[kernel-sec-discuss] r1271 - dsa-texts

micah at alioth.debian.org micah at alioth.debian.org
Wed Dec 3 17:23:21 UTC 2008 

Author: micah
Date: 2008-12-03 17:23:20 +0000 (Wed, 03 Dec 2008)
New Revision: 1271

Modified:
   dsa-texts/2.6.24-6~etchnhalf.7
Log:
fixed missing character, changed some words to reduce the redundancy
and justified the paragraphs


Modified: dsa-texts/2.6.24-6~etchnhalf.7
===================================================================
--- dsa-texts/2.6.24-6~etchnhalf.7	2008-12-02 21:49:06 UTC (rev 1270)
+++ dsa-texts/2.6.24-6~etchnhalf.7	2008-12-03 17:23:20 UTC (rev 1271)
@@ -14,25 +14,29 @@
 
 Several vulnerabilities have been discovered in the Linux kernel that
 may lead to a denial of service or privilege escalation. The Common
-Vulnerabilities and Exposures project identifies the following problems:
+Vulnerabilities and Exposures project identifies the following
+problems:
 
 CVE-2008-3528
 
-    Eugene Teo reported a local DoS issue in the ext2 and ext3 filesystems.
-    Local users who have been granted the privileges necessary to mount
-    a filesystem would be able to craft a corrupted filesystem that
-    causes the kernel to output error messages in an infinit loop.
+    Eugene Teo reported a local DoS issue in the ext2 and ext3
+    filesystems.  Local users who have been granted the privileges
+    necessary to mount a filesystem would be able to craft a corrupted
+    filesystem that causes the kernel to output error messages in an
+    infinite loop.
 
 CVE-2008-4554
 
     Milos Szeredi reported that the usage of splice() on files opened
-    with O_APPEND allows users to write to the file at arbitrary offsets,
-    allowing a bypass of possible assumed semantics of the O_APPEND flag.
+    with O_APPEND allows users to write to the file at arbitrary
+    offsets, enabling a bypass of possible assumed semantics of the
+    O_APPEND flag.
 
 CVE-2008-4576
 
-    Vlad Yasevich reported an issue in the SCTP subsystem that may allow
-    remote users to cause a local DoS by triggering a kernel oops.
+    Vlad Yasevich reported an issue in the SCTP subsystem that may
+    allow remote users to cause a local DoS by triggering a kernel
+    oops.
 
 CVE-2008-4618
 
@@ -41,36 +45,38 @@
 
 CVE-2008-4933
 
-    Eric Sesterhenn reported a local DoS issue in the hfsplus filesystem.
-    Local users who have been granted the privileges necessary to mount
-    a filesystem would be able to craft a corrupted filesystem that
-    causes the kernel to overrun a buffer, resulting in a system oops or
-    memory corruption.
+    Eric Sesterhenn reported a local DoS issue in the hfsplus
+    filesystem.  Local users who have been granted the privileges
+    necessary to mount a filesystem would be able to craft a corrupted
+    filesystem that causes the kernel to overrun a buffer, resulting
+    in a system oops or memory corruption.
 
 CVE-2008-4934
 
-    Eric Sesterhenn reported a local DoS issue in the hfsplus filesystem.
-    Local users who have been granted the privileges necessary to mount
-    a filesystem would be able to craft a corrupted filesystem that
-    results in a kernel oops.
+    Eric Sesterhenn reported a local DoS issue in the hfsplus
+    filesystem.  Local users who have been granted the privileges
+    necessary to mount a filesystem would be able to craft a corrupted
+    filesystem that results in a kernel oops.
 
 CVE-2008-5025
 
     Eric Sesterhenn reported a local DoS issue in the hfs filesystem.
-    Local users who have been granted the privileges necessary to mount
-    a filesystem would be able to craft a filesystem with a corrupted
-    catalog name length, resulting in a system oops or memory corruption.
+    Local users who have been granted the privileges necessary to
+    mount a filesystem would be able to craft a filesystem with a
+    corrupted catalog name length, resulting in a system oops or
+    memory corruption.
 
 CVE-2008-5029
 
-    Andrea Bittau reported a DoS issue in the unix socket subsystem that
-    allows a local user to cause memory corruption, resulting in a kernel
-    panic.
+    Andrea Bittau reported a DoS issue in the unix socket subsystem
+    that allows a local user to cause memory corruption, resulting in
+    a kernel panic.
 
 CVE-2008-5134
 
-    Johannes Berg reported a remote DoS issue in the libertas wireless driver,
-    which can be caused by a specially crafted beacon/probe response.
+    Johannes Berg reported a remote DoS issue in the libertas wireless
+    driver, which can be triggered by a specially crafted beacon/probe
+    response.
 
 CVE-2008-5182
 
@@ -79,9 +85,10 @@
 
 CVE-2008-5300
 
-    dann frazier reported a DoS condition that allows local users to cause
-    the out of memory handler to kill off privileged processes or trigger
-    soft lockups due to a starvation issue in the unix socket subsystem.
+    Dann Frazier reported a DoS condition that allows local users to
+    cause the out of memory handler to kill off privileged processes
+    or trigger soft lockups due to a starvation issue in the unix
+    socket subsystem.
 
 For the stable distribution (etch), these problems have been fixed in
 version 2.6.24-6~etchnhalf.7.

More information about the kernel-sec-discuss mailing list