[kernel-sec-discuss] r853 - active
keescook-guest at alioth.debian.org
keescook-guest at alioth.debian.org
Fri Jun 8 23:08:14 UTC 2007
Author: keescook-guest
Date: 2007-06-08 23:08:14 +0000 (Fri, 08 Jun 2007)
New Revision: 853
Modified:
active/CVE-2007-1353
active/CVE-2007-2451
active/CVE-2007-2453
Log:
ubuntu updates
Modified: active/CVE-2007-1353
===================================================================
--- active/CVE-2007-1353 2007-06-07 23:01:38 UTC (rev 852)
+++ active/CVE-2007-1353 2007-06-08 23:08:14 UTC (rev 853)
@@ -10,6 +10,9 @@
memory and obtain sensitive information via unspecified vectors involving the
copy_from_user function accessing an uninitialized stack buffer.
Ubuntu-Description:
+ Ilja van Sprundel discovered that Bluetooth setsockopt calls could leak
+ kernel memory contents via an uninitialized stack buffer. A local
+ attacker could exploit this flaw to view sensitive kernel information.
Notes:
Bugs:
upstream:
@@ -19,4 +22,4 @@
2.4.27-sarge-security: pending (2.4.27-10sarge6) [244_bluetooth-l2cap-hci-info-leaks.diff]
2.6.15-dapper-security: needed
2.6.17-edgy-security: needed
-2.6.20-feisty-security: pending (linux-source-2.6.20-16.29)
+2.6.20-feisty-security: published (linux-source-2.6.20-16.29)
Modified: active/CVE-2007-2451
===================================================================
--- active/CVE-2007-2451 2007-06-07 23:01:38 UTC (rev 852)
+++ active/CVE-2007-2451 2007-06-08 23:08:14 UTC (rev 853)
@@ -2,7 +2,12 @@
References:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=761e784673d79c8ea9befdad31e30c65e0d20b82
Description:
+ Unspecified vulnerability in drivers/crypto/geode-aes.c in GEODE-AES in
+ the Linux kernel before 2.6.21.3 allows attackers to obtain sensitive
+ information via unspecified vectors.
Ubuntu-Description:
+ The GEODE-AES driver did not correctly initialize the encryption key.
+ Any data encrypted using this type of device would be easily compromised.
Notes:
jmm> Vulnerable code was introduced after 2.6.19 release
Bugs:
@@ -13,4 +18,4 @@
2.4.27-sarge-security: N/A
2.6.15-dapper-security: N/A
2.6.17-edgy-security: N/A
-2.6.20-feisty-security: pending (linux-source-2.6.20-16.29)
+2.6.20-feisty-security: published (linux-source-2.6.20-16.29)
Modified: active/CVE-2007-2453
===================================================================
--- active/CVE-2007-2453 2007-06-07 23:01:38 UTC (rev 852)
+++ active/CVE-2007-2453 2007-06-08 23:08:14 UTC (rev 853)
@@ -4,6 +4,10 @@
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=602b6aeefe8932dd8bb15014e8fe6bb25d736361
Description:
Ubuntu-Description:
+ The random number generator was hashing a subset of the available
+ entropy, leading to slightly less random numbers. Additionally, systems
+ without an entropy source would be seeded with the same inputs at boot
+ time, leading to a repeatable series of random numbers.
Notes:
Bugs:
upstream:
@@ -13,4 +17,4 @@
2.4.27-sarge-security:
2.6.15-dapper-security: needed
2.6.17-edgy-security: needed
-2.6.20-feisty-security: pending (linux-source-2.6.20-16.29)
+2.6.20-feisty-security: published (linux-source-2.6.20-16.29)
More information about the kernel-sec-discuss
mailing list