[kernel-sec-discuss] r900 - active
keescook-guest at alioth.debian.org
keescook-guest at alioth.debian.org
Thu Jul 19 14:10:28 UTC 2007
Author: keescook-guest
Date: 2007-07-19 14:10:28 +0000 (Thu, 19 Jul 2007)
New Revision: 900
Added:
active/CVE-2007-3380
Modified:
active/CVE-2006-4623
active/CVE-2006-7203
active/CVE-2007-0005
active/CVE-2007-1000
active/CVE-2007-1353
active/CVE-2007-1861
active/CVE-2007-2453
active/CVE-2007-2525
active/CVE-2007-2875
active/CVE-2007-2876
active/CVE-2007-2878
active/CVE-2007-3513
Log:
ubuntu dapper released, updated descriptions, added CVE-2007-3380 (still trying to find better references)
Modified: active/CVE-2006-4623
===================================================================
--- active/CVE-2006-4623 2007-07-18 22:56:01 UTC (rev 899)
+++ active/CVE-2006-4623 2007-07-19 14:10:28 UTC (rev 900)
@@ -7,6 +7,8 @@
2.6.17.8 allows remote attackers to cause a denial of service (crash)
via an SNDU length of 0 in a ULE packet.
Ubuntu-Description:
+ A flaw was discovered in dvb ULE decapsulation. A remote attacker could
+ send a specially crafted message and cause a denial of service.
Notes:
mpitt> Questionable -- rather than fixing the kernel to not send out
invalid ULE packets, it should be fixed to not crash upon
@@ -24,6 +26,6 @@
2.6.18-etch-security: N/A
2.6.8-sarge-security: released (2.6.8-16sarge7) [dvb-core-handle-0-length-ule-sndu.dpatch]
2.4.27-sarge-security: N/A
-2.6.15-dapper-security: pending (2.6.15-28.56)
+2.6.15-dapper-security: released (2.6.15-28.57)
2.6.17-edgy: released (2.6.17.1-10.34)
2.6.20-feisty-security: N/A
Modified: active/CVE-2006-7203
===================================================================
--- active/CVE-2006-7203 2007-07-18 22:56:01 UTC (rev 899)
+++ active/CVE-2006-7203 2007-07-19 14:10:28 UTC (rev 900)
@@ -17,6 +17,6 @@
2.6.18-etch-security: released (2.6.18.dfsg.1-9) [bugfix/2.6.18.6]
2.6.8-sarge-security: pending (2.6.8-17sarge1) [compat_sys_mount-NULL-data_page.dpatch]
2.4.27-sarge-security: N/A
-2.6.15-dapper-security: pending (2.6.15-28.56)
+2.6.15-dapper-security: released (2.6.15-28.57)
2.6.17-edgy-security: released (2.6.17.1-11.39) [b47f37617947e31bb19441e18714683e4ec86820]
2.6.20-feisty-security: N/A
Modified: active/CVE-2007-0005
===================================================================
--- active/CVE-2007-0005 2007-07-18 22:56:01 UTC (rev 899)
+++ active/CVE-2007-0005 2007-07-19 14:10:28 UTC (rev 900)
@@ -15,6 +15,6 @@
2.6.18-etch-security: released (2.6.18.dfsg.1-12etch1) [bugfix/cm4040-buffer-overflow.patch]
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
-2.6.15-dapper-security: pending (2.6.15-28.56)
+2.6.15-dapper-security: released (2.6.15-28.57)
2.6.17-edgy-security: released (2.6.17.1-11.39) [059819a41d4331316dd8ddcf977a24ab338f4300]
2.6.20-feisty-security: N/A
Modified: active/CVE-2007-1000
===================================================================
--- active/CVE-2007-1000 2007-07-18 22:56:01 UTC (rev 899)
+++ active/CVE-2007-1000 2007-07-19 14:10:28 UTC (rev 900)
@@ -15,6 +15,6 @@
2.6.18-etch-security: released (2.6.18.dfsg.1-12) [bugfix/ipv6_getsockopt_sticky-null-opt.patch]
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
-2.6.15-dapper-security: pending (2.6.15-28.56)
+2.6.15-dapper-security: released (2.6.15-28.57)
2.6.17-edgy-security: released (2.6.17.1-11.39) [c6a7d4a50efdc7ebd50158bcd57c981e85bd31f7]
2.6.20-feisty-security: N/A
Modified: active/CVE-2007-1353
===================================================================
--- active/CVE-2007-1353 2007-07-18 22:56:01 UTC (rev 899)
+++ active/CVE-2007-1353 2007-07-19 14:10:28 UTC (rev 900)
@@ -21,6 +21,6 @@
2.6.18-etch-security: pending (2.6.18.dfsg.1-13etch1) [bugfix/bluetooth-l2cap-hci-info-leaks.patch]
2.6.8-sarge-security:
2.4.27-sarge-security: pending (2.4.27-10sarge6) [244_bluetooth-l2cap-hci-info-leaks.diff]
-2.6.15-dapper-security: pending (2.6.15-28.56)
+2.6.15-dapper-security: released (2.6.15-28.57)
2.6.17-edgy-security: released (2.6.17.1-11.39) [6529b3249b30c826d8ab991d839c6cb4e952c1ed]
2.6.20-feisty-security: released (2.6.20-16.29)
Modified: active/CVE-2007-1861
===================================================================
--- active/CVE-2007-1861 2007-07-18 22:56:01 UTC (rev 899)
+++ active/CVE-2007-1861 2007-07-19 14:10:28 UTC (rev 900)
@@ -19,6 +19,6 @@
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
2.6.12-breezy-security: N/A
-2.6.15-dapper-security: pending (2.6.15-28.56)
+2.6.15-dapper-security: released (2.6.15-28.57)
2.6.17-edgy-security: released (2.6.17.1-11.39) [a0819ea9cc4116f4d127c4e015ce146109be1f4b]
2.6.20-feisty-security: N/A
Modified: active/CVE-2007-2453
===================================================================
--- active/CVE-2007-2453 2007-07-18 22:56:01 UTC (rev 899)
+++ active/CVE-2007-2453 2007-07-19 14:10:28 UTC (rev 900)
@@ -21,6 +21,6 @@
2.6.18-etch-security: pending (2.6.18.dfsg.1-13etch1) [bugfix/random-fix-seeding-with-zero-entropy.patch, bugfix/random-fix-error-in-entropy-extraction.patch]
2.6.8-sarge-security:
2.4.27-sarge-security:
-2.6.15-dapper-security: pending (2.6.15-28.57)
+2.6.15-dapper-security: released (2.6.15-28.57)
2.6.17-edgy-security: released (2.6.17.1-11.39)
2.6.20-feisty-security: released (2.6.20-16.29)
Modified: active/CVE-2007-2525
===================================================================
--- active/CVE-2007-2525 2007-07-18 22:56:01 UTC (rev 899)
+++ active/CVE-2007-2525 2007-07-19 14:10:28 UTC (rev 900)
@@ -17,6 +17,6 @@
2.6.18-etch-security: pending (2.6.18.dfsg.1-13etch1) [bugfix/pppoe-socket-release-mem-leak.patch]
2.6.8-sarge-security: pending (2.6.8-17sarge1) [pppoe-socket-release-mem-leak.dpatch]
2.4.27-sarge-security: needed
-2.6.15-dapper-security: pending (2.6.15-28.56)
+2.6.15-dapper-security: released (2.6.15-28.57)
2.6.17-edgy-security: released (2.6.17.1-11.39) [123623f9ad4d9bbe55c03b33ce79123e948b107f]
2.6.20-feisty-security: pending (2.6.20-16.29) [168038c2da7f984a07fd169270b2cac561e1c90c]
Modified: active/CVE-2007-2875
===================================================================
--- active/CVE-2007-2875 2007-07-18 22:56:01 UTC (rev 899)
+++ active/CVE-2007-2875 2007-07-19 14:10:28 UTC (rev 900)
@@ -20,6 +20,6 @@
2.6.18-etch-security:
2.6.8-sarge-security:
2.4.27-sarge-security:
-2.6.15-dapper-security: pending (2.6.15-28.56)
+2.6.15-dapper-security: released (2.6.15-28.57)
2.6.17-edgy-security: released (2.6.17.1-11.39) [1448fa0c7be21a3c6c31b20d19a8ecfafdfea143]
2.6.20-feisty-security: pending (2.6.20-16.29) [b07fd0532409fb2332562abc2254376222d1e913]
Modified: active/CVE-2007-2876
===================================================================
--- active/CVE-2007-2876 2007-07-18 22:56:01 UTC (rev 899)
+++ active/CVE-2007-2876 2007-07-19 14:10:28 UTC (rev 900)
@@ -21,6 +21,6 @@
2.6.18-etch-security: pending (2.6.18.dfsg.1-13etch1) [bugfix/nf_conntrack_sctp-null-deref.patch]
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
-2.6.15-dapper-security: pending (2.6.15-28.56)
+2.6.15-dapper-security: released (2.6.15-28.57)
2.6.17-edgy-security: released (2.6.17.1-11.39) [71405ef45b6a5da5419cf4580db7fe9666a63774]
2.6.20-feisty-security: pending (2.6.20-16.29) [b72e4ea43b03b980f6818a10050f2d65d347f36c]
Modified: active/CVE-2007-2878
===================================================================
--- active/CVE-2007-2878 2007-07-18 22:56:01 UTC (rev 899)
+++ active/CVE-2007-2878 2007-07-19 14:10:28 UTC (rev 900)
@@ -22,6 +22,6 @@
2.6.18-etch-security: pending (2.6.18.dfsg1-13etch1) [bugfix/fat-fix-compat-ioctls.patch, bugfix/fat-move-ioctl-compat-code.patch]
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
-2.6.15-dapper-security: pending (2.6.15-28.56)
+2.6.15-dapper-security: released (2.6.15-28.57)
2.6.17-edgy-security: released (2.6.17.1-11.39) [6dbbec837f43196339b1638dc799d898fcba9302]
2.6.20-feisty-security: pending (2.6.20-16.29) [5825ab378271ac6ead26504a46b0d404b63592dc]
Added: active/CVE-2007-3380
===================================================================
--- active/CVE-2007-3380 (rev 0)
+++ active/CVE-2007-3380 2007-07-19 14:10:28 UTC (rev 900)
@@ -0,0 +1,16 @@
+Candidate: CVE-2007-3380
+References:
+Description:
+Ubuntu-Description:
+ A flaw was discovered in the cluster manager. A remote attacker could
+ connect to the DLM port and block further DLM operations.
+Notes:
+Bugs:
+upstream:
+linux-2.6:
+2.6.18-etch-security:
+2.6.8-sarge-security:
+2.4.27-sarge-security:
+2.6.15-dapper-security: released (2.6.15-28.57)
+2.6.17-edgy-security: N/A
+2.6.20-feisty-security: N/A
Modified: active/CVE-2007-3513
===================================================================
--- active/CVE-2007-3513 2007-07-18 22:56:01 UTC (rev 899)
+++ active/CVE-2007-3513 2007-07-19 14:10:28 UTC (rev 900)
@@ -5,6 +5,8 @@
before 2.6.22-rc7 does not limit the amount of memory used by a caller,
which allows local users to cause a denial of service (memory consumption).
Ubuntu-Description:
+ A flaw was discovered in the usblcd driver. A local attacker could cause
+ large amounts of kernel memory consumption, leading to a denial of service.
Notes:
Bugs:
upstream: released (2.6.22-rc7)
@@ -12,6 +14,6 @@
2.6.18-etch-security: pending (2.6.18.dfsg.1-13etch1) [bugfix/usblcd-limit-memory-consumption.patch]
2.6.8-sarge-security:
2.4.27-sarge-security:
-2.6.15-dapper-security: pending (2.6.15-28.56)
+2.6.15-dapper-security: released (2.6.15-28.57)
2.6.17-edgy-security:
2.6.20-feisty-security:
More information about the kernel-sec-discuss
mailing list