[kernel-sec-discuss] r1183 - active

keescook-guest at alioth.debian.org keescook-guest at alioth.debian.org
Tue Jun 24 05:38:07 UTC 2008 

Author: keescook-guest
Date: 2008-06-24 05:38:06 +0000 (Tue, 24 Jun 2008)
New Revision: 1183

Added:
   active/CVE-2007-6282
   active/CVE-2008-1673
   active/CVE-2008-2358
   active/CVE-2008-2750
Modified:
   active/CVE-2008-2136
   active/CVE-2008-2137
   active/CVE-2008-2148
Log:
ubuntu CVE updates, new kernel CVEs

Added: active/CVE-2007-6282
===================================================================
--- active/CVE-2007-6282	                        (rev 0)
+++ active/CVE-2007-6282	2008-06-24 05:38:06 UTC (rev 1183)
@@ -0,0 +1,18 @@
+Candidate: CVE-2007-6282
+Description: 
+ The IPsec implementation in Linux kernel before 2.6.25 allows remote
+ routers to cause a denial of service (crash) via a fragmented ESP packet in
+ which the first fragment does not contain the entire ESP header and IV.
+References: 
+Ubuntu-Description: 
+Notes: 
+ kees> linux-2.6: 920fc941a9617f95ccb283037fe6f8a38d95bb69
+Bugs: 
+upstream: 
+linux-2.6: 
+2.6.18-etch-security: 
+2.6.24-etchnhalf-security:
+2.6.15-dapper-security: pending
+2.6.20-feisty-security: pending
+2.6.22-gutsy-security: pending
+2.6.24-hardy-security: pending

Added: active/CVE-2008-1673
===================================================================
--- active/CVE-2008-1673	                        (rev 0)
+++ active/CVE-2008-1673	2008-06-24 05:38:06 UTC (rev 1183)
@@ -0,0 +1,23 @@
+Candidate: CVE-2008-1673
+Description: 
+ The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6
+ before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b)
+ the gxsnmp package; does not properly validate length values during
+ decoding of ASN.1 BER data, which allows remote attackers to cause a denial
+ of service (crash) or execute arbitrary code via (1) a length greater than
+ the working buffer, which can lead to an unspecified overflow; (2) an oid
+ length of zero, which can lead to an off-by-one error; or (3) an indefinite
+ length for a primitive encoding.
+References: 
+Ubuntu-Description: 
+Notes: 
+ kees> linux-2.6: ddb2c43594f22843e9f3153da151deaba1a834c5
+Bugs: 
+upstream: 
+linux-2.6: 
+2.6.18-etch-security: 
+2.6.24-etchnhalf-security:
+2.6.15-dapper-security: pending
+2.6.20-feisty-security: pending
+2.6.22-gutsy-security: pending
+2.6.24-hardy-security: pending

Modified: active/CVE-2008-2136
===================================================================
--- active/CVE-2008-2136	2008-06-24 03:39:17 UTC (rev 1182)
+++ active/CVE-2008-2136	2008-06-24 05:38:06 UTC (rev 1183)
@@ -3,12 +3,13 @@
 References: 
 Ubuntu-Description: 
 Notes: 
+ kees> linux-2.6: 36ca34cc3b8335eb1fe8bd9a1d0a2592980c3f02
 Bugs: 
 upstream: 
 linux-2.6: 
 2.6.18-etch-security: released (2.6.18.dfsg.1-18etch5) [bugfix/sit-missing-kfree_skb-on-pskb_may_pull.patch]
 2.6.24-etchnhalf-security: pending (2.6.24-6~etchnhalf.3) [bugfix/sit-missing-kfree_skb-on-pskb_may_pull.patch]
-2.6.15-dapper-security: 
-2.6.20-feisty-security: 
-2.6.22-gutsy-security: 
-2.6.24-hardy-security: 
+2.6.15-dapper-security: pending
+2.6.20-feisty-security: pending
+2.6.22-gutsy-security: pending
+2.6.24-hardy-security: pending

Modified: active/CVE-2008-2137
===================================================================
--- active/CVE-2008-2137	2008-06-24 03:39:17 UTC (rev 1182)
+++ active/CVE-2008-2137	2008-06-24 05:38:06 UTC (rev 1183)
@@ -8,7 +8,7 @@
 linux-2.6: 
 2.6.18-etch-security: released (2.6.18.dfsg.1-18etch5) [bugfix/sparc-fix-mmap-va-span-checking.patch, bugfix/sparc-fix-mremap-addr-range-validation.patch]
 2.6.24-etchnhalf-security: pending (2.6.24-6~etchnhalf.3) [bugfix/sparc-fix-mmap-va-span-checking.patch, bugfix/sparc-fix-mremap-addr-range-validation.patch]
-2.6.15-dapper-security: 
-2.6.20-feisty-security: 
-2.6.22-gutsy-security: 
-2.6.24-hardy-security: 
+2.6.15-dapper-security: pending
+2.6.20-feisty-security: pending
+2.6.22-gutsy-security: pending
+2.6.24-hardy-security: pending

Modified: active/CVE-2008-2148
===================================================================
--- active/CVE-2008-2148	2008-06-24 03:39:17 UTC (rev 1182)
+++ active/CVE-2008-2148	2008-06-24 05:38:06 UTC (rev 1183)
@@ -3,12 +3,13 @@
 References: 
 Ubuntu-Description: 
 Notes: 
+ kees> 02c6be615f1fcd37ac5ed93a3ad6692ad8991cd9
 Bugs: 
 upstream: 
 linux-2.6: 
 2.6.18-etch-security: N/A
 2.6.24-etchnhalf-security: pending (2.6.24-6~etchnhalf.3) [bugfix/vfs-fix-permission-checking-in-sys_utimensat.patch]
-2.6.15-dapper-security: 
-2.6.20-feisty-security: 
-2.6.22-gutsy-security: 
-2.6.24-hardy-security: 
+2.6.15-dapper-security: N/A
+2.6.20-feisty-security: N/A
+2.6.22-gutsy-security: pending
+2.6.24-hardy-security: pending

Added: active/CVE-2008-2358
===================================================================
--- active/CVE-2008-2358	                        (rev 0)
+++ active/CVE-2008-2358	2008-06-24 05:38:06 UTC (rev 1183)
@@ -0,0 +1,19 @@
+Candidate: CVE-2008-2358
+Description: 
+ The Datagram Congestion Control Protocol (DCCP) subsystem in the Linux
+ kernel 2.6.18, and probably other versions, does not properly check
+ feature lengths, which might allow remote attackers to execute arbitrary
+ code, related to an unspecified "overflow."
+References: 
+Ubuntu-Description: 
+Notes: 
+ kees> linux-2.6: 19443178fbfbf40db15c86012fc37df1a44ab857
+Bugs: 
+upstream: 
+linux-2.6: 
+2.6.18-etch-security: 
+2.6.24-etchnhalf-security:
+2.6.15-dapper-security: N/A
+2.6.20-feisty-security: pending
+2.6.22-gutsy-security: pending
+2.6.24-hardy-security: pending

Added: active/CVE-2008-2750
===================================================================
--- active/CVE-2008-2750	                        (rev 0)
+++ active/CVE-2008-2750	2008-06-24 05:38:06 UTC (rev 1183)
@@ -0,0 +1,20 @@
+Candidate: CVE-2008-2750
+Description: 
+ The pppol2tp_recvmsg function in drivers/net/pppol2tp.c in the Linux
+ kernel 2.6 before 2.6.26-rc6 allows remote attackers to cause a denial
+ of service (kernel heap memory corruption and system crash) and possibly
+ have unspecified other impact via a crafted PPPOL2TP packet that results
+ in a large value for a certain length variable.
+References: 
+Ubuntu-Description: 
+Notes: 
+ kees> linux-2.6: 6b6707a50c7598a83820077393f8823ab791abf8
+Bugs: 
+upstream: 
+linux-2.6: 
+2.6.18-etch-security: 
+2.6.24-etchnhalf-security:
+2.6.15-dapper-security: N/A
+2.6.20-feisty-security: N/A
+2.6.22-gutsy-security: N/A
+2.6.24-hardy-security: pending

More information about the kernel-sec-discuss mailing list