[kernel-sec-discuss] r964 - active

keescook-guest at alioth.debian.org keescook-guest at alioth.debian.org
Mon Sep 24 20:41:34 UTC 2007 

Author: keescook-guest
Date: 2007-09-24 20:41:34 +0000 (Mon, 24 Sep 2007)
New Revision: 964

Modified:
   active/CVE-2007-3731
   active/CVE-2007-3739
   active/CVE-2007-3740
   active/CVE-2007-4573
Log:
releasing ubuntu updates

Modified: active/CVE-2007-3731
===================================================================
--- active/CVE-2007-3731	2007-09-23 17:39:29 UTC (rev 963)
+++ active/CVE-2007-3731	2007-09-24 20:41:34 UTC (rev 964)
@@ -12,6 +12,9 @@
  requests, related to the TRACE_IRQS_ON function, and possibly related to the
  arch_ptrace function.
 Ubuntu-Description: 
+ Evan Teran discovered that the Linux kernel ptrace routines did not
+ correctly handle certain requests robustly.  Local attackers could
+ exploit this to crash the system, causing a denial of service.
 Notes: 
  dannf> Note that the description is somewhat misleading - I can reproduce
         on 2.6.18, so its not limited to 2.6.20 and 2.6.21
@@ -21,6 +24,6 @@
 2.6.18-etch-security: pending (2.6.18.dfsg.1-13etch3) [bugfix/ptrace-handle-bogus-selector.patch, bugfix/fixup-trace_irq-breakage.patch]
 2.6.8-sarge-security: 
 2.4.27-sarge-security: 
-2.6.15-dapper-security: pending (2.6.15-29.59)
-2.6.17-edgy-security: pending (2.6.17.1-12.41 17fc2937158a31e501e7e0aae9e3951b9ca49a0a, cd01b60fda15bb9d76eecf9420c989c3248881f6)
-2.6.20-feisty-security: pending (2.6.20-16.32 6227bc5e0cc5f5993c51f05f77d4602d5602b888, 2d7bfc148eece4514edf175b7e75d7fa48555fa2)
+2.6.15-dapper-security: released (2.6.15-29.59)
+2.6.17-edgy-security: released (2.6.17.1-12.41 17fc2937158a31e501e7e0aae9e3951b9ca49a0a, cd01b60fda15bb9d76eecf9420c989c3248881f6)
+2.6.20-feisty-security: released (2.6.20-16.32 6227bc5e0cc5f5993c51f05f77d4602d5602b888, 2d7bfc148eece4514edf175b7e75d7fa48555fa2)

Modified: active/CVE-2007-3739
===================================================================
--- active/CVE-2007-3739	2007-09-23 17:39:29 UTC (rev 963)
+++ active/CVE-2007-3739	2007-09-24 20:41:34 UTC (rev 964)
@@ -7,6 +7,9 @@
  memory, which allows local users to cause a denial of service (OOPS)
  via unspecified vectors.
 Ubuntu-Description: 
+ It was discovered that hugetlb kernels on PowerPC systems did not prevent
+ the stack from colliding with reserved kernel memory.  Local attackers
+ could exploit this and crash the system, causing a denial of service.
 Notes: 
 Bugs: 
 upstream: 
@@ -14,6 +17,6 @@
 2.6.18-etch-security: 
 2.6.8-sarge-security: 
 2.4.27-sarge-security: 
-2.6.15-dapper-security: pending (2.6.15-29.59)
-2.6.17-edgy-security: pending (2.6.17.1-12.41 ae30f170a8c2988179b2b34c7e562f57eb0556bc)
-2.6.20-feisty-security: pending (2.6.20-16.32 e84eef7bd84cb46ae573e21d4047fa2a65072294)
+2.6.15-dapper-security: released (2.6.15-29.59)
+2.6.17-edgy-security: released (2.6.17.1-12.41 ae30f170a8c2988179b2b34c7e562f57eb0556bc)
+2.6.20-feisty-security: released (2.6.20-16.32 e84eef7bd84cb46ae573e21d4047fa2a65072294)

Modified: active/CVE-2007-3740
===================================================================
--- active/CVE-2007-3740	2007-09-23 17:39:29 UTC (rev 963)
+++ active/CVE-2007-3740	2007-09-24 20:41:34 UTC (rev 964)
@@ -6,6 +6,9 @@
  not honor the umask of a process, which allows local users to gain
  privileges.
 Ubuntu-Description: 
+ It was discovered that certain CIFS filesystem actions did not honor the
+ umask of a process.  Local attackers could exploit this to gain additional
+ privileges.
 Notes: 
 Bugs: 
 upstream: 
@@ -13,6 +16,6 @@
 2.6.18-etch-security: 
 2.6.8-sarge-security: 
 2.4.27-sarge-security: 
-2.6.15-dapper-security: pending (2.6.15-29.59)
-2.6.17-edgy-security: pending (2.6.17.1-12.41 79255d92e1277021fc1be8e72897fe6177ab9b67)
-2.6.20-feisty-security: pending (2.6.20-16.32 d01415424757d4573d6fb28e44858607dca80eaa)
+2.6.15-dapper-security: released (2.6.15-29.59)
+2.6.17-edgy-security: released (2.6.17.1-12.41 79255d92e1277021fc1be8e72897fe6177ab9b67)
+2.6.20-feisty-security: released (2.6.20-16.32 d01415424757d4573d6fb28e44858607dca80eaa)

Modified: active/CVE-2007-4573
===================================================================
--- active/CVE-2007-4573	2007-09-23 17:39:29 UTC (rev 963)
+++ active/CVE-2007-4573	2007-09-24 20:41:34 UTC (rev 964)
@@ -3,6 +3,9 @@
  http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=176df2457ef6207156ca1a40991c54ca01fef567
 Description: 
 Ubuntu-Description: 
+ Wojciech Purczynski discovered that the Linux kernel ia32 syscall
+ emulation in x86_64 kernels did not correctly clear the high bits of
+ registers.  Local attackers could exploit this to gain root privileges.
 Notes: 
 Bugs: 
 upstream: released (2.6.22.7)
@@ -10,6 +13,6 @@
 2.6.18-etch-security: 
 2.6.8-sarge-security: 
 2.4.27-sarge-security: 
-2.6.15-dapper-security: pending (2.6.15-29.59)
-2.6.17-edgy-security: pending (bac7adb35e5a3630511249b4f1bbdaff3b574455)
-2.6.20-feisty-security: pending (2.6.20-16.32 1145a8797aa4994275922e9fde299e7bb115edf0)
+2.6.15-dapper-security: released (2.6.15-29.59)
+2.6.17-edgy-security: released (2.6.17.1-12.41 bac7adb35e5a3630511249b4f1bbdaff3b574455)
+2.6.20-feisty-security: released (2.6.20-16.32 1145a8797aa4994275922e9fde299e7bb115edf0)

More information about the kernel-sec-discuss mailing list