[kernel-sec-discuss] r1123 - active

dannf at alioth.debian.org dannf at alioth.debian.org
Thu Feb 7 06:29:42 UTC 2008 

Author: dannf
Date: 2008-02-07 06:29:42 +0000 (Thu, 07 Feb 2008)
New Revision: 1123

Modified:
   active/CVE-2006-6058
   active/CVE-2006-6060
   active/CVE-2007-0004
   active/CVE-2007-0958
   active/CVE-2007-2453
   active/CVE-2007-3731
   active/CVE-2007-4308
   active/CVE-2007-5093
   active/CVE-2007-6694
Log:
more 2.4 updates

Modified: active/CVE-2006-6058
===================================================================
--- active/CVE-2006-6058	2008-02-07 01:15:49 UTC (rev 1122)
+++ active/CVE-2006-6058	2008-02-07 06:29:42 UTC (rev 1123)
@@ -29,8 +29,8 @@
 upstream: released (2.6.23.7, 2.6.24-rc1) [f44ec6f3f89889a469773b1fd894f8fcc07c29cf]
 linux-2.6: released (2.6.23-1) [bugfix/2.6.23.7.patch]
 2.6.18-etch-security: released (2.6.18.dfsg.1-13etch6) [bugfix/minixfs-printk-hang.patch]
-2.6.8-sarge-security: ignored
-2.4.27-sarge-security: needed
+2.6.8-sarge-security: needed
+2.4.27-sarge-security: ignored (2.4.27-10sarge6) "no printk_ratelimit in 2.4 - needs port"
 2.6.15-dapper-security: pending (2.6.15-29.61)
 2.6.17-edgy-security: released (2.6.17.1-12.42)
 2.6.20-feisty-security: released (2.6.20-16.33)

Modified: active/CVE-2006-6060
===================================================================
--- active/CVE-2006-6060	2008-02-07 01:15:49 UTC (rev 1122)
+++ active/CVE-2006-6060	2008-02-07 06:29:42 UTC (rev 1123)
@@ -10,15 +10,25 @@
 Notes: 
  fixed by patch for CVE-2006-5757 since the bug is in the common
  __find_get_block_slow() function.
+ dannf> reproducer at http://projects.info-pull.com/mokb/MOKB-19-11-2006.html
  dannf> I mounted the reproducer fs on an ia64/2.4.27 system and though
- dannf> it didn't cause an infinite loop, the system did lock up hard
+        it didn't cause an infinite loop, the system did lock up hard
  jmm> e5657933863f43cc6bb76a54d659303dafaa9e58 in Linus git
+ dannf> The reproducer causes i386/2.4.36 to oops; but if this patch is
+        backported and applied it will print:
+           NTFS: Problem with runlist in extended record
+        ... and then oops.
+        So, I'm guessing this patch makes things better, but I don't think
+        its worth the risk of applying it unless the other oops gets fixed
+        as well.
+ dannf> Unpatched 2.4.27 oopses and prints the same runlist message that
+        patched 2.4.36 prints
 Bugs: 
 upstream: released (2.6.19)
 linux-2.6: released (2.6.18.dfsg.1-10) [2.6.16.38]
 2.6.18-etch-security: released (2.6.18.dfsg.1-10) [2.6.16.38]
 2.6.8-sarge-security: released (2.6.8-16sarge7) [__find_get_block_slow-race.dpatch]
-2.4.27-sarge-security: 
+2.4.27-sarge-security: ignored (2.4.27-10sarge6) "Fixes an oops, only to hit another oops"
 2.6.15-dapper-security: N/A - fixed in CVE-2006-5757
 2.6.17-edgy-security: N/A - already applied.
 2.6.20-feisty-security: N/A

Modified: active/CVE-2007-0004
===================================================================
--- active/CVE-2007-0004	2008-02-07 01:15:49 UTC (rev 1122)
+++ active/CVE-2007-0004	2008-02-07 06:29:42 UTC (rev 1123)
@@ -13,13 +13,15 @@
 Ubuntu-Description: 
 Notes: 
  dannf> Don't know that this bug every affected upstream, but looks like we
- dannf> may have introduced it into 2.4.27 w/ 084_ea_acl-2.diff
+        may have introduced it into 2.4.27 w/ 084_ea_acl-2.diff
+ dannf> Unknown security implications (though certainly a bug), and RHEL3
+        never included the patch in their bugzilla, so ignoring
 Bugs: 
 upstream: N/A
 linux-2.6: N/A
 2.6.18-etch-security: N/A
 2.6.8-sarge-security: N/A
-2.4.27-sarge-security: 
+2.4.27-sarge-security: ignored (2.4.27-10sarge6)
 2.6.15-dapper-security: 
 2.6.17-edgy-security: 
 2.6.20-feisty-security: 

Modified: active/CVE-2007-0958
===================================================================
--- active/CVE-2007-0958	2008-02-07 01:15:49 UTC (rev 1122)
+++ active/CVE-2007-0958	2008-02-07 06:29:42 UTC (rev 1123)
@@ -8,11 +8,14 @@
  a core dump, a variant of CVE-2004-1073.
 Ubuntu-Description: 
 Notes: 
+ dannf> Red Hat's 2.4 isn't vulnerable; Willy Tarreau asked the reporter
+        for a reproducer in 2007.02. I sent Willy an e-mail on 2008.02.06
+        to see if he ever heard back. Until then, I'll assume 2.4 is ok.
 Bugs: 
 upstream: released (2.6.20)
 linux-2.6: released (2.6.20-1)
 2.6.18-etch-security: released (2.6.18.dfsg.1-12etch1) [bugfix/core-dump-unreadable-PT_INTERP.patch]
 2.6.8-sarge-security: released (2.6.8-16sarge7) [core-dump-unreadable-PT_INTERP.dpatch]
-2.4.27-sarge-security: 
+2.4.27-sarge-security: ignored (2.4.27-10sarge6) "poked upstream on 2008.02.06"
 2.6.15-dapper-security: released (2.6.15-28.53)
 2.6.17-edgy-security: released (2.6.17.1-11.37)

Modified: active/CVE-2007-2453
===================================================================
--- active/CVE-2007-2453	2008-02-07 01:15:49 UTC (rev 1122)
+++ active/CVE-2007-2453	2008-02-07 06:29:42 UTC (rev 1123)
@@ -15,6 +15,7 @@
  without an entropy source would be seeded with the same inputs at boot
  time, leading to a repeatable series of random numbers.
 Notes: 
+ dannf> started a thread on vendor-sec about a fix for 2.4 (2008.02.06)
 Bugs: 
 upstream: released (2.6.21.4)
 linux-2.6: released (2.6.21-5)

Modified: active/CVE-2007-3731
===================================================================
--- active/CVE-2007-3731	2008-02-07 01:15:49 UTC (rev 1122)
+++ active/CVE-2007-3731	2008-02-07 06:29:42 UTC (rev 1123)
@@ -19,12 +19,13 @@
  dannf> Note that the description is somewhat misleading - I can reproduce
         on 2.6.18, so its not limited to 2.6.20 and 2.6.21
  jmm> a10d9a71bafd3a283da240d2868e71346d2aef6f
+ dannf> reproducer in http://bugzilla.kernel.org/show_bug.cgi?id=8765
 Bugs: 
 upstream: released (2.6.23-rc1)
 linux-2.6: released (2.6.23-1)
 2.6.18-etch-security: released (2.6.18.dfsg.1-13etch3) [bugfix/ptrace-handle-bogus-selector.patch, bugfix/fixup-trace_irq-breakage.patch]
 2.6.8-sarge-security: 
-2.4.27-sarge-security: 
+2.4.27-sarge-security: N/A "cannot reproduce in 2.4"
 2.6.15-dapper-security: released (2.6.15-29.59)
 2.6.17-edgy-security: released (2.6.17.1-12.41 17fc2937158a31e501e7e0aae9e3951b9ca49a0a, cd01b60fda15bb9d76eecf9420c989c3248881f6)
 2.6.20-feisty-security: released (2.6.20-16.32 6227bc5e0cc5f5993c51f05f77d4602d5602b888, 2d7bfc148eece4514edf175b7e75d7fa48555fa2)

Modified: active/CVE-2007-4308
===================================================================
--- active/CVE-2007-4308	2008-02-07 01:15:49 UTC (rev 1122)
+++ active/CVE-2007-4308	2008-02-07 06:29:42 UTC (rev 1123)
@@ -19,7 +19,7 @@
 linux-2.6: released (2.6.22-4)
 2.6.18-etch-security: released (2.6.18.dfsg.1-13etch2) [bugfix/aacraid-ioctl-perm-check.patch]
 2.6.8-sarge-security: pending (2.6.8-17sarge1) [aacraid-ioctl-perm-check.dpatch]
-2.4.27-sarge-security: needed "backported, needs to be sent to willy"
+2.4.27-sarge-security: needed "backport sent to upstream 2008.02.03"
 2.6.15-dapper-security: released (2.6.15-29.58)
 2.6.17-edgy-security: released (2.6.17.1-12.40)
 2.6.20-feisty-security: released (2.6.20-16.31)

Modified: active/CVE-2007-5093
===================================================================
--- active/CVE-2007-5093	2008-02-07 01:15:49 UTC (rev 1122)
+++ active/CVE-2007-5093	2008-02-07 06:29:42 UTC (rev 1123)
@@ -22,13 +22,13 @@
  unsafely, the kernel could hang or consume CPU resources, leading to
  a denial of service.
 Notes: 
- kees> debug regression was fixed in http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.22.y.git;a=commitdiff;h=a3a066bffd7754e6d40c48972e698352f6cd6c4e
+ kees> debug regression was fixed in http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.22.y.git;a=commitdiff;h=a3a066bffd7754e6d40c48972e698352f6cd6ce4
 Bugs: 
 upstream: released (2.6.22.6)
 linux-2.6: released (2.6.23-1)
 2.6.18-etch-security: released (2.6.18.dfsg.1-13etch4) [bugfix/usb-pwc-disconnect-block.patch]
 2.6.8-sarge-security: 
-2.4.27-sarge-security: needed (2.4.17-10sarge6) [258_usb-pwc-disconnect-block.diff] "backported; need to check applicability of changeset in kees' note and send to willy"
+2.4.27-sarge-security: needed (2.4.17-10sarge6) [258_usb-pwc-disconnect-block.diff] "backport sent to upstream (Willy Tarreau) on 2008.02.06"
 2.6.15-dapper-security: pending (2.6.15-29.61)
 2.6.17-edgy-security: released (2.6.17.1-12.42)
 2.6.20-feisty-security: released (2.6.20-16.33)

Modified: active/CVE-2007-6694
===================================================================
--- active/CVE-2007-6694	2008-02-07 01:15:49 UTC (rev 1122)
+++ active/CVE-2007-6694	2008-02-07 06:29:42 UTC (rev 1123)
@@ -16,7 +16,7 @@
 linux-2.6: 
 2.6.18-etch-security:
 2.6.8-sarge-security:
-2.4.27-sarge-security:
+2.4.27-sarge-security: needed "forwarded to Willy Tarreau on 2008.02.06"
 2.6.15-dapper-security: 
 2.6.17-edgy-security: 
 2.6.20-feisty-security:

More information about the kernel-sec-discuss mailing list