[kernel-sec-discuss] r592 - dsa-texts
Dann Frazier
dannf at costa.debian.org
Thu Sep 21 05:26:36 UTC 2006
Author: dannf
Date: 2006-09-21 05:26:34 +0000 (Thu, 21 Sep 2006)
New Revision: 592
Modified:
dsa-texts/2.6.8-sarge5
Log:
add some descriptions
Modified: dsa-texts/2.6.8-sarge5
===================================================================
--- dsa-texts/2.6.8-sarge5 2006-09-21 02:32:32 UTC (rev 591)
+++ dsa-texts/2.6.8-sarge5 2006-09-21 05:26:34 UTC (rev 592)
@@ -8,7 +8,10 @@
Vulnerability : several
Problem-Type : local/remote
Debian-specific: no
-CVE ID : CVE-2006-3468
+CVE ID : CVE-2006-3468 CVE-2004-2660 CVE-2005-4798 CVE-2006-2935
+ CVE-2006-2936 CVE-2006-1052 CVE-2006-1343 CVE-2006-1528
+ CVE-2006-1855 CVE-2006-1856 CVE-2006-2444 CVE-2006-2446
+ CVE-2006-3745 CVE-2006-4535 CVE-2006-4093 CVE-2006-4145
Several local and remote vulnerabilities have been discovered in the Linux
kernel that may lead to a denial of service or the execution of arbitrary
@@ -19,7 +22,87 @@
James McKenzie discovered a vulnerability in the NFS subsystem, allowing
remote denial of service if an ext3 filesystem is exported.
-
+
+CVE-2004-2660
+
+ IWAMOTO Toshihiro discovered a direct IO memory leak that a malicious
+ local user could use to create a local denial of service.
+
+CVE-2005-4798
+
+ Assar discovered a buffer overlow in the NFS readlink handling code
+ that would allows a malicious remote server to cause a denail of
+ service (crash) using a long symlink.
+
+CVE-2006-2935
+
+ Diego Calleja Garcia discovered a potential buffer overflow in the
+ dvd_read_bca() function that could allow aribrary code execution via
+ a malicious CDROM device
+
+CVE-2006-2936
+
+ Ian Abbott and Guillaume Autran provided a fix for a vulnerability in
+ the ftdio_sio driver that could allow a local user to initiate a denial
+ of service attack by writing lots of data to the serial port and
+ consuming all of system memory.
+
+CVE-2006-1052
+
+ Stephen Smalley contributed a fix for a bug in SELinux that allows local
+ users with ptrace permission to change the tracer SID to the SID of
+ another process.
+
+CVE-2006-1343
+
+ Pavel Kankovsky discovered that sockaddr_in.sin_zero is not zeroed
+ during certain operations returning IPv4 socket names which allows
+ potentially sensitive memory to be leaked to userspace.
+
+CVE-2006-1528
+
+ Douglas Gilbert reported a bug in the sg driver that allows local
+ users to oops the kernel by performing dio transfers from the sg
+ driver to memory mapped IO space.
+
+CVE-2006-1855
+
+ Mattia Belletti noticed that certain debugging code left in the
+ choose_new_parent routine allows local users to cause a denial of
+ service (panic).
+
+CVE-2006-1856
+
+ Kostik Belousov discovered a missing LSM file_permission check in the
+ readv and writev functions which might allow attackers to bypass intended
+ access restrictions.
+
+CVE-2006-2444
+
+ Patrick McHardy reported a memory corruption bug in snmp_trap_decode that
+ could be used by remote attackers to crash a system.
+
+CVE-2006-2446
+
+ A race between the kfree_skb and __skb_unlink functions allows remote
+ users to crash a system.
+
+CVE-2006-3745
+
+ NEED INFO
+
+CVE-2006-4535
+
+ NEED INFO
+
+CVE-2006-4093
+
+ NEED INFO
+
+CVE-2006-4145
+
+ NEED INFO
+
The following matrix explains which kernel version for which architecture
fix the problems mentioned above:
More information about the kernel-sec-discuss
mailing list