32 UTC (rev 553)
@@ -6,7 +6,7 @@
Notes:
Bugs:
upstream: released (2.6.16.21, 2.6.17.1)
-linux-2.6.16:
+linux-2.6.16: released (2.6.16-15)
linux-2.6: released (2.6.16-15)
2.6.8-sarge-security:
2.4.27-sarge-security:
More information about the kernel-sec-discuss
mailing list