[kernel-sec-discuss] r858 - active retired

jmm at alioth.debian.org jmm at alioth.debian.org
Mon Jun 18 20:50:10 UTC 2007 

Author: jmm
Date: 2007-06-18 20:50:10 +0000 (Mon, 18 Jun 2007)
New Revision: 858

Added:
   retired/CVE-2007-1496
Removed:
   active/CVE-2007-1496
Log:
retire CVE-2007-1496


Deleted: active/CVE-2007-1496
===================================================================
--- active/CVE-2007-1496	2007-06-18 20:49:37 UTC (rev 857)
+++ active/CVE-2007-1496	2007-06-18 20:50:10 UTC (rev 858)
@@ -1,24 +0,0 @@
-Candidate: CVE-2007-1496
-References:
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=dd16704eba171b32ef0cded3a4f562b33b911066
-Description: 
- nfnetlink_log in netfilter in the Linux kernel before 2.6.20.3 allows
- attackers to cause a denial of service (crash) via unspecified
- vectors involving the (1) nfulnl_recv_config function, (2) using
- "multiple packets per netlink message", and (3) bridged packets,
- which trigger a NULL pointer dereference.
-Ubuntu-Description: 
- A Denial of Service vulnerability was discovered in the
- nfnetlink_log() netfilter function. A remote attacker could exploit
- this to trigger a kernel crash.
-Notes: 
- dannf> file doesn't exist in 2.4.27/2.6.8
-Bugs: 
-upstream: released (2.6.20.3, 2.6.21)
-linux-2.6: released (2.6.20-1)
-2.6.18-etch-security: released (2.6.18.dfsg.1-12etch2) [bugfix/nfnetlink_log-null-deref.patch]
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.6.15-dapper-security: released (2.6.15-28.53)
-2.6.17-edgy-security: released (2.6.17.1-11.38)
-2.6.20-feisty-security: N/A

Copied: retired/CVE-2007-1496 (from rev 843, active/CVE-2007-1496)
===================================================================
--- retired/CVE-2007-1496	                        (rev 0)
+++ retired/CVE-2007-1496	2007-06-18 20:50:10 UTC (rev 858)
@@ -0,0 +1,24 @@
+Candidate: CVE-2007-1496
+References:
+ http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=dd16704eba171b32ef0cded3a4f562b33b911066
+Description: 
+ nfnetlink_log in netfilter in the Linux kernel before 2.6.20.3 allows
+ attackers to cause a denial of service (crash) via unspecified
+ vectors involving the (1) nfulnl_recv_config function, (2) using
+ "multiple packets per netlink message", and (3) bridged packets,
+ which trigger a NULL pointer dereference.
+Ubuntu-Description: 
+ A Denial of Service vulnerability was discovered in the
+ nfnetlink_log() netfilter function. A remote attacker could exploit
+ this to trigger a kernel crash.
+Notes: 
+ dannf> file doesn't exist in 2.4.27/2.6.8
+Bugs: 
+upstream: released (2.6.20.3, 2.6.21)
+linux-2.6: released (2.6.20-1)
+2.6.18-etch-security: released (2.6.18.dfsg.1-12etch2) [bugfix/nfnetlink_log-null-deref.patch]
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.6.15-dapper-security: released (2.6.15-28.53)
+2.6.17-edgy-security: released (2.6.17.1-11.38)
+2.6.20-feisty-security: N/A

More information about the kernel-sec-discuss mailing list