[kernel-sec-discuss] r1283 - active

dannf at alioth.debian.org dannf at alioth.debian.org
Thu Dec 25 21:22:25 UTC 2008 

Author: dannf
Date: 2008-12-25 21:22:24 +0000 (Thu, 25 Dec 2008)
New Revision: 1283

Added:
   active/CVE-2008-5702
   active/CVE-2008-5713
Log:
new issues

Copied: active/CVE-2008-5702 (from rev 1281, active/00boilerplate)
===================================================================
--- active/CVE-2008-5702	                        (rev 0)
+++ active/CVE-2008-5702	2008-12-25 21:22:24 UTC (rev 1283)
@@ -0,0 +1,27 @@
+Candidate: CVE-2008-5702
+Description:
+ Buffer underflow in the ibwdt_ioctl function in
+ drivers/watchdog/ib700wdt.c in the Linux kernel before 2.6.28-rc1
+ might allow local users to have an unknown impact via a certain
+ /dev/watchdog WDIOC_SETTIMEOUT IOCTL call.
+References:
+ http://lkml.org/lkml/2008/10/5/173
+ http://openwall.com/lists/oss-security/2008/12/10/2
+ http://openwall.com/lists/oss-security/2008/12/17/6
+ http://openwall.com/lists/oss-security/2008/12/17/9
+ http://openwall.com/lists/oss-security/2008/12/17/20
+ http://bugzilla.kernel.org/show_bug.cgi?id=11399
+ http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=7c2500f17d65092d93345f3996cf82ebca17e9ff
+Ubuntu-Description:
+Notes:
+ dannf> Not an issue for Debian by default due to /dev/watchdog perms
+Bugs:
+upstream: released (2.6.28-rc1) [7c2500f17d65092d93345f3996cf82ebca17e9ff]
+linux-2.6:
+2.6.18-etch-security:
+2.6.24-etch-security:
+2.6.26-lenny-security:
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:


Property changes on: active/CVE-2008-5702
___________________________________________________________________
Name: svn:mergeinfo
   + 

Copied: active/CVE-2008-5713 (from rev 1281, active/00boilerplate)
===================================================================
--- active/CVE-2008-5713	                        (rev 0)
+++ active/CVE-2008-5713	2008-12-25 21:22:24 UTC (rev 1283)
@@ -0,0 +1,25 @@
+Candidate: CVE-2008-5713
+Description:
+ The __qdisc_run function in net/sched/sch_generic.c in the Linux
+ kernel before 2.6.25 on SMP machines allows local users to cause a
+ denial of service (soft lockup) by sending a large amount of network
+ traffic, as demonstrated by multiple simultaneous invocations of the
+ Netperf benchmark application in UDP_STREAM mode.
+References:
+ http://openwall.com/lists/oss-security/2008/12/23/1
+ http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=2ba2506ca7ca62c56edaa334b0fe61eb5eab6ab0
+ https://bugzilla.redhat.com/show_bug.cgi?id=477744
+ https://bugzilla.redhat.com/attachment.cgi?id=327745
+ http://www.securityfocus.com/bid/32985
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.25-rc9) [2ba2506ca7ca62c56edaa334b0fe61eb5eab6ab0]
+linux-2.6: released (2.6.25-1)
+2.6.18-etch-security:
+2.6.24-etch-security:
+2.6.26-lenny-security: N/A
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:


Property changes on: active/CVE-2008-5713
___________________________________________________________________
Name: svn:mergeinfo
   +

More information about the kernel-sec-discuss mailing list