[kernel-sec-discuss] r709 - active scripts
Kees Cook
keescook-guest at alioth.debian.org
Tue Feb 27 22:01:17 CET 2007
Author: keescook-guest
Date: 2007-02-27 22:01:17 +0100 (Tue, 27 Feb 2007)
New Revision: 709
Added:
active/CVE-2007-0772
active/CVE-2007-0958
Modified:
active/CVE-2006-6128
active/CVE-2007-0006
scripts/ubuntu-todo
Log:
added CVE-2007-0958, CVE-2007-0772, updated some ubuntu bits
Modified: active/CVE-2006-6128
===================================================================
--- active/CVE-2006-6128 2007-02-27 17:02:39 UTC (rev 708)
+++ active/CVE-2006-6128 2007-02-27 21:01:17 UTC (rev 709)
@@ -19,7 +19,6 @@
2.6.18-etch-security:
2.6.8-sarge-security:
2.4.27-sarge-security:
-2.6.12-breezy-security:
-2.6.15-dapper-security:
-2.6.17-edgy-security:
-2.6.19-feisty:
+2.6.12-breezy-security: needed
+2.6.15-dapper-security: needed
+2.6.17-edgy-security: needed
Modified: active/CVE-2007-0006
===================================================================
--- active/CVE-2007-0006 2007-02-27 17:02:39 UTC (rev 708)
+++ active/CVE-2007-0006 2007-02-27 21:01:17 UTC (rev 709)
@@ -15,6 +15,6 @@
2.6.18-etch-security:
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
-2.6.12-breezy-security:
-2.6.15-dapper-security:
-2.6.17-edgy-security:
+2.6.12-breezy-security: needed
+2.6.15-dapper-security: needed
+2.6.17-edgy-security: needed
Added: active/CVE-2007-0772
===================================================================
--- active/CVE-2007-0772 2007-02-27 17:02:39 UTC (rev 708)
+++ active/CVE-2007-0772 2007-02-27 21:01:17 UTC (rev 709)
@@ -0,0 +1,22 @@
+Candidate: CVE-2007-0772
+References:
+ CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.1
+ FRSIRT:ADV-2007-0660
+ URL:http://www.frsirt.com/english/advisories/2007/0660
+ SECUNIA:24215
+ URL:http://secunia.com/advisories/24215
+Description:
+ The Linux kernel before 2.6.20.1 allows remote attackers to cause a denial
+ of service (oops) via a crafed NFSACL 2 ACCESS request that triggers a free
+ of an incorrect pointer.
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream:
+linux-2.6:
+2.6.18-etch-security:
+2.6.8-sarge-security:
+2.4.27-sarge-security:
+2.6.12-breezy-security: needed
+2.6.15-dapper-security: needed
+2.6.17-edgy-security: needed
Added: active/CVE-2007-0958
===================================================================
--- active/CVE-2007-0958 2007-02-27 17:02:39 UTC (rev 708)
+++ active/CVE-2007-0958 2007-02-27 21:01:17 UTC (rev 709)
@@ -0,0 +1,19 @@
+Candidate: CVE-2007-0958
+References:
+ MISC:http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt
+ CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20
+Description:
+ Linux kernel 2.6.x before 2.6.20 allows local users to read unreadable
+ binaries by using the interpreter (PT_INTERP) functionality and triggering
+ a core dump, a variant of CVE-2004-1073.
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream:
+linux-2.6:
+2.6.18-etch-security:
+2.6.8-sarge-security:
+2.4.27-sarge-security:
+2.6.12-breezy-security: needed
+2.6.15-dapper-security: needed
+2.6.17-edgy-security: needed
Modified: scripts/ubuntu-todo
===================================================================
--- scripts/ubuntu-todo 2007-02-27 17:02:39 UTC (rev 708)
+++ scripts/ubuntu-todo 2007-02-27 21:01:17 UTC (rev 709)
@@ -1,2 +1,2 @@
#!/bin/sh -e
-egrep '(hoary|breezy|dapper|edgy).*(needed|pending)' *
+egrep '(hoary|breezy|dapper|edgy|feisty).*(needed|pending)' *
More information about the kernel-sec-discuss
mailing list