[kernel-sec-discuss] r917 - active retired
jmm at alioth.debian.org
jmm at alioth.debian.org
Fri Aug 17 19:57:11 UTC 2007
Author: jmm
Date: 2007-08-17 19:57:11 +0000 (Fri, 17 Aug 2007)
New Revision: 917
Added:
retired/CVE-2006-4623
retired/CVE-2007-1000
Removed:
active/CVE-2006-4623
active/CVE-2007-1000
Log:
retire two more
Deleted: active/CVE-2006-4623
===================================================================
--- active/CVE-2006-4623 2007-08-17 17:00:45 UTC (rev 916)
+++ active/CVE-2006-4623 2007-08-17 19:57:11 UTC (rev 917)
@@ -1,31 +0,0 @@
-Candidate: CVE-2006-4623
-References:
- http://lkml.org/lkml/2006/8/20/278
-Description:
- The Unidirectional Lightweight Encapsulation (ULE) decapsulation
- component in dvb-core/dvb_net.c in the dvb driver in the Linux kernel
- 2.6.17.8 allows remote attackers to cause a denial of service (crash)
- via an SNDU length of 0 in a ULE packet.
-Ubuntu-Description:
- A flaw was discovered in dvb ULE decapsulation. A remote attacker could
- send a specially crafted message and cause a denial of service.
-Notes:
- mpitt> Questionable -- rather than fixing the kernel to not send out
- invalid ULE packets, it should be fixed to not crash upon
- receiving one.
- dannf> I noticed that a different, and much larger patch went into 2.6.18
- that conflicts with the one provided by the original reporter (which
- went into 2.6.17.y). I asked the original reporter if that patch also
- fixed the issue. Ang Way replied:
- "Yes, it is fixed in 2.6.18 and later even though the patch is
- different. Their fix is more elegant."
- So, marking etch N/A
-Bugs:
-upstream: released (2.6.18)
-linux-2.6: released (2.6.18-1)
-2.6.18-etch-security: N/A
-2.6.8-sarge-security: released (2.6.8-16sarge7) [dvb-core-handle-0-length-ule-sndu.dpatch]
-2.4.27-sarge-security: N/A
-2.6.15-dapper-security: released (2.6.15-28.57)
-2.6.17-edgy: released (2.6.17.1-10.34)
-2.6.20-feisty-security: N/A
Deleted: active/CVE-2007-1000
===================================================================
--- active/CVE-2007-1000 2007-08-17 17:00:45 UTC (rev 916)
+++ active/CVE-2007-1000 2007-08-17 19:57:11 UTC (rev 917)
@@ -1,20 +0,0 @@
-Candidate: CVE-2007-1000
-References:
- http://bugzilla.kernel.org/show_bug.cgi?id=8134
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=286930797d74b2c9a5beae84836044f6a836235f
-Description:
-Ubuntu-Description:
- Due to an variable handling flaw in the ipv6_getsockopt_sticky()
- function a local attacker could exploit the getsockopt() calls to
- read arbitrary kernel memory. This could disclose sensitive data.
-Notes:
- dannf> function doesn't exist in 2.6.8 - wtarreau says 2.4 isn't vulnerable
-Bugs:
-upstream: released (2.6.21-rc4, 2.6.20.2)
-linux-2.6: released (2.6.20-1)
-2.6.18-etch-security: released (2.6.18.dfsg.1-12) [bugfix/ipv6_getsockopt_sticky-null-opt.patch]
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.6.15-dapper-security: released (2.6.15-28.57)
-2.6.17-edgy-security: released (2.6.17.1-11.39) [c6a7d4a50efdc7ebd50158bcd57c981e85bd31f7]
-2.6.20-feisty-security: N/A
Copied: retired/CVE-2006-4623 (from rev 916, active/CVE-2006-4623)
===================================================================
--- retired/CVE-2006-4623 (rev 0)
+++ retired/CVE-2006-4623 2007-08-17 19:57:11 UTC (rev 917)
@@ -0,0 +1,31 @@
+Candidate: CVE-2006-4623
+References:
+ http://lkml.org/lkml/2006/8/20/278
+Description:
+ The Unidirectional Lightweight Encapsulation (ULE) decapsulation
+ component in dvb-core/dvb_net.c in the dvb driver in the Linux kernel
+ 2.6.17.8 allows remote attackers to cause a denial of service (crash)
+ via an SNDU length of 0 in a ULE packet.
+Ubuntu-Description:
+ A flaw was discovered in dvb ULE decapsulation. A remote attacker could
+ send a specially crafted message and cause a denial of service.
+Notes:
+ mpitt> Questionable -- rather than fixing the kernel to not send out
+ invalid ULE packets, it should be fixed to not crash upon
+ receiving one.
+ dannf> I noticed that a different, and much larger patch went into 2.6.18
+ that conflicts with the one provided by the original reporter (which
+ went into 2.6.17.y). I asked the original reporter if that patch also
+ fixed the issue. Ang Way replied:
+ "Yes, it is fixed in 2.6.18 and later even though the patch is
+ different. Their fix is more elegant."
+ So, marking etch N/A
+Bugs:
+upstream: released (2.6.18)
+linux-2.6: released (2.6.18-1)
+2.6.18-etch-security: N/A
+2.6.8-sarge-security: released (2.6.8-16sarge7) [dvb-core-handle-0-length-ule-sndu.dpatch]
+2.4.27-sarge-security: N/A
+2.6.15-dapper-security: released (2.6.15-28.57)
+2.6.17-edgy: released (2.6.17.1-10.34)
+2.6.20-feisty-security: N/A
Copied: retired/CVE-2007-1000 (from rev 916, active/CVE-2007-1000)
===================================================================
--- retired/CVE-2007-1000 (rev 0)
+++ retired/CVE-2007-1000 2007-08-17 19:57:11 UTC (rev 917)
@@ -0,0 +1,20 @@
+Candidate: CVE-2007-1000
+References:
+ http://bugzilla.kernel.org/show_bug.cgi?id=8134
+ http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=286930797d74b2c9a5beae84836044f6a836235f
+Description:
+Ubuntu-Description:
+ Due to an variable handling flaw in the ipv6_getsockopt_sticky()
+ function a local attacker could exploit the getsockopt() calls to
+ read arbitrary kernel memory. This could disclose sensitive data.
+Notes:
+ dannf> function doesn't exist in 2.6.8 - wtarreau says 2.4 isn't vulnerable
+Bugs:
+upstream: released (2.6.21-rc4, 2.6.20.2)
+linux-2.6: released (2.6.20-1)
+2.6.18-etch-security: released (2.6.18.dfsg.1-12) [bugfix/ipv6_getsockopt_sticky-null-opt.patch]
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.6.15-dapper-security: released (2.6.15-28.57)
+2.6.17-edgy-security: released (2.6.17.1-11.39) [c6a7d4a50efdc7ebd50158bcd57c981e85bd31f7]
+2.6.20-feisty-security: N/A
More information about the kernel-sec-discuss
mailing list