[kernel-sec-discuss] r900 - active

keescook-guest at alioth.debian.org keescook-guest at alioth.debian.org
Thu Jul 19 14:10:28 UTC 2007 

Author: keescook-guest
Date: 2007-07-19 14:10:28 +0000 (Thu, 19 Jul 2007)
New Revision: 900

Added:
   active/CVE-2007-3380
Modified:
   active/CVE-2006-4623
   active/CVE-2006-7203
   active/CVE-2007-0005
   active/CVE-2007-1000
   active/CVE-2007-1353
   active/CVE-2007-1861
   active/CVE-2007-2453
   active/CVE-2007-2525
   active/CVE-2007-2875
   active/CVE-2007-2876
   active/CVE-2007-2878
   active/CVE-2007-3513
Log:
ubuntu dapper released, updated descriptions, added CVE-2007-3380 (still trying to find better references)

Modified: active/CVE-2006-4623
===================================================================
--- active/CVE-2006-4623	2007-07-18 22:56:01 UTC (rev 899)
+++ active/CVE-2006-4623	2007-07-19 14:10:28 UTC (rev 900)
@@ -7,6 +7,8 @@
  2.6.17.8 allows remote attackers to cause a denial of service (crash)
  via an SNDU length of 0 in a ULE packet.
 Ubuntu-Description:
+ A flaw was discovered in dvb ULE decapsulation.  A remote attacker could
+ send a specially crafted message and cause a denial of service.
 Notes: 
  mpitt> Questionable -- rather than fixing the kernel to not send out
 	invalid ULE packets, it should be fixed to not crash upon
@@ -24,6 +26,6 @@
 2.6.18-etch-security: N/A
 2.6.8-sarge-security: released (2.6.8-16sarge7) [dvb-core-handle-0-length-ule-sndu.dpatch]
 2.4.27-sarge-security: N/A
-2.6.15-dapper-security: pending (2.6.15-28.56)
+2.6.15-dapper-security: released (2.6.15-28.57)
 2.6.17-edgy: released (2.6.17.1-10.34)
 2.6.20-feisty-security: N/A

Modified: active/CVE-2006-7203
===================================================================
--- active/CVE-2006-7203	2007-07-18 22:56:01 UTC (rev 899)
+++ active/CVE-2006-7203	2007-07-19 14:10:28 UTC (rev 900)
@@ -17,6 +17,6 @@
 2.6.18-etch-security: released (2.6.18.dfsg.1-9) [bugfix/2.6.18.6]
 2.6.8-sarge-security: pending (2.6.8-17sarge1) [compat_sys_mount-NULL-data_page.dpatch]
 2.4.27-sarge-security: N/A
-2.6.15-dapper-security: pending (2.6.15-28.56)
+2.6.15-dapper-security: released (2.6.15-28.57)
 2.6.17-edgy-security: released (2.6.17.1-11.39) [b47f37617947e31bb19441e18714683e4ec86820]
 2.6.20-feisty-security: N/A

Modified: active/CVE-2007-0005
===================================================================
--- active/CVE-2007-0005	2007-07-18 22:56:01 UTC (rev 899)
+++ active/CVE-2007-0005	2007-07-19 14:10:28 UTC (rev 900)
@@ -15,6 +15,6 @@
 2.6.18-etch-security: released (2.6.18.dfsg.1-12etch1) [bugfix/cm4040-buffer-overflow.patch]
 2.6.8-sarge-security: N/A
 2.4.27-sarge-security: N/A
-2.6.15-dapper-security: pending (2.6.15-28.56)
+2.6.15-dapper-security: released (2.6.15-28.57)
 2.6.17-edgy-security: released (2.6.17.1-11.39) [059819a41d4331316dd8ddcf977a24ab338f4300]
 2.6.20-feisty-security: N/A

Modified: active/CVE-2007-1000
===================================================================
--- active/CVE-2007-1000	2007-07-18 22:56:01 UTC (rev 899)
+++ active/CVE-2007-1000	2007-07-19 14:10:28 UTC (rev 900)
@@ -15,6 +15,6 @@
 2.6.18-etch-security: released (2.6.18.dfsg.1-12) [bugfix/ipv6_getsockopt_sticky-null-opt.patch]
 2.6.8-sarge-security: N/A
 2.4.27-sarge-security: N/A
-2.6.15-dapper-security: pending (2.6.15-28.56)
+2.6.15-dapper-security: released (2.6.15-28.57)
 2.6.17-edgy-security: released (2.6.17.1-11.39) [c6a7d4a50efdc7ebd50158bcd57c981e85bd31f7]
 2.6.20-feisty-security: N/A

Modified: active/CVE-2007-1353
===================================================================
--- active/CVE-2007-1353	2007-07-18 22:56:01 UTC (rev 899)
+++ active/CVE-2007-1353	2007-07-19 14:10:28 UTC (rev 900)
@@ -21,6 +21,6 @@
 2.6.18-etch-security: pending (2.6.18.dfsg.1-13etch1) [bugfix/bluetooth-l2cap-hci-info-leaks.patch]
 2.6.8-sarge-security: 
 2.4.27-sarge-security: pending (2.4.27-10sarge6) [244_bluetooth-l2cap-hci-info-leaks.diff]
-2.6.15-dapper-security: pending (2.6.15-28.56)
+2.6.15-dapper-security: released (2.6.15-28.57)
 2.6.17-edgy-security: released (2.6.17.1-11.39) [6529b3249b30c826d8ab991d839c6cb4e952c1ed]
 2.6.20-feisty-security: released (2.6.20-16.29)

Modified: active/CVE-2007-1861
===================================================================
--- active/CVE-2007-1861	2007-07-18 22:56:01 UTC (rev 899)
+++ active/CVE-2007-1861	2007-07-19 14:10:28 UTC (rev 900)
@@ -19,6 +19,6 @@
 2.6.8-sarge-security: N/A
 2.4.27-sarge-security: N/A
 2.6.12-breezy-security: N/A
-2.6.15-dapper-security: pending (2.6.15-28.56)
+2.6.15-dapper-security: released (2.6.15-28.57)
 2.6.17-edgy-security: released (2.6.17.1-11.39) [a0819ea9cc4116f4d127c4e015ce146109be1f4b]
 2.6.20-feisty-security: N/A

Modified: active/CVE-2007-2453
===================================================================
--- active/CVE-2007-2453	2007-07-18 22:56:01 UTC (rev 899)
+++ active/CVE-2007-2453	2007-07-19 14:10:28 UTC (rev 900)
@@ -21,6 +21,6 @@
 2.6.18-etch-security: pending (2.6.18.dfsg.1-13etch1) [bugfix/random-fix-seeding-with-zero-entropy.patch, bugfix/random-fix-error-in-entropy-extraction.patch]
 2.6.8-sarge-security: 
 2.4.27-sarge-security: 
-2.6.15-dapper-security: pending (2.6.15-28.57)
+2.6.15-dapper-security: released (2.6.15-28.57)
 2.6.17-edgy-security: released (2.6.17.1-11.39)
 2.6.20-feisty-security: released (2.6.20-16.29)

Modified: active/CVE-2007-2525
===================================================================
--- active/CVE-2007-2525	2007-07-18 22:56:01 UTC (rev 899)
+++ active/CVE-2007-2525	2007-07-19 14:10:28 UTC (rev 900)
@@ -17,6 +17,6 @@
 2.6.18-etch-security: pending (2.6.18.dfsg.1-13etch1) [bugfix/pppoe-socket-release-mem-leak.patch]
 2.6.8-sarge-security: pending (2.6.8-17sarge1) [pppoe-socket-release-mem-leak.dpatch]
 2.4.27-sarge-security: needed
-2.6.15-dapper-security: pending (2.6.15-28.56)
+2.6.15-dapper-security: released (2.6.15-28.57)
 2.6.17-edgy-security: released (2.6.17.1-11.39) [123623f9ad4d9bbe55c03b33ce79123e948b107f]
 2.6.20-feisty-security: pending (2.6.20-16.29) [168038c2da7f984a07fd169270b2cac561e1c90c]

Modified: active/CVE-2007-2875
===================================================================
--- active/CVE-2007-2875	2007-07-18 22:56:01 UTC (rev 899)
+++ active/CVE-2007-2875	2007-07-19 14:10:28 UTC (rev 900)
@@ -20,6 +20,6 @@
 2.6.18-etch-security: 
 2.6.8-sarge-security: 
 2.4.27-sarge-security: 
-2.6.15-dapper-security: pending (2.6.15-28.56)
+2.6.15-dapper-security: released (2.6.15-28.57)
 2.6.17-edgy-security: released (2.6.17.1-11.39) [1448fa0c7be21a3c6c31b20d19a8ecfafdfea143]
 2.6.20-feisty-security: pending (2.6.20-16.29) [b07fd0532409fb2332562abc2254376222d1e913]

Modified: active/CVE-2007-2876
===================================================================
--- active/CVE-2007-2876	2007-07-18 22:56:01 UTC (rev 899)
+++ active/CVE-2007-2876	2007-07-19 14:10:28 UTC (rev 900)
@@ -21,6 +21,6 @@
 2.6.18-etch-security: pending (2.6.18.dfsg.1-13etch1) [bugfix/nf_conntrack_sctp-null-deref.patch]
 2.6.8-sarge-security: N/A
 2.4.27-sarge-security: N/A
-2.6.15-dapper-security: pending (2.6.15-28.56)
+2.6.15-dapper-security: released (2.6.15-28.57)
 2.6.17-edgy-security: released (2.6.17.1-11.39) [71405ef45b6a5da5419cf4580db7fe9666a63774]
 2.6.20-feisty-security: pending (2.6.20-16.29) [b72e4ea43b03b980f6818a10050f2d65d347f36c]

Modified: active/CVE-2007-2878
===================================================================
--- active/CVE-2007-2878	2007-07-18 22:56:01 UTC (rev 899)
+++ active/CVE-2007-2878	2007-07-19 14:10:28 UTC (rev 900)
@@ -22,6 +22,6 @@
 2.6.18-etch-security: pending (2.6.18.dfsg1-13etch1) [bugfix/fat-fix-compat-ioctls.patch, bugfix/fat-move-ioctl-compat-code.patch]
 2.6.8-sarge-security: N/A
 2.4.27-sarge-security: N/A
-2.6.15-dapper-security: pending (2.6.15-28.56)
+2.6.15-dapper-security: released (2.6.15-28.57)
 2.6.17-edgy-security: released (2.6.17.1-11.39) [6dbbec837f43196339b1638dc799d898fcba9302]
 2.6.20-feisty-security: pending (2.6.20-16.29) [5825ab378271ac6ead26504a46b0d404b63592dc]

Added: active/CVE-2007-3380
===================================================================
--- active/CVE-2007-3380	                        (rev 0)
+++ active/CVE-2007-3380	2007-07-19 14:10:28 UTC (rev 900)
@@ -0,0 +1,16 @@
+Candidate: CVE-2007-3380
+References: 
+Description: 
+Ubuntu-Description: 
+ A flaw was discovered in the cluster manager.  A remote attacker could
+ connect to the DLM port and block further DLM operations.
+Notes: 
+Bugs: 
+upstream: 
+linux-2.6: 
+2.6.18-etch-security: 
+2.6.8-sarge-security: 
+2.4.27-sarge-security: 
+2.6.15-dapper-security: released (2.6.15-28.57)
+2.6.17-edgy-security: N/A
+2.6.20-feisty-security: N/A

Modified: active/CVE-2007-3513
===================================================================
--- active/CVE-2007-3513	2007-07-18 22:56:01 UTC (rev 899)
+++ active/CVE-2007-3513	2007-07-19 14:10:28 UTC (rev 900)
@@ -5,6 +5,8 @@
  before 2.6.22-rc7 does not limit the amount of memory used by a caller,
  which allows local users to cause a denial of service (memory consumption). 
 Ubuntu-Description: 
+ A flaw was discovered in the usblcd driver.  A local attacker could cause
+ large amounts of kernel memory consumption, leading to a denial of service.
 Notes: 
 Bugs: 
 upstream: released (2.6.22-rc7)
@@ -12,6 +14,6 @@
 2.6.18-etch-security: pending (2.6.18.dfsg.1-13etch1) [bugfix/usblcd-limit-memory-consumption.patch]
 2.6.8-sarge-security: 
 2.4.27-sarge-security: 
-2.6.15-dapper-security:  pending (2.6.15-28.56)
+2.6.15-dapper-security:  released (2.6.15-28.57)
 2.6.17-edgy-security: 
 2.6.20-feisty-security:

More information about the kernel-sec-discuss mailing list