[kernel-sec-discuss] r934 - active

keescook-guest at alioth.debian.org keescook-guest at alioth.debian.org
Fri Aug 31 00:17:38 UTC 2007 

Author: keescook-guest
Date: 2007-08-31 00:17:38 +0000 (Fri, 31 Aug 2007)
New Revision: 934

Modified:
   active/CVE-2005-0504
   active/CVE-2007-2242
   active/CVE-2007-3104
   active/CVE-2007-3105
   active/CVE-2007-3848
   active/CVE-2007-4308
Log:
dapper released; descriptions updated

Modified: active/CVE-2005-0504
===================================================================
--- active/CVE-2005-0504	2007-08-30 23:56:26 UTC (rev 933)
+++ active/CVE-2005-0504	2007-08-31 00:17:38 UTC (rev 934)
@@ -2,9 +2,16 @@
 References: 
  MISC:http://www.securitytracker.com/alerts/2005/Feb/1013273.html
 Description: 
+ Buffer overflow in the MoxaDriverIoctl function for the moxa serial
+ driver (moxa.c) in Linux 2.2.x, 2.4.x, and 2.6.x before 2.6.22 allows
+ local users to execute arbitrary code via a certain modified length
+ value.
+Ubuntu-Description:
+ A buffer overflow was discovered in the Moxa serial driver.  Local
+ attackers could execute arbitrary code and gain root privileges.
+Notes:
  Make sure the length we're passing copy_from_user() is never negative or
  too large for moxaBuff.
-Notes:
  dannf> still not upstream as of 2.6.18-rc4, i've poked upstream about it
  dannf> no response from maintainer - poked linux-serial:
           http://article.gmane.org/gmane.linux.serial/1717
@@ -26,4 +33,4 @@
 2.4.17-woody-security-ia64: released (011226.18)
 2.4.18-woody-security-hppa: released (62.4)
 2.6.18-etch-security: N/A
-2.6.15-dapper-security: pending (2.6.15-29.58)
+2.6.15-dapper-security: released (2.6.15-29.58)

Modified: active/CVE-2007-2242
===================================================================
--- active/CVE-2007-2242	2007-08-30 23:56:26 UTC (rev 933)
+++ active/CVE-2007-2242	2007-08-31 00:17:38 UTC (rev 934)
@@ -25,6 +25,6 @@
 2.6.18-etch-security: released (2.6.18.dfsg.1-13etch1) [bugfix/ipv6-disallow-RH0-by-default.patch]
 2.6.8-sarge-security: 
 2.4.27-sarge-security: 
-2.6.15-dapper-security: pending (2.6.15-29.58)
+2.6.15-dapper-security: released (2.6.15-29.58)
 2.6.17-edgy-security: released (2.6.17.1-11.39) [fee89820efa8e3479b39149dcfb2b1bccdaadedc]
 2.6.20-feisty-security: released (2.6.20-16.28)

Modified: active/CVE-2007-3104
===================================================================
--- active/CVE-2007-3104	2007-08-30 23:56:26 UTC (rev 933)
+++ active/CVE-2007-3104	2007-08-31 00:17:38 UTC (rev 934)
@@ -15,6 +15,6 @@
 2.6.18-etch-security: ignored (2.6.18.dfsg.1-13etch1) "no upstream fix"
 2.6.8-sarge-security: 
 2.4.27-sarge-security: 
-2.6.15-dapper-security: pending (2.6.15-29.58)
+2.6.15-dapper-security: released (2.6.15-29.58)
 2.6.17-edgy-security: released (2.6.17.1-12.40) [a8c3f241ea411211c4802098f23a8da309e8bbd1]
 2.6.20-feisty-security: pending (2.6.20-16.30) [5ca45c7e9e3d363c7bd3a5419742cb3368baf474]

Modified: active/CVE-2007-3105
===================================================================
--- active/CVE-2007-3105	2007-08-30 23:56:26 UTC (rev 933)
+++ active/CVE-2007-3105	2007-08-31 00:17:38 UTC (rev 934)
@@ -20,6 +20,6 @@
 2.6.18-etch-security: pending (2.6.18.dfsg.1-13etch2) [bugfix/random-bound-check-ordering.patch]
 2.6.8-sarge-security: 
 2.4.27-sarge-security: 
-2.6.15-dapper-security: pending (2.6.15-29.58) 
+2.6.15-dapper-security: released (2.6.15-29.58) 
 2.6.17-edgy-security: released (2.6.17.1-12.40) [f22710043b7d89b496f7910e9c87ed62519dff14]
 2.6.20-feisty-security: pending (2.6.20-16.30) [542a98d0809f0eccc5cf23ed402285e995e0b31e]

Modified: active/CVE-2007-3848
===================================================================
--- active/CVE-2007-3848	2007-08-30 23:56:26 UTC (rev 933)
+++ active/CVE-2007-3848	2007-08-31 00:17:38 UTC (rev 934)
@@ -17,6 +17,6 @@
 2.6.18-etch-security: released (2.6.18.dfsg.1-13etch1) [bugfix/reset-pdeathsig-on-suid.patch]
 2.6.8-sarge-security: pending (2.6.8-17sarge1) [reset-pdeathsig-on-suid.dpatch]
 2.4.27-sarge-security: needed
-2.6.15-dapper-security: pending (2.6.15-29.58)
+2.6.15-dapper-security: released (2.6.15-29.58)
 2.6.17-edgy-security: released (2.6.17.1-12.40)
 2.6.20-feisty-security: pending (2.6.20-16.30)

Modified: active/CVE-2007-4308
===================================================================
--- active/CVE-2007-4308	2007-08-30 23:56:26 UTC (rev 933)
+++ active/CVE-2007-4308	2007-08-31 00:17:38 UTC (rev 934)
@@ -20,6 +20,6 @@
 2.6.18-etch-security: pending (2.6.18.dfsg.1-13etch2) [bugfix/aacraid-ioctl-perm-check.patch]
 2.6.8-sarge-security: pending (2.6.8-17sarge1) [aacraid-ioctl-perm-check.dpatch]
 2.4.27-sarge-security: needed
-2.6.15-dapper-security: pending (2.6.15-29.58)
+2.6.15-dapper-security: released (2.6.15-29.58)
 2.6.17-edgy-security: released (2.6.17.1-12.40)
 2.6.20-feisty-security: pending (2.6.20-16.30)

More information about the kernel-sec-discuss mailing list