[kernel-sec-discuss] r1114 - active retired
jmm at alioth.debian.org
jmm at alioth.debian.org
Tue Jan 29 18:19:55 UTC 2008
Author: jmm
Date: 2008-01-29 18:19:54 +0000 (Tue, 29 Jan 2008)
New Revision: 1114
Added:
retired/CVE-2007-2878
Removed:
active/CVE-2007-2878
Log:
retire one issue
Deleted: active/CVE-2007-2878
===================================================================
--- active/CVE-2007-2878 2008-01-29 18:19:04 UTC (rev 1113)
+++ active/CVE-2007-2878 2008-01-29 18:19:54 UTC (rev 1114)
@@ -1,29 +0,0 @@
-Candidate: CVE-2007-2878
-References:
- http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.2
-Description:
- The VFAT compat ioctls in the Linux kernel before 2.6.21.2, when run
- on a 64-bit system, allow local users to corrupt a kernel_dirent struct
- and cause a denial of service (system crash) via unknown vectors.
-Ubuntu-Description:
- Luca Tettamanti discovered a flaw in the VFAT compat ioctls on 64-bit
- systems. A local attacker could corrupt a kernel_dirent struct and cause
- a denial of service.
-Notes:
- dannf> reproduced in etch using reproducer provided in the changeset
- dannf> backporting the fix only proved hazardous as there was some recent
- dannf> restructuring - i've elected to backport that as well
- dannf> (fat-move-ioctl-compat-code.patch)
- dannf> marking sarge kernels as N/A because amd64 wasn't officially supported
- dannf> and the backport is non-trivial (read: risk outweighs benefit)
- dannf>
- dannf> reverted from etch-security branch in r9295 due to ABI change
-Bugs:
-upstream: released (2.6.21.2)
-linux-2.6: released (2.6.21-3)
-2.6.18-etch-security: released (2.6.18.dfsg.1-17etch1) [bugfix/fat-move-ioctl-compat-code.patch, bugfix/fat-fix-compat-ioctls.patch]
-2.6.8-sarge-security: N/A
-2.4.27-sarge-security: N/A
-2.6.15-dapper-security: released (2.6.15-28.57)
-2.6.17-edgy-security: released (2.6.17.1-11.39) [6dbbec837f43196339b1638dc799d898fcba9302]
-2.6.20-feisty-security: released (2.6.20-16.31) [5825ab378271ac6ead26504a46b0d404b63592dc]
Copied: retired/CVE-2007-2878 (from rev 1113, active/CVE-2007-2878)
===================================================================
--- retired/CVE-2007-2878 (rev 0)
+++ retired/CVE-2007-2878 2008-01-29 18:19:54 UTC (rev 1114)
@@ -0,0 +1,29 @@
+Candidate: CVE-2007-2878
+References:
+ http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.2
+Description:
+ The VFAT compat ioctls in the Linux kernel before 2.6.21.2, when run
+ on a 64-bit system, allow local users to corrupt a kernel_dirent struct
+ and cause a denial of service (system crash) via unknown vectors.
+Ubuntu-Description:
+ Luca Tettamanti discovered a flaw in the VFAT compat ioctls on 64-bit
+ systems. A local attacker could corrupt a kernel_dirent struct and cause
+ a denial of service.
+Notes:
+ dannf> reproduced in etch using reproducer provided in the changeset
+ dannf> backporting the fix only proved hazardous as there was some recent
+ dannf> restructuring - i've elected to backport that as well
+ dannf> (fat-move-ioctl-compat-code.patch)
+ dannf> marking sarge kernels as N/A because amd64 wasn't officially supported
+ dannf> and the backport is non-trivial (read: risk outweighs benefit)
+ dannf>
+ dannf> reverted from etch-security branch in r9295 due to ABI change
+Bugs:
+upstream: released (2.6.21.2)
+linux-2.6: released (2.6.21-3)
+2.6.18-etch-security: released (2.6.18.dfsg.1-17etch1) [bugfix/fat-move-ioctl-compat-code.patch, bugfix/fat-fix-compat-ioctls.patch]
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.6.15-dapper-security: released (2.6.15-28.57)
+2.6.17-edgy-security: released (2.6.17.1-11.39) [6dbbec837f43196339b1638dc799d898fcba9302]
+2.6.20-feisty-security: released (2.6.20-16.31) [5825ab378271ac6ead26504a46b0d404b63592dc]
More information about the kernel-sec-discuss
mailing list