[kernel-sec-discuss] r659 - active

Wed Dec 13 15:35:25 CET 2006

Author: mpitt
Date: 2006-12-13 15:35:25 +0100 (Wed, 13 Dec 2006)
New Revision: 659

Modified:
   active/CVE-2006-4572
   active/CVE-2006-4623
   active/CVE-2006-4813
   active/CVE-2006-4997
   active/CVE-2006-5158
   active/CVE-2006-5173
   active/CVE-2006-5619
   active/CVE-2006-5648
   active/CVE-2006-5649
   active/CVE-2006-5701
   active/CVE-2006-5751
Log:
update status for USN-395-1

Modified: active/CVE-2006-4572
===================================================================

--- active/CVE-2006-4572	2006-12-13 14:35:02 UTC (rev 658)
+++ active/CVE-2006-4572	2006-12-13 14:35:25 UTC (rev 659)
@@ -14,8 +14,6 @@
  packets, a remote attacker could exploit this to bypass firewall
  rules.
 Notes: 
- kyle: according to patrick mchardy, they are still vunerable...
- pitti: according to Chuck Short, 2.6.12 and below do the right thing
 Bugs: 
 upstream: 
 linux-2.6:
@@ -23,5 +21,5 @@
 2.4.27-sarge-security:
 2.6.12-breezy-security: needed
 2.6.15-dapper-security: needed
-2.6.17-edgy-security: needed
+2.6.17-edgy-security: released (2.6.17.1-10.34)
 2.6.19-feisty: released

Modified: active/CVE-2006-4623
===================================================================
--- active/CVE-2006-4623	2006-12-13 14:35:02 UTC (rev 658)
+++ active/CVE-2006-4623	2006-12-13 14:35:25 UTC (rev 659)
@@ -19,4 +19,4 @@
 2.6.10-hoary-security:
 2.6.12-breezy-security:
 2.6.15-dapper-security:
-2.6.17-edgy:
+2.6.17-edgy: released (2.6.17.1-10.34)

Modified: active/CVE-2006-4813
===================================================================
--- active/CVE-2006-4813	2006-12-13 14:35:02 UTC (rev 658)
+++ active/CVE-2006-4813	2006-12-13 14:35:25 UTC (rev 659)
@@ -18,6 +18,6 @@
 linux-2.6: released (2.6.13-1)
 2.6.8-sarge-security: pending (2.6.8-16sarge6) [__block_prepare_write-recovery.dpatch]
 2.4.27-sarge-security: N/A
-2.6.12-breezy-security: needed
+2.6.12-breezy-security: released (CVE-2006-4813)
 2.6.15-dapper-security: released
 2.6.17-edgy: released

Modified: active/CVE-2006-4997
===================================================================
--- active/CVE-2006-4997	2006-12-13 14:35:02 UTC (rev 658)
+++ active/CVE-2006-4997	2006-12-13 14:35:25 UTC (rev 659)
@@ -14,6 +14,6 @@
 linux-2.6: released (2.6.18-1)
 2.6.8-sarge-security: pending (2.6.8-16sarge6) [atm-clip-freed-skb-deref.dpatch]
 2.4.27-sarge-security: pending (2.4.27-10sarge5) [234_atm-clip-freed-skb-deref.diff]
-2.6.12-breezy-security: needed
-2.6.15-dapper-security: needed
+2.6.12-breezy-security: released (2.6.12-10.41)
+2.6.15-dapper-security: released (2.6.15-27.49)
 2.6.17-edgy: released (2.6.17-10.31)

Modified: active/CVE-2006-5158
===================================================================
--- active/CVE-2006-5158	2006-12-13 14:35:02 UTC (rev 658)
+++ active/CVE-2006-5158	2006-12-13 14:35:25 UTC (rev 659)
@@ -18,6 +18,6 @@
 linux-2.6:
 2.6.8-sarge-security: N/A
 2.4.27-sarge-security: N/A
-2.6.12-breezy-security: needed
+2.6.12-breezy-security: released (2.6.12-10.41)
 2.6.15-dapper-security: needed
 2.6.17-edgy: needed

Modified: active/CVE-2006-5173
===================================================================
--- active/CVE-2006-5173	2006-12-13 14:35:02 UTC (rev 658)
+++ active/CVE-2006-5173	2006-12-13 14:35:25 UTC (rev 659)
@@ -22,5 +22,5 @@
 2.4.27-sarge-security: N/A
 2.6.10-hoary-security: N/A
 2.6.12-breezy-security: N/A
-2.6.15-dapper-security: needed
-2.6.17-edgy: needed
+2.6.15-dapper-security: released (2.6.15-27.49)
+2.6.17-edgy: released (2.6.17.1-10.34)

Modified: active/CVE-2006-5619
===================================================================
--- active/CVE-2006-5619	2006-12-13 14:35:02 UTC (rev 658)
+++ active/CVE-2006-5619	2006-12-13 14:35:25 UTC (rev 659)
@@ -17,7 +17,7 @@
 linux-2.6: released (2.6.18-4)
 2.6.8-sarge-security: pending (2.6.8-16sarge6) [ip6_flowlabel-lockup.dpatch]
 2.4.27-sarge-security: N/A
-2.6.12-breezy-security: needed
-2.6.15-dapper-security: needed
-2.6.17-edgy-security: needed
-2.6.19-feisty: needed
+2.6.12-breezy-security: released (2.6.12-10.41)
+2.6.15-dapper-security: released (2.6.15-27.49)
+2.6.17-edgy-security: released (2.6.17.1-10.34)
+2.6.19-feisty: released

Modified: active/CVE-2006-5648
===================================================================
--- active/CVE-2006-5648	2006-12-13 14:35:02 UTC (rev 658)
+++ active/CVE-2006-5648	2006-12-13 14:35:25 UTC (rev 659)
@@ -20,5 +20,5 @@
 2.4.27-sarge-security: N/A
 2.6.12-breezy-security: N/A
 2.6.15-dapper-security: N/A
-2.6.17-edgy-security: needed
-2.6.19-feisty: needed
+2.6.17-edgy-security: released (2.6.17.1-10.34)
+2.6.19-feisty: released

Modified: active/CVE-2006-5649
===================================================================
--- active/CVE-2006-5649	2006-12-13 14:35:02 UTC (rev 658)
+++ active/CVE-2006-5649	2006-12-13 14:35:25 UTC (rev 659)
@@ -19,7 +19,6 @@
 linux-2.6: released (2.6.18-4)
 2.6.8-sarge-security: pending (2.6.8-16sarge6) [ppc-alignment-exception-table-check.dpatch]
 2.4.27-sarge-security: pending (2.4.27-10sarge5) [235_ppc-alignment-exception-table-check.diff]
-2.6.12-breezy-security: needed
-2.6.15-dapper-security: needed
-2.6.17-edgy-security: needed
-2.6.19-feisty: needed
+2.6.12-breezy-security: released (2.6.12-10.41)
+2.6.15-dapper-security: released (2.6.15-27.49)
+2.6.17-edgy-security: released (2.6.17.1-10.34)

Modified: active/CVE-2006-5701
===================================================================
--- active/CVE-2006-5701	2006-12-13 14:35:02 UTC (rev 658)
+++ active/CVE-2006-5701	2006-12-13 14:35:25 UTC (rev 659)
@@ -23,7 +23,6 @@
 2.6.18-etch: needed
 2.6.8-sarge-security: N/A
 2.4.27-sarge-security: N/A
-2.6.12-breezy-security: needed
-2.6.15-dapper-security: needed
-2.6.17-edgy-security: needed
-2.6.19-feisty: needed
+2.6.12-breezy-security: N/A
+2.6.15-dapper-security: released (2.6.15-27.49)
+2.6.17-edgy-security: released (2.6.17.1-10.34)

Modified: active/CVE-2006-5751
===================================================================
--- active/CVE-2006-5751	2006-12-13 14:35:02 UTC (rev 658)
+++ active/CVE-2006-5751	2006-12-13 14:35:25 UTC (rev 659)
@@ -16,6 +16,10 @@
  the Linux kernel before 2.6.18.4 allows local users to execute arbitrary code
  via a large maxnum value in an ioctl request.
 Ubuntu-Description: 
+ An integer overflow was found in the get_fdb_entries() function of
+ the network bridging code. By executing a specially crafted ioctl, a
+ local attacker could exploit this to execute arbitrary code with root
+ privileges.
 Notes: 
  dannf> Marking 2.4 as N/A - the code is much different now, and nothing
  dannf> seemed to be checking PAGE_SIZE at all in 2.4
@@ -25,7 +29,6 @@
 2.6.18-etch: 
 2.6.8-sarge-security: pending (2.6.8-16sarge6) [bridge-get_fdb_entries-overflow.dpatch]
 2.4.27-sarge-security: N/A
-2.6.12-breezy-security: 
-2.6.15-dapper-security: 
-2.6.17-edgy-security: 
-2.6.19-feisty: 
+2.6.12-breezy-security: released (2.6.12-10.41)
+2.6.15-dapper-security: released (2.6.15-27.49)
+2.6.17-edgy-security: released (2.6.17.1-10.34)


