[kernel-sec-discuss] r1182 - active scripts

keescook-guest at alioth.debian.org keescook-guest at alioth.debian.org
Tue Jun 24 03:39:18 UTC 2008 

Author: keescook-guest
Date: 2008-06-24 03:39:17 +0000 (Tue, 24 Jun 2008)
New Revision: 1182

Modified:
   active/CVE-2007-4571
   active/CVE-2007-5904
   active/CVE-2007-6694
   active/CVE-2007-6712
   active/CVE-2008-0007
   active/CVE-2008-1294
   active/CVE-2008-1375
   active/CVE-2008-1669
   active/CVE-2008-1675
   scripts/ubuntu-release
Log:
ubuntu released kernels

Modified: active/CVE-2007-4571
===================================================================
--- active/CVE-2007-4571	2008-06-09 17:10:36 UTC (rev 1181)
+++ active/CVE-2007-4571	2008-06-24 03:39:17 UTC (rev 1182)
@@ -11,6 +11,10 @@
  information (kernel memory contents) via a small count argument, as
  demonstrated by multiple reads of /proc/driver/snd-page-alloc. 
 Ubuntu-Description: 
+ It was discovered that the ALSA /proc interface did not write the
+ correct number of bytes when reporting memory allocations.  A local
+ attacker might be able to access sensitive kernel memory, leading to
+ a loss of privacy.
 Notes: 
  dannf> ABI changer, was reverted from etch-security (r9547)
 Bugs: 
@@ -19,8 +23,8 @@
 2.6.18-etch-security: released (2.6.18.dfsg.1-17etch1) [bugfix/proc-snd-page-alloc-mem-leak.patch]
 2.6.8-sarge-security: N/A "cannot reproduce w/ ALSA in 2.6.8, alsa-driver package was affected/fixed in DSA 1505"
 2.4.27-sarge-security: N/A "alsa-driver package was affected/fixed in DSA 1505"
-2.6.15-dapper-security: pending (2.6.15-51.67)
+2.6.15-dapper-security: released (2.6.15-52.67)
 2.6.17-edgy-security: ignored (EOL)
-2.6.20-feisty-security: pending (2.6.20-16.36)
+2.6.20-feisty-security: released (2.6.20-17.36)
 2.6.22-gutsy-security: N/A
 2.6.24-hardy-security: N/A

Modified: active/CVE-2007-5904
===================================================================
--- active/CVE-2007-5904	2008-06-09 17:10:36 UTC (rev 1181)
+++ active/CVE-2007-5904	2008-06-24 03:39:17 UTC (rev 1182)
@@ -9,6 +9,9 @@
  http://marc.info/?l=linux-kernel&m=119457447724276&w=2
  http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git;a=commit;h=133672efbc1085f9af990bdc145e1822ea93bcf3
 Ubuntu-Description: 
+ Multiple buffer overflows were discovered in the handling of CIFS
+ filesystems.  A malicious CIFS server could cause a client system crash
+ or possibly execute arbitrary code with kernel privileges.
 Notes: 
  kees> failed mount errors: a761ac579b89bc1f00212a42401398108deba65c
 Bugs: 
@@ -17,8 +20,8 @@
 2.6.18-etch-security: released (2.6.18.dfsg.1-13etch5) [bugfix/cifs-better-failed-mount-errors.patch, bugfix/cifs-corrupt-server-response-overflow.patch]
 2.6.8-sarge-security: ignored (2.6.8-17sarge2) "needs port if vulnerable"
 2.4.27-sarge-security: N/A "No CIFS"
-2.6.15-dapper-security: pending (2.6.15-51.67)
+2.6.15-dapper-security: released (2.6.15-52.67)
 2.6.17-edgy-security: ignored (EOL)
-2.6.20-feisty-security: pending (2.6.20-16.36)
-2.6.22-gutsy-security: pending (2.6.22-14.53)
+2.6.20-feisty-security: released (2.6.20-17.36)
+2.6.22-gutsy-security: released (2.6.22-15.54)
 2.6.24-hardy-security: N/A

Modified: active/CVE-2007-6694
===================================================================
--- active/CVE-2007-6694	2008-06-09 17:10:36 UTC (rev 1181)
+++ active/CVE-2007-6694	2008-06-24 03:39:17 UTC (rev 1182)
@@ -8,6 +8,10 @@
 References: 
  http://marc.info/?l=linux-kernel&m=119576191029571&w=2
 Ubuntu-Description: 
+ It was discovered that PowerPC kernels did not correctly handle reporting
+ certain system details.  By requesting a specific set of information,
+ a local attacker could cause a system crash resulting in a denial
+ of service.
 Notes: 
  jmm> This appears more of a regular bug with a specific piece of hw
  jmm> than a security problem. Do we support the chrp POWER platform?
@@ -17,8 +21,8 @@
 2.6.18-etch-security: released (2.6.18.dfsg.1-18etch2) [bugfix/powerpc-chrp-null-deref.patch]
 2.6.8-sarge-security: released (2.6.8-17sarge2) [powerpc-chrp-null-deref.dpatch]
 2.4.27-sarge-security: released (2.4.27-10sarge6) [265_powerpc-chrp-null-deref.diff]
-2.6.15-dapper-security: pending (2.6.15-51.67)
+2.6.15-dapper-security: released (2.6.15-52.67)
 2.6.17-edgy-security: ignored (EOL)
-2.6.20-feisty-security: pending (2.6.20-16.36)
-2.6.22-gutsy-security: pending (2.6.22-14.53)
-2.6.24-hardy-security: pending (2.6.24-17.32)
+2.6.20-feisty-security: released (2.6.20-17.36)
+2.6.22-gutsy-security: released (2.6.22-15.54)
+2.6.24-hardy-security: released (2.6.24-19.34)

Modified: active/CVE-2007-6712
===================================================================
--- active/CVE-2007-6712	2008-06-09 17:10:36 UTC (rev 1181)
+++ active/CVE-2007-6712	2008-06-24 03:39:17 UTC (rev 1182)
@@ -14,6 +14,6 @@
 2.6.18-etch-security: released (2.6.18.dfsg.1-18etch5) [bugfix/hrtimer-prevent-overrun.patch, bugfix/ktime-fix-MTIME_SEC_MAX-on-32-bit.patch]
 2.6.24-etchnhalf-security: N/A
 2.6.15-dapper-security: N/A
-2.6.20-feisty-security: pending (2.6.20-16.36)
-2.6.22-gutsy-security: pending (2.6.22-14.53)
+2.6.20-feisty-security: released (2.6.20-17.36)
+2.6.22-gutsy-security: released (2.6.22-15.54)
 2.6.24-hardy-security: N/A

Modified: active/CVE-2008-0007
===================================================================
--- active/CVE-2008-0007	2008-06-09 17:10:36 UTC (rev 1181)
+++ active/CVE-2008-0007	2008-06-24 03:39:17 UTC (rev 1182)
@@ -1,7 +1,13 @@
 Candidate: CVE-2008-0007
 Description: 
+ Linux kernel before 2.6.22.17, when using certain drivers that register
+ a fault handler that does not perform range checks, allows local users
+ to access kernel memory via an out-of-range offset.
 References: 
 Ubuntu-Description: 
+ It was discovered that some device driver fault handlers did not
+ correctly verify memory ranges.  A local attacker could exploit this
+ to access sensitive kernel memory, possibly leading to a loss of privacy.
 Notes: 
 Bugs: 
 upstream: released (2.6.24.1)
@@ -10,8 +16,8 @@
 2.6.24-etchnhalf-security: needed
 2.6.8-sarge-security: released (2.6.8-17sarge1) [mmap-VM_DONTEXPAND.dpatch]
 2.4.27-sarge-security: released (2.4.27-10sarge6) [264_mmap-VM_DONTEXPAND.diff]
-2.6.15-dapper-security: pending (2.6.15-51.67)
+2.6.15-dapper-security: released (2.6.15-52.67)
 2.6.17-edgy-security: ignored (EOL)
-2.6.20-feisty-security: pending (2.6.20-16.36)
-2.6.22-gutsy-security: pending (2.6.22-14.53)
+2.6.20-feisty-security: released (2.6.20-17.36)
+2.6.22-gutsy-security: released (2.6.22-15.54)
 2.6.24-hardy-security: N/A

Modified: active/CVE-2008-1294
===================================================================
--- active/CVE-2008-1294	2008-06-09 17:10:36 UTC (rev 1181)
+++ active/CVE-2008-1294	2008-06-24 03:39:17 UTC (rev 1182)
@@ -1,7 +1,13 @@
 Candidate: CVE-2008-1294
 Description: 
+ Linux kernel 2.6.17, and other versions before 2.6.22, does not check
+ when a user attempts to set RLIMIT_CPU to 0 until after the change is
+ made, which allows local users to bypass intended resource limits.
 References: 
 Ubuntu-Description: 
+ It was discovered that CPU resource limits could be bypassed.
+ A malicious local user could exploit this to avoid administratively
+ imposed resource limits.
 Notes: 
  https://launchpad.net/bugs/107209
  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419706
@@ -16,8 +22,8 @@
 2.6.24-etchnhalf-security:
 2.6.8-sarge-security: 
 2.4.27-sarge-security: 
-2.6.15-dapper-security: pending (2.6.15-51.67)
+2.6.15-dapper-security: released (2.6.15-52.67)
 2.6.17-edgy-security: ignored (EOL)
-2.6.20-feisty-security: pending (2.6.20-16.36)
+2.6.20-feisty-security: released (2.6.20-17.36)
 2.6.22-gutsy-security: N/A
 2.6.24-hardy-security: N/A

Modified: active/CVE-2008-1375
===================================================================
--- active/CVE-2008-1375	2008-06-09 17:10:36 UTC (rev 1181)
+++ active/CVE-2008-1375	2008-06-24 03:39:17 UTC (rev 1182)
@@ -4,6 +4,10 @@
 References: 
  http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=214b7049a7929f03bbd2786aaef04b8b79db34e2
 Ubuntu-Description: 
+ A race condition was discovered between dnotify fcntl() and close() in
+ the kernel.  If a local attacker performed malicious dnotify requests,
+ they could cause memory consumption leading to a denial of service,
+ or possibly send arbitrary signals to any process.
 Notes: 
  kees> ABI changer due to header addition?
  kees> http://svn.debian.org/wsvn/kernel/dists/etch-security/linux-2.6/debian/patches/bugfix/dnotify-race-avoid-abi-change.patch?op=file&rev=0&sc=0
@@ -12,8 +16,8 @@
 linux-2.6: needed
 2.6.18-etch-security: released (2.6.18.dfsg.1-18etch2) [bugfix/dnotify-race.patch]
 2.6.24-etchnhalf-security: needed
-2.6.15-dapper-security: pending (2.6.15-51.67)
+2.6.15-dapper-security: released (2.6.15-52.67)
 2.6.17-edgy-security: ignored (EOL)
-2.6.20-feisty-security: pending (2.6.20-16.36)
-2.6.22-gutsy-security: pending (2.6.22-14.53)
-2.6.24-hardy-security: pending (2.6.24-17.32)
+2.6.20-feisty-security: released (2.6.20-17.36)
+2.6.22-gutsy-security: released (2.6.22-15.54)
+2.6.24-hardy-security: released (2.6.24-19.34)

Modified: active/CVE-2008-1669
===================================================================
--- active/CVE-2008-1669	2008-06-09 17:10:36 UTC (rev 1181)
+++ active/CVE-2008-1669	2008-06-24 03:39:17 UTC (rev 1182)
@@ -3,6 +3,9 @@
  "add rcu_read_lock() to fs/locks.c and fix fcntl store/load"
 References: 
 Ubuntu-Description: 
+ On SMP systems, a race condition existed in fcntl().  Local attackers
+ could perform malicious locks, causing system crashes and leading to
+ a denial of service.
 Notes: 
  kees> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=0b2bac2f1ea0d33a3621b27ca68b9ae760fca2e9
  kees> linux-2.6.24.y: 0bbbae3bfd732f6c4d6b2a67121d77bf6b1c7f70
@@ -11,7 +14,7 @@
 linux-2.6: released (2.6.25-2)
 2.6.18-etch-security: released (2.6.18.dfsg.1-18etch4) [bugfix/fcntl_setlk-close-race.patch]
 2.6.24-etchnhalf-security: released (2.6.24-6~etchnhalf.2) [bugfix/all/stable/2.6.24.7.patch]
-2.6.15-dapper-security: pending (2.6.15-51.67)
-2.6.20-feisty-security: pending (2.6.20-16.36)
-2.6.22-gutsy-security: pending (2.6.22-14.53)
-2.6.24-hardy-security: pending (2.6.24-17.32)
+2.6.15-dapper-security: released (2.6.15-52.67)
+2.6.20-feisty-security: released (2.6.20-17.36)
+2.6.22-gutsy-security: released (2.6.22-15.54)
+2.6.24-hardy-security: released (2.6.24-19.34)

Modified: active/CVE-2008-1675
===================================================================
--- active/CVE-2008-1675	2008-06-09 17:10:36 UTC (rev 1181)
+++ active/CVE-2008-1675	2008-06-24 03:39:17 UTC (rev 1182)
@@ -4,6 +4,10 @@
  http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.24.y.git;a=commitdiff;h=a30678eb8ce99a7b4c716ad41c8c10a04d731127
  http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.24.y.git;a=commitdiff;h=f1b6098616f329d26199f278f228a7b27d36558d
 Ubuntu-Description: 
+ The tehuti network driver did not correctly handle certain IO functions.
+ A local attacker could perform malicious requests to the driver,
+ potentially accessing kernel memory, leading to privilege escalation
+ or access to private system information.
 Notes: 
 Bugs: 
 upstream: released (2.6.24.6)
@@ -13,4 +17,4 @@
 2.6.15-dapper-security: N/A
 2.6.20-feisty-security: N/A
 2.6.22-gutsy-security: N/A
-2.6.24-hardy-security: pending (2.6.24-17.32)
+2.6.24-hardy-security: released (2.6.24-19.34)

Modified: scripts/ubuntu-release
===================================================================
--- scripts/ubuntu-release	2008-06-09 17:10:36 UTC (rev 1181)
+++ scripts/ubuntu-release	2008-06-24 03:39:17 UTC (rev 1182)
@@ -1,7 +1,15 @@
 #!/bin/bash
-echo 'This is just a place holder for future scripts.  View source for examples.'
-exit 1
+DAPPER="$1"
+FEISTY="$2"
+GUTSY="$3"
+HARDY="$4"
 
-# Examples:
-#../scripts/ubuntu-usn-desc $(egrep '^2.6.20-feisty-security: pending' CVE* | cut -d: -f1)
-#perl -pi -e 's/^2.6.20-feisty-security: pending \(2\.6\.20-16\.30\)/2.6.20-feisty-security: released (2.6.20-16.31)/' CVE*
+if [ -z "$DAPPER" ] || [ -z "$FEISTY" ] || [ -z "$GUTSY" ] || [ -z "$HARDY" ]; then
+    echo "Usage: $0 DAPPER FEISTY GUTSY HARDY" >&2
+    exit 1
+fi
+
+perl -pi -e 's/^2.6.15-dapper-security: pending.*/2.6.15-dapper-security: released ('"$DAPPER"')/' CVE*
+perl -pi -e 's/^2.6.20-feisty-security: pending.*/2.6.20-feisty-security: released ('"$FEISTY"')/' CVE*
+perl -pi -e 's/^2.6.22-gutsy-security: pending.*/2.6.22-gutsy-security: released ('"$GUTSY"')/' CVE*
+perl -pi -e 's/^2.6.24-hardy-security: pending.*/2.6.24-hardy-security: released ('"$HARDY"')/' CVE*

More information about the kernel-sec-discuss mailing list