[kernel-sec-discuss] r555 - active retired

Dann Frazier dannf at costa.debian.org
Thu Aug 17 04:01:25 UTC 2006 

Author: dannf
Date: 2006-08-17 04:01:21 +0000 (Thu, 17 Aug 2006)
New Revision: 555

Added:
   retired/CVE-2004-0997
   retired/CVE-2004-1074
   retired/CVE-2005-0124
   retired/CVE-2005-0179
   retired/CVE-2005-0489
   retired/CVE-2006-0454
Removed:
   active/CVE-2004-0997
   active/CVE-2004-1074
   active/CVE-2005-0124
   active/CVE-2005-0179
   active/CVE-2005-0489
   active/CVE-2006-0454
Log:
retire a few issues

Deleted: active/CVE-2004-0997
===================================================================
--- active/CVE-2004-0997	2006-08-17 04:00:48 UTC (rev 554)
+++ active/CVE-2004-0997	2006-08-17 04:01:21 UTC (rev 555)
@@ -1,25 +0,0 @@
-Candidate: CVE-2004-0997
-References: 
-Description: 
-Notes: 
- Still marked **RESERVED** - this is from the kernel-source-2.4.19 changelog:
-  * Applied patch by Thiemo Seufer to fix local ptrace root in the MIPS
-    ptrace implementation [arch/mips/kernel/scall_o32.S,
-    arch/mips/tools/offset.c, arch/mips64/kernel/scall_64.S,
-    arch/mips64/kernel/scall_o32.S, CAN-2004-0997]
- <dannf> ths: do you know if CVE-2004-0997 is fixed in 2.6?  code is very
-         different from the 2.4.19 patch i have
- <ths> dannf: Fixed long ago.
-Bugs: 
-upstream: released
-linux-2.6.16: N/A
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: ignored (2.4.27-10sarge3)
-2.4.19-woody-security: released (2.4.19-4.woody3)
-2.4.18-woody-security: released (2.4.18-14.4)
-2.4.17-woody-security: released (2.4.17-1woody4)
-2.4.16-woody-security: released (2.4.16-1woody3)
-2.4.17-woody-security-hppa: released (32.5)
-2.4.17-woody-security-ia64: released (011226.18)
-2.4.18-woody-security-hppa: released (62.4)

Deleted: active/CVE-2004-1074
===================================================================
--- active/CVE-2004-1074	2006-08-17 04:00:48 UTC (rev 554)
+++ active/CVE-2004-1074	2006-08-17 04:01:21 UTC (rev 555)
@@ -1,39 +0,0 @@
-Candidate: CVE-2004-1074
-References: 
- MLIST:[linux-kernel] 20041111 a.out issue
- URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=110021173607372&w=2
- CONECTIVA:CLA-2005:930
- URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
- FEDORA:FLSA:2336
- URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
- MANDRAKE:MDKSA-2005:022
- URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
- TRUSTIX:2005-0001
- URL:http://www.trustix.org/errata/2005/0001/
- BUGTRAQ:20041216 [USN-39-1] Linux amd64 kernel vulnerability
- URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110322596918807&w=2
- XF:linux-aout-binary-dos(18290)
- URL:http://xforce.iss.net/xforce/xfdb/18290
-Description: 
- The binfmt functionality in the Linux kernel, when "memory overcommit" is
- enabled, allows local users to cause a denial of service (kernel oops) via a
- malformed a.out binary.
-Notes: 
- From Joey's 2.4.18-14.4 changelog:
-  * Applied patch by Chris Wright to not insert overlapping regions in
-    setup_arg_pages() [fs/exec.c, associated to CAN-2004-1074]
-  * Applied patch by Chris Wright to fix error handling in do_brk() when
-    setting up bss in a.out [fs/binfmt_aout.c, CAN-2004-1074]
-Bugs: 
-upstream: released (2.6.10)
-linux-2.6.16: N/A
-linux-2.6: N/A
-2.6.8-sarge-security: released (2.6.8-11) [binfmt-huge-vma-dos.dpatch, binfmt-huge-vma-dos2.dpatch]
-2.4.27-sarge-security: released (2.4.27-7) [114-binfmt_aout-CVE-2004-1074.diff]
-2.4.19-woody-security: released (2.4.19-4.woody3)
-2.4.18-woody-security: released (2.4.18-14.4)
-2.4.17-woody-security: released (2.4.17-1woody4)
-2.4.16-woody-security: released (2.4.16-1woody3)
-2.4.17-woody-security-hppa: released (32.5)
-2.4.17-woody-security-ia64: released (011226.18)
-2.4.18-woody-security-hppa: released (62.4)

Deleted: active/CVE-2005-0124
===================================================================
--- active/CVE-2005-0124	2006-08-17 04:00:48 UTC (rev 554)
+++ active/CVE-2005-0124	2006-08-17 04:01:21 UTC (rev 555)
@@ -1,22 +0,0 @@
-Candidate: CVE-2005-0124
-References: 
- MLIST:[linux-kernel] 20041216 [Coverity] Untrusted user data in kernel
- URL:http://seclists.org/lists/linux-kernel/2004/Dec/3914.html
- MLIST:[linux-kernel] 20050105 Re: [Coverity] Untrusted user data in kernel
- URL:http://seclists.org/lists/linux-kernel/2005/Jan/1089.html
- MLIST:[linux-kernel] 20050107 [PATCH 2.4.29-pre3-bk4] fs/coda Re: [Coverity] Untrusted user data in kernel
- URL:http://seclists.org/lists/linux-kernel/2005/Jan/2018.html
- MLIST:[linux-kernel] 20050107 [PATCH 2.6.10-mm2] fs/coda Re: [Coverity] Untrusted user data in kernel
- URL:http://seclists.org/lists/linux-kernel/2005/Jan/2020.html
-Description: 
- The coda_pioctl function in the coda functionality (pioctl.c) for Linux
- kernel 2.6.9 and 2.4.x before 2.4.29 may allow local users to cause a denial
- of service (crash) or execute arbitrary code via negative vi.in_size or
- vi.out_size values, which may trigger a buffer overflow.
-Notes: 
-Bugs: 
-upstream: released (2.6.11)
-linux-2.6.16: N/A
-linux-2.6: N/A
-2.6.8-sarge-security: released (2.6.8-16sarge2) [fs_coda_coverty.dpatch]
-2.4.27-sarge-security: released (2.4.27-8)

Deleted: active/CVE-2005-0179
===================================================================
--- active/CVE-2005-0179	2006-08-17 04:00:48 UTC (rev 554)
+++ active/CVE-2005-0179	2006-08-17 04:01:21 UTC (rev 555)
@@ -1,20 +0,0 @@
-Candidate: CVE-2005-0179
-References: 
- http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030660.html
- http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
- http://www.redhat.com/support/errata/RHSA-2005-092.html
-Description: 
- Linux kernel 2.4.x and 2.6.x allows local users to cause a denial
- of service (CPU and memory  consumption) and bypass RLIM_MEMLOCK
- limits via the mlockall call.
-Notes: 
- jmm> The vulnerable code was only introduced in 2.6.9
- dannf> I believe this is fixed in:
-  http://linux.bkbits.net:8080/linux-2.6/cset@41e2d63eQyYc3q3MPkKLhEktFoqfUw?nav=index.html|src/|src/mm|related/mm/mmap.c
- dannf> and since that was in 2.6.11, i'll mark upstream as such
-Bugs: 
-upstream: released (2.6.11)
-linux-2.6.16: N/A
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A

Deleted: active/CVE-2005-0489
===================================================================
--- active/CVE-2005-0489	2006-08-17 04:00:48 UTC (rev 554)
+++ active/CVE-2005-0489	2006-08-17 04:01:21 UTC (rev 555)
@@ -1,22 +0,0 @@
-Candidate: CVE-2005-0489
-References: 
-Description: 
- Applied patch by Marcelo Tosatti <marcelo.tosatti at cyclades.com> to fix
- potential memory access to free memory in /proc handling
-Notes: 
- still marked **RESERVED**
- But it looks like Joey used this patch for his kernel-source-2.4.18 update:
- http://linux.bkbits.net:8080/linux-2.4/cset@1.1359.1.22?nav=index.html|src/|src/fs|src/fs/proc|related/fs/proc/base.c
-Bugs: 
-upstream: released (2.4.27-pre1)
-linux-2.6.16: N/A
-linux-2.6: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.4.19-woody-security: released (2.4.19-4.woody3)
-2.4.18-woody-security: released (2.4.18-14.4)
-2.4.17-woody-security: released (2.4.17-1woody4)
-2.4.16-woody-security: released (2.4.16-1woody3)
-2.4.17-woody-security-hppa: released (32.5)
-2.4.17-woody-security-ia64: released (011226.18)
-2.4.18-woody-security-hppa: released (62.4)

Deleted: active/CVE-2006-0454
===================================================================
--- active/CVE-2006-0454	2006-08-17 04:00:48 UTC (rev 554)
+++ active/CVE-2006-0454	2006-08-17 04:01:21 UTC (rev 555)
@@ -1,17 +0,0 @@
-Candidate: CVE-2006-0454
-References: http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=fa60cf7f64a00c16e95717e8dccdb128877e342a
-Description: Fix extra dst release when ip_options_echo fails
- When two ip_route_output_key lookups in icmp_send were combined I
- forgot to change the error path for ip_options_echo to not drop the
- dst reference since it now sits before the dst lookup.  To fix it we
- simply jump past the ip_rt_put call.
-Notes: 
- horms> appears to have been added by the following patch which was
- horms> included in 2.6.12
- horms> http://www.kernel.org/git/?p=linux/kernel/git/tglx/history.git;a=commitdiff;h=2c7ec2528b5776bd64a7c1240879087198e57da9
-Bugs: 
-upstream: released (2.6.15.3)
-linux-2.6.16: N/A
-linux-2.6: released (2.6.16-5) [2.6.15.3.patch]
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A

Copied: retired/CVE-2004-0997 (from rev 549, active/CVE-2004-0997)

Copied: retired/CVE-2004-1074 (from rev 549, active/CVE-2004-1074)

Copied: retired/CVE-2005-0124 (from rev 549, active/CVE-2005-0124)

Copied: retired/CVE-2005-0179 (from rev 549, active/CVE-2005-0179)

Copied: retired/CVE-2005-0489 (from rev 549, active/CVE-2005-0489)

Copied: retired/CVE-2006-0454 (from rev 553, active/CVE-2006-0454)

More information about the kernel-sec-discuss mailing list