[kernel-sec-discuss] r1271 - dsa-texts
micah at alioth.debian.org
micah at alioth.debian.org
Wed Dec 3 17:23:21 UTC 2008
Author: micah
Date: 2008-12-03 17:23:20 +0000 (Wed, 03 Dec 2008)
New Revision: 1271
Modified:
dsa-texts/2.6.24-6~etchnhalf.7
Log:
fixed missing character, changed some words to reduce the redundancy
and justified the paragraphs
Modified: dsa-texts/2.6.24-6~etchnhalf.7
===================================================================
--- dsa-texts/2.6.24-6~etchnhalf.7 2008-12-02 21:49:06 UTC (rev 1270)
+++ dsa-texts/2.6.24-6~etchnhalf.7 2008-12-03 17:23:20 UTC (rev 1271)
@@ -14,25 +14,29 @@
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service or privilege escalation. The Common
-Vulnerabilities and Exposures project identifies the following problems:
+Vulnerabilities and Exposures project identifies the following
+problems:
CVE-2008-3528
- Eugene Teo reported a local DoS issue in the ext2 and ext3 filesystems.
- Local users who have been granted the privileges necessary to mount
- a filesystem would be able to craft a corrupted filesystem that
- causes the kernel to output error messages in an infinit loop.
+ Eugene Teo reported a local DoS issue in the ext2 and ext3
+ filesystems. Local users who have been granted the privileges
+ necessary to mount a filesystem would be able to craft a corrupted
+ filesystem that causes the kernel to output error messages in an
+ infinite loop.
CVE-2008-4554
Milos Szeredi reported that the usage of splice() on files opened
- with O_APPEND allows users to write to the file at arbitrary offsets,
- allowing a bypass of possible assumed semantics of the O_APPEND flag.
+ with O_APPEND allows users to write to the file at arbitrary
+ offsets, enabling a bypass of possible assumed semantics of the
+ O_APPEND flag.
CVE-2008-4576
- Vlad Yasevich reported an issue in the SCTP subsystem that may allow
- remote users to cause a local DoS by triggering a kernel oops.
+ Vlad Yasevich reported an issue in the SCTP subsystem that may
+ allow remote users to cause a local DoS by triggering a kernel
+ oops.
CVE-2008-4618
@@ -41,36 +45,38 @@
CVE-2008-4933
- Eric Sesterhenn reported a local DoS issue in the hfsplus filesystem.
- Local users who have been granted the privileges necessary to mount
- a filesystem would be able to craft a corrupted filesystem that
- causes the kernel to overrun a buffer, resulting in a system oops or
- memory corruption.
+ Eric Sesterhenn reported a local DoS issue in the hfsplus
+ filesystem. Local users who have been granted the privileges
+ necessary to mount a filesystem would be able to craft a corrupted
+ filesystem that causes the kernel to overrun a buffer, resulting
+ in a system oops or memory corruption.
CVE-2008-4934
- Eric Sesterhenn reported a local DoS issue in the hfsplus filesystem.
- Local users who have been granted the privileges necessary to mount
- a filesystem would be able to craft a corrupted filesystem that
- results in a kernel oops.
+ Eric Sesterhenn reported a local DoS issue in the hfsplus
+ filesystem. Local users who have been granted the privileges
+ necessary to mount a filesystem would be able to craft a corrupted
+ filesystem that results in a kernel oops.
CVE-2008-5025
Eric Sesterhenn reported a local DoS issue in the hfs filesystem.
- Local users who have been granted the privileges necessary to mount
- a filesystem would be able to craft a filesystem with a corrupted
- catalog name length, resulting in a system oops or memory corruption.
+ Local users who have been granted the privileges necessary to
+ mount a filesystem would be able to craft a filesystem with a
+ corrupted catalog name length, resulting in a system oops or
+ memory corruption.
CVE-2008-5029
- Andrea Bittau reported a DoS issue in the unix socket subsystem that
- allows a local user to cause memory corruption, resulting in a kernel
- panic.
+ Andrea Bittau reported a DoS issue in the unix socket subsystem
+ that allows a local user to cause memory corruption, resulting in
+ a kernel panic.
CVE-2008-5134
- Johannes Berg reported a remote DoS issue in the libertas wireless driver,
- which can be caused by a specially crafted beacon/probe response.
+ Johannes Berg reported a remote DoS issue in the libertas wireless
+ driver, which can be triggered by a specially crafted beacon/probe
+ response.
CVE-2008-5182
@@ -79,9 +85,10 @@
CVE-2008-5300
- dann frazier reported a DoS condition that allows local users to cause
- the out of memory handler to kill off privileged processes or trigger
- soft lockups due to a starvation issue in the unix socket subsystem.
+ Dann Frazier reported a DoS condition that allows local users to
+ cause the out of memory handler to kill off privileged processes
+ or trigger soft lockups due to a starvation issue in the unix
+ socket subsystem.
For the stable distribution (etch), these problems have been fixed in
version 2.6.24-6~etchnhalf.7.
More information about the kernel-sec-discuss
mailing list