[kernel-sec-discuss] r1212 - active
dannf at alioth.debian.org
dannf at alioth.debian.org
Thu Sep 4 21:42:31 UTC 2008
Author: dannf
Date: 2008-09-04 21:42:31 +0000 (Thu, 04 Sep 2008)
New Revision: 1212
Added:
active/CVE-2007-6716
active/CVE-2008-3911
active/CVE-2008-3915
Log:
new issues
Copied: active/CVE-2007-6716 (from rev 1211, active/00boilerplate)
===================================================================
--- active/CVE-2007-6716 (rev 0)
+++ active/CVE-2007-6716 2008-09-04 21:42:31 UTC (rev 1212)
@@ -0,0 +1,24 @@
+Candidate: CVE-2007-6716
+Description:
+ fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23
+ does not properly zero out the dio struct, which allows local users to
+ cause a denial of service (OOPS), as demonstrated by a certain fio
+ test.
+References:
+ http://lkml.org/lkml/2007/7/30/448
+ http://www.openwall.com/lists/oss-security/2008/09/04/1
+ http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=848c4dd5153c7a0de55470ce99a8e13a63b4703f
+ https://bugzilla.redhat.com/show_bug.cgi?id=461082
+ http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream:
+linux-2.6:
+2.6.18-etch-security:
+2.6.24-etchnhalf-security:
+2.6.26-lenny-security:
+2.6.15-dapper-security:
+2.6.20-feisty-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
Property changes on: active/CVE-2007-6716
___________________________________________________________________
Name: svn:mergeinfo
+
Copied: active/CVE-2008-3911 (from rev 1211, active/00boilerplate)
===================================================================
--- active/CVE-2008-3911 (rev 0)
+++ active/CVE-2008-3911 2008-09-04 21:42:31 UTC (rev 1212)
@@ -0,0 +1,24 @@
+Candidate: CVE-2008-3911
+Description:
+ The proc_do_xprt function in net/sunrpc/sysctl.c in the Linux kernel
+ 2.6.26.3 does not check the length of a certain buffer obtained from
+ userspace, which allows local users to overflow a stack-based buffer
+ and have unspecified other impact via a crafted read system call for
+ the /proc/sys/sunrpc/transports file.
+References:
+ http://lkml.org/lkml/2008/8/30/184
+ http://lkml.org/lkml/2008/8/30/140
+ http://www.openwall.com/lists/oss-security/2008/09/04/2
+ http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=27df6f25ff218072e0e879a96beeb398a79cdbc8
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream:
+linux-2.6:
+2.6.18-etch-security:
+2.6.24-etchnhalf-security:
+2.6.26-lenny-security:
+2.6.15-dapper-security:
+2.6.20-feisty-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
Property changes on: active/CVE-2008-3911
___________________________________________________________________
Name: svn:mergeinfo
+
Copied: active/CVE-2008-3915 (from rev 1211, active/00boilerplate)
===================================================================
--- active/CVE-2008-3915 (rev 0)
+++ active/CVE-2008-3915 2008-09-04 21:42:31 UTC (rev 1212)
@@ -0,0 +1,16 @@
+Candidate: CVE-2008-3915
+Description:
+References:
+ 91b80969ba466ba4b915a4a1d03add8c297add3f
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream:
+linux-2.6:
+2.6.18-etch-security:
+2.6.24-etchnhalf-security:
+2.6.26-lenny-security:
+2.6.15-dapper-security:
+2.6.20-feisty-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
Property changes on: active/CVE-2008-3915
___________________________________________________________________
Name: svn:mergeinfo
+
More information about the kernel-sec-discuss
mailing list