[kernel-sec-discuss] r1140 - active retired

Fri Feb 22 21:53:06 UTC 2008

Author: jmm
Date: 2008-02-22 21:53:05 +0000 (Fri, 22 Feb 2008)
New Revision: 1140

Added:
   retired/CVE-2004-2731
   retired/CVE-2006-4814
   retired/CVE-2006-5753
   retired/CVE-2006-6053
   retired/CVE-2006-6106
   retired/CVE-2007-1592
   retired/CVE-2007-4311
Removed:
   active/CVE-2004-2731
   active/CVE-2006-4814
   active/CVE-2006-5753
   active/CVE-2006-6053
   active/CVE-2006-6106
   active/CVE-2007-1592
   active/CVE-2007-4311
Log:
retire some issues


Deleted: active/CVE-2004-2731
===================================================================

--- active/CVE-2004-2731	2008-02-22 21:48:26 UTC (rev 1139)
+++ active/CVE-2004-2731	2008-02-22 21:53:05 UTC (rev 1140)
@@ -1,31 +0,0 @@
-Candidate: CVE-2004-2731
-References: 
- http://www.securityfocus.com/bid/10632
- http://securitytracker.com/id?1010617
- http://git.kernel.org/?p=linux/kernel/git/wtarreau/linux-2.4.git;a=commit;h=996bad4803a2ebfebe7b27a431fbcae591f7d199
- http://git.kernel.org/?p=linux/kernel/git/wtarreau/linux-2.4.git;a=commit;h=a545dd4118eba7242bb390a76b2a1bb3dce0430e
- http://git.kernel.org/?p=linux/kernel/git/wtarreau/linux-2.4.git;a=commit;h=6ab2cfa4f0a04c11932af701b5437879dd14d8bb
- http://git.kernel.org/?p=linux/kernel/git/wtarreau/linux-2.4.git;a=commit;h=090a4d5713b462e039e2896ac8092769c42ea742
-Description: 
- Multiple integer overflows in Sbus PROM driver (drivers/sbus/char/openprom.c)
- for the Linux kernel 2.4.x up to 2.4.27, 2.6.x up to 2.6.7, and possibly
- later versions, allow local users to execute arbitrary code by specifying (1)
- a small buffer size to the copyin_string function or (2) a negative buffer
- size to the copyin function.
-Ubuntu-Description: 
-Notes: 
- dannf> This appears to have been fixed in 2.5, but 2.4 is still
- dannf> vulnerable to the second part. I've sent patches to
- dannf> willy/davem for 2.4 consideration
- dannf>
- dannf> Patches have been accepted, see References section
-Bugs: 
-upstream: released (2.5.33), released (2.4.35.4)
-linux-2.6: N/A
-2.6.18-etch-security: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: released (2.4.27-10sarge6) [249_openpromfs-signedness-bug.diff, 250_openpromfs-checks-1.diff, 251_openpromfs-checks-2.diff, 252_openpromfs-checks-3.diff]
-2.6.15-dapper-security: N/A
-2.6.17-edgy-security: N/A
-2.6.20-feisty-security: N/A
-2.6.22-gutsy-security: N/A

Deleted: active/CVE-2006-4814
===================================================================
--- active/CVE-2006-4814	2008-02-22 21:48:26 UTC (rev 1139)
+++ active/CVE-2006-4814	2008-02-22 21:53:05 UTC (rev 1140)
@@ -1,21 +0,0 @@
-Candidate: CVE-2006-4814
-References: 
- http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2f77d107050abc14bc393b34bdb7b91cf670c250
-Description: 
- The mincore function in the Linux kernel before 2.4.33.6 does not
- properly lock access to user space, which has unspecified impact and
- attack vectors, possibly related to a deadlock.
-Ubuntu-Description: 
- Doug Chapman discovered an improper lock handling in the mincore()
- function. A local attacker could exploit this to cause an eternal
- hang in the kernel, rendering the machine unusable.
-Notes: 
-Bugs: 
-upstream: released (2.6.20-rc2), released (2.4.34-rc3)
-linux-2.6: released (2.6.18.dfsg.1-9)
-2.6.18-etch-security: released (2.6.18.dfsg.1-9)
-2.6.8-sarge-security: released (2.6.8-16sarge7) [mincore_hang.dpatch, mincore-fixes.dpatch]
-2.4.27-sarge-security: released (2.4.27-10sarge6) [239_mincore-hang.diff]
-2.6.12-breezy-security: released (2.6.12-10.43)
-2.6.15-dapper-security: released (2.6.15-28.51)
-2.6.17-edgy-security: released (2.6.17.1-11.35)

Deleted: active/CVE-2006-5753
===================================================================
--- active/CVE-2006-5753	2008-02-22 21:48:26 UTC (rev 1139)
+++ active/CVE-2006-5753	2008-02-22 21:53:05 UTC (rev 1140)
@@ -1,25 +0,0 @@
-Candidate: CVE-2006-5753
-References: 
- http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=be6aab0e9fa6d3c6d75aa1e38ac972d8b4ee82b8
-Description: 
- The listxattr syscall can corrupt user space under certain
- circumstances. The problem seems to be related to signed/unsigned
- conversion during size promotion. The function return_EIO returns an
- int but its used as a ssize_t with a comparison to 0. This causes the
- range check to fail and copy_to_user copies way too much.
- The command line "fsfuzz iso9660" can easily reproduce this behavior.
-Ubuntu-Description: 
- Various syscalls (like listxattr()) misinterpreted the return value
- of return_EIO() when encountering bad inodes. By issuing particular
- system calls on a malformed file system, a local attacker could
- exploit this to crash the kernel. 
-Notes: 
-Bugs: 
-upstream: released (2.6.20-rc5)
-linux-2.6: released (2.6.20-1)
-2.6.18-etch-security: released (2.6.18.dfsg.1-13) [bugfix/listxattr-mem-corruption.patch]
-2.6.8-sarge-security: released (2.6.8-16sarge7) [listxattr-mem-corruption.dpatch]
-2.4.27-sarge-security: released (2.4.27-10sarge6) [261_listxattr-mem-corruption.diff]
-2.6.12-breezy-security: released (2.6.12-10.43)
-2.6.15-dapper-security: released (2.6.15-28.51)
-2.6.17-edgy-security: released (2.6.17.1-11.35)

Deleted: active/CVE-2006-6053
===================================================================
--- active/CVE-2006-6053	2008-02-22 21:48:26 UTC (rev 1139)
+++ active/CVE-2006-6053	2008-02-22 21:53:05 UTC (rev 1140)
@@ -1,22 +0,0 @@
-Candidate: CVE-2006-6053
-References: 
- http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=40b851348fe9bf49c26025b34261d25142269b60
- MISC:http://projects.info-pull.com/mokb/MOKB-10-11-2006.html
-Description: 
- The ext3fs_dirhash function in Linux kernel 2.6.x allows local users to cause
- a denial of service (crash) via an ext3 stream with malformed data structures.
-Ubuntu-Description: 
- The ext3 file system driver did not properly handle corrupted data
- structures. By mounting a specially crafted ext3 file system, a local
- attacker could exploit this to crash the kernel.
-Notes: 
- dannf> only the dir.c bit applies to 2.4
-Bugs: 
-upstream: released (2.6.20-rc5)
-linux-2.6: released (2.6.20-1)
-2.6.18-etch-security: released (2.6.18.dfsg.1-10) [bugfix/2.6.16.38]
-2.6.8-sarge-security: released (2.6.8-16sarge7) [ext3-fsfuzz.dpatch]
-2.4.27-sarge-security: released (2.4.27-10sarge6) [242_ext3-fsfuzz.diff]
-2.6.12-breezy-security: released (2.6.12-10.43)
-2.6.15-dapper-security: released (2.6.15-28.51)
-2.6.17-edgy-security: released (2.6.17.1-11.35)

Deleted: active/CVE-2006-6106
===================================================================
--- active/CVE-2006-6106	2008-02-22 21:48:26 UTC (rev 1139)
+++ active/CVE-2006-6106	2008-02-22 21:53:05 UTC (rev 1140)
@@ -1,25 +0,0 @@
-Candidate: CVE-2006-6106
-References:
- http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f4777569204cb59f2f04fbe9ef4e9a6918209104
-Description: 
- Multiple buffer overflows in the cmtp_recv_interopmsg function in the
- Bluetooth driver (net/bluetooth/cmtp/capi.c) in the Linux kernel
- 2.4.22 up to 2.4.33.4 and 2.6.2 before 2.6.18.6, and 2.6.19.x, allow
- remote attackers to cause a denial of service (crash) and possibly
- execute arbitrary code via CAPI messages with a large value for the
- length of the (1) manu (manufacturer) or (2) serial (serial number)
- field.
-Ubuntu-Description: 
- Marcel Holtman discovered several buffer overflows in the Bluetooth
- driver. By sending Bluetooth packets with specially crafted CAPI
- messages, a remote attacker could exploit these to crash the kernel.
-Notes: 
-Bugs: 
-upstream: released (2.4.33.5), released (2.6.18.6)
-linux-2.6: released (2.6.18.dfsg.1-9) [2.6.18.6]
-2.6.18-etch-security: released (2.6.18.dfsg.1-9) [2.6.18.6]
-2.6.8-sarge-security: released (2.6.8-16sarge7) [bluetooth-capi-size-checks.dpatch]
-2.4.27-sarge-security: released (2.4.27-10sarge6) [241_bluetooth-capi-size-checks.diff]
-2.6.12-breezy-security: released (2.6.12-10.43)
-2.6.15-dapper-security: released (2.6.15-28.51)
-2.6.17-edgy-security: released (2.6.17.1-11.35)

Deleted: active/CVE-2007-1592
===================================================================
--- active/CVE-2007-1592	2008-02-22 21:48:26 UTC (rev 1139)
+++ active/CVE-2007-1592	2008-02-22 21:53:05 UTC (rev 1140)
@@ -1,23 +0,0 @@
-Candidate: CVE-2007-1592
-References: 
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d35690beda1429544d46c8eb34b2e3a8c37ab299
-Description: 
- net/ipv6/tcp_ipv6.c in Linux kernel 2.6.x up to 2.6.21-rc3
- inadvertently copies the ipv6_fl_socklist from a listening TCP socket
- to child sockets, which allows local users to cause a denial of
- service (OOPS) or double-free by opening a listening IPv6 socket,
- attaching a flow label, and connecting to that socket.
-Ubuntu-Description: 
- Masayuki Nakagawa discovered an error in the flowlabel handling of
- IPv6 network sockets. A local attacker could exploit this to crash
- the kernel.
-Notes: 
-Bugs: 
-upstream: released (2.6.20.4, 2.6.21-rc5)
-linux-2.6: released (2.6.20-1)
-2.6.18-etch-security: released (2.6.18.dfsg.1-12etch1) [bugfix/ipv6_fl_socklist-no-share.patch]
-2.6.8-sarge-security: released (2.6.8-16sarge7) [ipv6_fl_socklist-no-share.dpatch]
-2.4.27-sarge-security: released (2.4.27-10sarge6) [243_ipv6_fl_socklist-no-share.diff]
-2.6.15-dapper-security: released (2.6.15-28.54)
-2.6.17-edgy-security: released (2.6.17.1-11.38)
-2.6.20-feisty-security: released (2.6.20-16.28)

Deleted: active/CVE-2007-4311
===================================================================
--- active/CVE-2007-4311	2008-02-22 21:48:26 UTC (rev 1139)
+++ active/CVE-2007-4311	2008-02-22 21:53:05 UTC (rev 1140)
@@ -1,19 +0,0 @@
-Candidate: CVE-2007-4311
-References: 
- http://git.kernel.org/?p=linux/kernel/git/wtarreau/linux-2.4.git;a=commitdiff_plain;h=66438bd5651e892bc485c32762f7ce75637b686b
-Description: 
-Ubuntu-Description: 
-Notes: 
- dannf> The reporter noted that this is fixed in current 2.6's. It does
- dannf> appear that way in Debian's 2.6.8 and 2.6.18, but the code that
- dannf> solves it is quite a bit different in both. I wouldn't necessarily
- dannf> assume that kernels between 2.6.8 & 2.6.18 are invulnerable.
-Bugs: 
-upstream: released (2.4.35-rc1)
-linux-2.6: N/A
-2.6.18-etch-security: N/A
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: released (2.4.27-10sarge6) [248_random-reseed-sizeof-fix.diff]
-2.6.15-dapper-security: N/A
-2.6.17-edgy-security: N/A
-2.6.20-feisty-security: N/A

Copied: retired/CVE-2004-2731 (from rev 1139, active/CVE-2004-2731)
===================================================================
--- retired/CVE-2004-2731	                        (rev 0)
+++ retired/CVE-2004-2731	2008-02-22 21:53:05 UTC (rev 1140)
@@ -0,0 +1,31 @@
+Candidate: CVE-2004-2731
+References: 
+ http://www.securityfocus.com/bid/10632
+ http://securitytracker.com/id?1010617
+ http://git.kernel.org/?p=linux/kernel/git/wtarreau/linux-2.4.git;a=commit;h=996bad4803a2ebfebe7b27a431fbcae591f7d199
+ http://git.kernel.org/?p=linux/kernel/git/wtarreau/linux-2.4.git;a=commit;h=a545dd4118eba7242bb390a76b2a1bb3dce0430e
+ http://git.kernel.org/?p=linux/kernel/git/wtarreau/linux-2.4.git;a=commit;h=6ab2cfa4f0a04c11932af701b5437879dd14d8bb
+ http://git.kernel.org/?p=linux/kernel/git/wtarreau/linux-2.4.git;a=commit;h=090a4d5713b462e039e2896ac8092769c42ea742
+Description: 
+ Multiple integer overflows in Sbus PROM driver (drivers/sbus/char/openprom.c)
+ for the Linux kernel 2.4.x up to 2.4.27, 2.6.x up to 2.6.7, and possibly
+ later versions, allow local users to execute arbitrary code by specifying (1)
+ a small buffer size to the copyin_string function or (2) a negative buffer
+ size to the copyin function.
+Ubuntu-Description: 
+Notes: 
+ dannf> This appears to have been fixed in 2.5, but 2.4 is still
+ dannf> vulnerable to the second part. I've sent patches to
+ dannf> willy/davem for 2.4 consideration
+ dannf>
+ dannf> Patches have been accepted, see References section
+Bugs: 
+upstream: released (2.5.33), released (2.4.35.4)
+linux-2.6: N/A
+2.6.18-etch-security: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: released (2.4.27-10sarge6) [249_openpromfs-signedness-bug.diff, 250_openpromfs-checks-1.diff, 251_openpromfs-checks-2.diff, 252_openpromfs-checks-3.diff]
+2.6.15-dapper-security: N/A
+2.6.17-edgy-security: N/A
+2.6.20-feisty-security: N/A
+2.6.22-gutsy-security: N/A

Copied: retired/CVE-2006-4814 (from rev 1139, active/CVE-2006-4814)
===================================================================
--- retired/CVE-2006-4814	                        (rev 0)
+++ retired/CVE-2006-4814	2008-02-22 21:53:05 UTC (rev 1140)
@@ -0,0 +1,21 @@
+Candidate: CVE-2006-4814
+References: 
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2f77d107050abc14bc393b34bdb7b91cf670c250
+Description: 
+ The mincore function in the Linux kernel before 2.4.33.6 does not
+ properly lock access to user space, which has unspecified impact and
+ attack vectors, possibly related to a deadlock.
+Ubuntu-Description: 
+ Doug Chapman discovered an improper lock handling in the mincore()
+ function. A local attacker could exploit this to cause an eternal
+ hang in the kernel, rendering the machine unusable.
+Notes: 
+Bugs: 
+upstream: released (2.6.20-rc2), released (2.4.34-rc3)
+linux-2.6: released (2.6.18.dfsg.1-9)
+2.6.18-etch-security: released (2.6.18.dfsg.1-9)
+2.6.8-sarge-security: released (2.6.8-16sarge7) [mincore_hang.dpatch, mincore-fixes.dpatch]
+2.4.27-sarge-security: released (2.4.27-10sarge6) [239_mincore-hang.diff]
+2.6.12-breezy-security: released (2.6.12-10.43)
+2.6.15-dapper-security: released (2.6.15-28.51)
+2.6.17-edgy-security: released (2.6.17.1-11.35)

Copied: retired/CVE-2006-5753 (from rev 1139, active/CVE-2006-5753)
===================================================================
--- retired/CVE-2006-5753	                        (rev 0)
+++ retired/CVE-2006-5753	2008-02-22 21:53:05 UTC (rev 1140)
@@ -0,0 +1,25 @@
+Candidate: CVE-2006-5753
+References: 
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=be6aab0e9fa6d3c6d75aa1e38ac972d8b4ee82b8
+Description: 
+ The listxattr syscall can corrupt user space under certain
+ circumstances. The problem seems to be related to signed/unsigned
+ conversion during size promotion. The function return_EIO returns an
+ int but its used as a ssize_t with a comparison to 0. This causes the
+ range check to fail and copy_to_user copies way too much.
+ The command line "fsfuzz iso9660" can easily reproduce this behavior.
+Ubuntu-Description: 
+ Various syscalls (like listxattr()) misinterpreted the return value
+ of return_EIO() when encountering bad inodes. By issuing particular
+ system calls on a malformed file system, a local attacker could
+ exploit this to crash the kernel. 
+Notes: 
+Bugs: 
+upstream: released (2.6.20-rc5)
+linux-2.6: released (2.6.20-1)
+2.6.18-etch-security: released (2.6.18.dfsg.1-13) [bugfix/listxattr-mem-corruption.patch]
+2.6.8-sarge-security: released (2.6.8-16sarge7) [listxattr-mem-corruption.dpatch]
+2.4.27-sarge-security: released (2.4.27-10sarge6) [261_listxattr-mem-corruption.diff]
+2.6.12-breezy-security: released (2.6.12-10.43)
+2.6.15-dapper-security: released (2.6.15-28.51)
+2.6.17-edgy-security: released (2.6.17.1-11.35)

Copied: retired/CVE-2006-6053 (from rev 1139, active/CVE-2006-6053)
===================================================================
--- retired/CVE-2006-6053	                        (rev 0)
+++ retired/CVE-2006-6053	2008-02-22 21:53:05 UTC (rev 1140)
@@ -0,0 +1,22 @@
+Candidate: CVE-2006-6053
+References: 
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=40b851348fe9bf49c26025b34261d25142269b60
+ MISC:http://projects.info-pull.com/mokb/MOKB-10-11-2006.html
+Description: 
+ The ext3fs_dirhash function in Linux kernel 2.6.x allows local users to cause
+ a denial of service (crash) via an ext3 stream with malformed data structures.
+Ubuntu-Description: 
+ The ext3 file system driver did not properly handle corrupted data
+ structures. By mounting a specially crafted ext3 file system, a local
+ attacker could exploit this to crash the kernel.
+Notes: 
+ dannf> only the dir.c bit applies to 2.4
+Bugs: 
+upstream: released (2.6.20-rc5)
+linux-2.6: released (2.6.20-1)
+2.6.18-etch-security: released (2.6.18.dfsg.1-10) [bugfix/2.6.16.38]
+2.6.8-sarge-security: released (2.6.8-16sarge7) [ext3-fsfuzz.dpatch]
+2.4.27-sarge-security: released (2.4.27-10sarge6) [242_ext3-fsfuzz.diff]
+2.6.12-breezy-security: released (2.6.12-10.43)
+2.6.15-dapper-security: released (2.6.15-28.51)
+2.6.17-edgy-security: released (2.6.17.1-11.35)

Copied: retired/CVE-2006-6106 (from rev 1139, active/CVE-2006-6106)
===================================================================
--- retired/CVE-2006-6106	                        (rev 0)
+++ retired/CVE-2006-6106	2008-02-22 21:53:05 UTC (rev 1140)
@@ -0,0 +1,25 @@
+Candidate: CVE-2006-6106
+References:
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f4777569204cb59f2f04fbe9ef4e9a6918209104
+Description: 
+ Multiple buffer overflows in the cmtp_recv_interopmsg function in the
+ Bluetooth driver (net/bluetooth/cmtp/capi.c) in the Linux kernel
+ 2.4.22 up to 2.4.33.4 and 2.6.2 before 2.6.18.6, and 2.6.19.x, allow
+ remote attackers to cause a denial of service (crash) and possibly
+ execute arbitrary code via CAPI messages with a large value for the
+ length of the (1) manu (manufacturer) or (2) serial (serial number)
+ field.
+Ubuntu-Description: 
+ Marcel Holtman discovered several buffer overflows in the Bluetooth
+ driver. By sending Bluetooth packets with specially crafted CAPI
+ messages, a remote attacker could exploit these to crash the kernel.
+Notes: 
+Bugs: 
+upstream: released (2.4.33.5), released (2.6.18.6)
+linux-2.6: released (2.6.18.dfsg.1-9) [2.6.18.6]
+2.6.18-etch-security: released (2.6.18.dfsg.1-9) [2.6.18.6]
+2.6.8-sarge-security: released (2.6.8-16sarge7) [bluetooth-capi-size-checks.dpatch]
+2.4.27-sarge-security: released (2.4.27-10sarge6) [241_bluetooth-capi-size-checks.diff]
+2.6.12-breezy-security: released (2.6.12-10.43)
+2.6.15-dapper-security: released (2.6.15-28.51)
+2.6.17-edgy-security: released (2.6.17.1-11.35)

Copied: retired/CVE-2007-1592 (from rev 1139, active/CVE-2007-1592)
===================================================================
--- retired/CVE-2007-1592	                        (rev 0)
+++ retired/CVE-2007-1592	2008-02-22 21:53:05 UTC (rev 1140)
@@ -0,0 +1,23 @@
+Candidate: CVE-2007-1592
+References: 
+ http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d35690beda1429544d46c8eb34b2e3a8c37ab299
+Description: 
+ net/ipv6/tcp_ipv6.c in Linux kernel 2.6.x up to 2.6.21-rc3
+ inadvertently copies the ipv6_fl_socklist from a listening TCP socket
+ to child sockets, which allows local users to cause a denial of
+ service (OOPS) or double-free by opening a listening IPv6 socket,
+ attaching a flow label, and connecting to that socket.
+Ubuntu-Description: 
+ Masayuki Nakagawa discovered an error in the flowlabel handling of
+ IPv6 network sockets. A local attacker could exploit this to crash
+ the kernel.
+Notes: 
+Bugs: 
+upstream: released (2.6.20.4, 2.6.21-rc5)
+linux-2.6: released (2.6.20-1)
+2.6.18-etch-security: released (2.6.18.dfsg.1-12etch1) [bugfix/ipv6_fl_socklist-no-share.patch]
+2.6.8-sarge-security: released (2.6.8-16sarge7) [ipv6_fl_socklist-no-share.dpatch]
+2.4.27-sarge-security: released (2.4.27-10sarge6) [243_ipv6_fl_socklist-no-share.diff]
+2.6.15-dapper-security: released (2.6.15-28.54)
+2.6.17-edgy-security: released (2.6.17.1-11.38)
+2.6.20-feisty-security: released (2.6.20-16.28)

Copied: retired/CVE-2007-4311 (from rev 1139, active/CVE-2007-4311)
===================================================================
--- retired/CVE-2007-4311	                        (rev 0)
+++ retired/CVE-2007-4311	2008-02-22 21:53:05 UTC (rev 1140)
@@ -0,0 +1,19 @@
+Candidate: CVE-2007-4311
+References: 
+ http://git.kernel.org/?p=linux/kernel/git/wtarreau/linux-2.4.git;a=commitdiff_plain;h=66438bd5651e892bc485c32762f7ce75637b686b
+Description: 
+Ubuntu-Description: 
+Notes: 
+ dannf> The reporter noted that this is fixed in current 2.6's. It does
+ dannf> appear that way in Debian's 2.6.8 and 2.6.18, but the code that
+ dannf> solves it is quite a bit different in both. I wouldn't necessarily
+ dannf> assume that kernels between 2.6.8 & 2.6.18 are invulnerable.
+Bugs: 
+upstream: released (2.4.35-rc1)
+linux-2.6: N/A
+2.6.18-etch-security: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: released (2.4.27-10sarge6) [248_random-reseed-sizeof-fix.diff]
+2.6.15-dapper-security: N/A
+2.6.17-edgy-security: N/A
+2.6.20-feisty-security: N/A


