[kernel-sec-discuss] r899 - active scripts

keescook-guest at alioth.debian.org keescook-guest at alioth.debian.org
Wed Jul 18 22:56:01 UTC 2007 

Author: keescook-guest
Date: 2007-07-18 22:56:01 +0000 (Wed, 18 Jul 2007)
New Revision: 899

Modified:
   active/CVE-2006-7203
   active/CVE-2007-0005
   active/CVE-2007-1000
   active/CVE-2007-1353
   active/CVE-2007-1861
   active/CVE-2007-2242
   active/CVE-2007-2453
   active/CVE-2007-2525
   active/CVE-2007-2875
   active/CVE-2007-2876
   active/CVE-2007-2878
   scripts/ubuntu-table
Log:
updating ubuntu releases, adding missing descriptions

Modified: active/CVE-2006-7203
===================================================================
--- active/CVE-2006-7203	2007-07-18 19:31:22 UTC (rev 898)
+++ active/CVE-2006-7203	2007-07-18 22:56:01 UTC (rev 899)
@@ -6,9 +6,11 @@
  and earlier allows local users to cause a denial of service (NULL
  pointer dereference and oops) by mounting a smbfs file system in
  compatibility mode ("mount -t smbfs").
- jmm> Vulnerable code not present in 2.4.27
 Ubuntu-Description: 
+ The compat_sys_mount function allowed local users to cause a denial of
+ service when mounting a smbfs filesystem in compatibility mode.
 Notes: 
+ jmm> Vulnerable code not present in 2.4.27
 Bugs: 
 upstream: released (2.6.20, 2.6.18.6)
 linux-2.6: released (2.6.20-1)
@@ -16,5 +18,5 @@
 2.6.8-sarge-security: pending (2.6.8-17sarge1) [compat_sys_mount-NULL-data_page.dpatch]
 2.4.27-sarge-security: N/A
 2.6.15-dapper-security: pending (2.6.15-28.56)
-2.6.17-edgy-security: pending (2.6.17.1-11.39) [b47f37617947e31bb19441e18714683e4ec86820]
+2.6.17-edgy-security: released (2.6.17.1-11.39) [b47f37617947e31bb19441e18714683e4ec86820]
 2.6.20-feisty-security: N/A

Modified: active/CVE-2007-0005
===================================================================
--- active/CVE-2007-0005	2007-07-18 19:31:22 UTC (rev 898)
+++ active/CVE-2007-0005	2007-07-18 22:56:01 UTC (rev 899)
@@ -16,5 +16,5 @@
 2.6.8-sarge-security: N/A
 2.4.27-sarge-security: N/A
 2.6.15-dapper-security: pending (2.6.15-28.56)
-2.6.17-edgy-security: pending (2.6.17.1-11.39) [059819a41d4331316dd8ddcf977a24ab338f4300]
+2.6.17-edgy-security: released (2.6.17.1-11.39) [059819a41d4331316dd8ddcf977a24ab338f4300]
 2.6.20-feisty-security: N/A

Modified: active/CVE-2007-1000
===================================================================
--- active/CVE-2007-1000	2007-07-18 19:31:22 UTC (rev 898)
+++ active/CVE-2007-1000	2007-07-18 22:56:01 UTC (rev 899)
@@ -16,5 +16,5 @@
 2.6.8-sarge-security: N/A
 2.4.27-sarge-security: N/A
 2.6.15-dapper-security: pending (2.6.15-28.56)
-2.6.17-edgy-security: pending (2.6.17.1-11.39) [c6a7d4a50efdc7ebd50158bcd57c981e85bd31f7]
+2.6.17-edgy-security: released (2.6.17.1-11.39) [c6a7d4a50efdc7ebd50158bcd57c981e85bd31f7]
 2.6.20-feisty-security: N/A

Modified: active/CVE-2007-1353
===================================================================
--- active/CVE-2007-1353	2007-07-18 19:31:22 UTC (rev 898)
+++ active/CVE-2007-1353	2007-07-18 22:56:01 UTC (rev 899)
@@ -22,5 +22,5 @@
 2.6.8-sarge-security: 
 2.4.27-sarge-security: pending (2.4.27-10sarge6) [244_bluetooth-l2cap-hci-info-leaks.diff]
 2.6.15-dapper-security: pending (2.6.15-28.56)
-2.6.17-edgy-security: pending (2.6.17.1-11.39) [6529b3249b30c826d8ab991d839c6cb4e952c1ed]
+2.6.17-edgy-security: released (2.6.17.1-11.39) [6529b3249b30c826d8ab991d839c6cb4e952c1ed]
 2.6.20-feisty-security: released (2.6.20-16.29)

Modified: active/CVE-2007-1861
===================================================================
--- active/CVE-2007-1861	2007-07-18 19:31:22 UTC (rev 898)
+++ active/CVE-2007-1861	2007-07-18 22:56:01 UTC (rev 899)
@@ -3,7 +3,13 @@
  Subject: [PATCH] infinite recursion in netlink
  Message-ID: <20070425183856.GA6028 at ms2.inr.ac.ru>
 Description: 
+ The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux Kernel before
+ 2.6.20.8 allows attackers to cause a denial of service (kernel panic) via
+ NETLINK_FIB_LOOKUP replies, which trigger infinite recursion and a stack
+ overflow.
 Ubuntu-Description: 
+ A flaw was discovered in the handling of netlink messages.  Local attackers
+ could cause infinite recursion leading to a denial of service.
 Notes: 
  jmm> Introduced in 2.6.13
 Bugs: 
@@ -14,5 +20,5 @@
 2.4.27-sarge-security: N/A
 2.6.12-breezy-security: N/A
 2.6.15-dapper-security: pending (2.6.15-28.56)
-2.6.17-edgy-security: pending (2.6.17.1-11.39) [a0819ea9cc4116f4d127c4e015ce146109be1f4b]
+2.6.17-edgy-security: released (2.6.17.1-11.39) [a0819ea9cc4116f4d127c4e015ce146109be1f4b]
 2.6.20-feisty-security: N/A

Modified: active/CVE-2007-2242
===================================================================
--- active/CVE-2007-2242	2007-07-18 19:31:22 UTC (rev 898)
+++ active/CVE-2007-2242	2007-07-18 22:56:01 UTC (rev 899)
@@ -26,5 +26,5 @@
 2.6.8-sarge-security: 
 2.4.27-sarge-security: 
 2.6.15-dapper-security: deferred (2.6.15-29.57)
-2.6.17-edgy-security: pending (2.6.17.1-11.39) [fee89820efa8e3479b39149dcfb2b1bccdaadedc]
+2.6.17-edgy-security: released (2.6.17.1-11.39) [fee89820efa8e3479b39149dcfb2b1bccdaadedc]
 2.6.20-feisty-security: released (2.6.20-16.28)

Modified: active/CVE-2007-2453
===================================================================
--- active/CVE-2007-2453	2007-07-18 19:31:22 UTC (rev 898)
+++ active/CVE-2007-2453	2007-07-18 22:56:01 UTC (rev 899)
@@ -4,6 +4,11 @@
  http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=602b6aeefe8932dd8bb15014e8fe6bb25d736361
  http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.4
 Description: 
+ The random number feature in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x
+ before 2.6.21.4, (1) does not properly seed pools when there is no entropy,
+ or (2) uses an incorrect cast when extracting entropy, which might cause the
+ random number generator to provide the same values after reboots on systems
+ without an entropy source.
 Ubuntu-Description: 
  The random number generator was hashing a subset of the available
  entropy, leading to slightly less random numbers. Additionally, systems
@@ -17,5 +22,5 @@
 2.6.8-sarge-security: 
 2.4.27-sarge-security: 
 2.6.15-dapper-security: pending (2.6.15-28.57)
-2.6.17-edgy-security: pending (2.6.17.1-11.39)
+2.6.17-edgy-security: released (2.6.17.1-11.39)
 2.6.20-feisty-security: released (2.6.20-16.29)

Modified: active/CVE-2007-2525
===================================================================
--- active/CVE-2007-2525	2007-07-18 19:31:22 UTC (rev 898)
+++ active/CVE-2007-2525	2007-07-18 22:56:01 UTC (rev 899)
@@ -6,6 +6,9 @@
  service (memory consumption) by creating a socket using connect, and
  releasing it before the PPPIOCGCHAN ioctl is initialized.
 Ubuntu-Description: 
+ A flaw was discovered in the PPP over Ethernet implementation.  Local
+ attackers could manipulate ioctls and cause kernel memory consumption
+ leading to a denial of service.
 Notes: 
  jmm> 202a03acf9994076055df40ae093a5c5474ad0bd
 Bugs: 
@@ -15,5 +18,5 @@
 2.6.8-sarge-security: pending (2.6.8-17sarge1) [pppoe-socket-release-mem-leak.dpatch]
 2.4.27-sarge-security: needed
 2.6.15-dapper-security: pending (2.6.15-28.56)
-2.6.17-edgy-security: pending (2.6.17.1-11.39) [123623f9ad4d9bbe55c03b33ce79123e948b107f]
+2.6.17-edgy-security: released (2.6.17.1-11.39) [123623f9ad4d9bbe55c03b33ce79123e948b107f]
 2.6.20-feisty-security: pending (2.6.20-16.29) [168038c2da7f984a07fd169270b2cac561e1c90c]

Modified: active/CVE-2007-2875
===================================================================
--- active/CVE-2007-2875	2007-07-18 19:31:22 UTC (rev 898)
+++ active/CVE-2007-2875	2007-07-18 22:56:01 UTC (rev 899)
@@ -3,7 +3,14 @@
  http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.20.y.git;a=commit;h=85badbdf5120d246ce2bb3f1a7689a805f9c9006
  http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.4
 Description: 
+ Integer underflow in the cpuset_tasks_read function in the Linux kernel
+ before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem
+ is mounted, allows local users to obtain kernel memory contents by using a
+ large offset when reading the /dev/cpuset/tasks file.
 Ubuntu-Description: 
+ An integer underflow was discovered in the cpuset filesystem.  If mounted,
+ local attackers could obtain kernel memory using large file offsets while
+ reading the tasks file. This could disclose sensitive data.
 Notes: 
  Use simple_read_from_buffer to avoid possible underflow in
  cpuset_tasks_read which could allow user to read kernel memory.
@@ -14,5 +21,5 @@
 2.6.8-sarge-security: 
 2.4.27-sarge-security: 
 2.6.15-dapper-security: pending (2.6.15-28.56)
-2.6.17-edgy-security: pending (2.6.17.1-11.39) [1448fa0c7be21a3c6c31b20d19a8ecfafdfea143]
+2.6.17-edgy-security: released (2.6.17.1-11.39) [1448fa0c7be21a3c6c31b20d19a8ecfafdfea143]
 2.6.20-feisty-security: pending (2.6.20-16.29) [b07fd0532409fb2332562abc2254376222d1e913]

Modified: active/CVE-2007-2876
===================================================================
--- active/CVE-2007-2876	2007-07-18 19:31:22 UTC (rev 898)
+++ active/CVE-2007-2876	2007-07-18 22:56:01 UTC (rev 899)
@@ -2,7 +2,15 @@
 References: 
  http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.4
 Description: 
+ The sctp_new function in (1) ip_conntrack_proto_sctp.c and (2)
+ nf_conntrack_proto_sctp.c in Netfilter in Linux kernel 2.6 before 2.6.20.13,
+ and 2.6.21.x before 2.6.21.4, allows remote attackers to cause a denial of
+ service by causing certain invalid states that trigger a NULL pointer
+ dereference.
 Ubuntu-Description: 
+ Vilmos Nebehaj discovered that the SCTP netfilter code did not correctly
+ validate certain states.  A remote attacker could send a specially crafted
+ packet causing a denial of service.
 Notes: 
  When creating a new connection by sending an unknown chunk type, we
  don't transition to a valid state, causing a NULL pointer dereference in
@@ -14,5 +22,5 @@
 2.6.8-sarge-security: N/A
 2.4.27-sarge-security: N/A
 2.6.15-dapper-security: pending (2.6.15-28.56)
-2.6.17-edgy-security: pending (2.6.17.1-11.39) [71405ef45b6a5da5419cf4580db7fe9666a63774]
+2.6.17-edgy-security: released (2.6.17.1-11.39) [71405ef45b6a5da5419cf4580db7fe9666a63774]
 2.6.20-feisty-security: pending (2.6.20-16.29) [b72e4ea43b03b980f6818a10050f2d65d347f36c]

Modified: active/CVE-2007-2878
===================================================================
--- active/CVE-2007-2878	2007-07-18 19:31:22 UTC (rev 898)
+++ active/CVE-2007-2878	2007-07-18 22:56:01 UTC (rev 899)
@@ -6,6 +6,9 @@
  on a 64-bit system, allow local users to corrupt a kernel_dirent struct
  and cause a denial of service (system crash) via unknown vectors.
 Ubuntu-Description: 
+ Luca Tettamanti discovered a flaw in the VFAT compat ioctls on 64-bit
+ systems.  A local attacker could corrupt a kernel_dirent struct and cause
+ a denial of service.
 Notes: 
  dannf> reproduced in etch using reproducer provided in the changeset
  dannf> backporting the fix only proved hazardous as there was some recent
@@ -20,5 +23,5 @@
 2.6.8-sarge-security: N/A
 2.4.27-sarge-security: N/A
 2.6.15-dapper-security: pending (2.6.15-28.56)
-2.6.17-edgy-security: pending (2.6.17.1-11.39) [6dbbec837f43196339b1638dc799d898fcba9302]
+2.6.17-edgy-security: released (2.6.17.1-11.39) [6dbbec837f43196339b1638dc799d898fcba9302]
 2.6.20-feisty-security: pending (2.6.20-16.29) [5825ab378271ac6ead26504a46b0d404b63592dc]

Modified: scripts/ubuntu-table
===================================================================
--- scripts/ubuntu-table	2007-07-18 19:31:22 UTC (rev 898)
+++ scripts/ubuntu-table	2007-07-18 22:56:01 UTC (rev 899)
@@ -30,7 +30,7 @@
     for rel in releases:
         if table[cve][rel] != 'N/A' and table[cve][rel] != 'released' and table[cve][rel] != '-unlisted-':
             ignore = 0
-        if table[cve][rel] == 'needed':
+        if table[cve][rel] == 'needed' or table[cve][rel] == 'deferred':
             needed = 1
         if table[cve][rel] == 'released':
             released = 1

More information about the kernel-sec-discuss mailing list