[kernel-sec-discuss] r1215 - active
dannf at alioth.debian.org
dannf at alioth.debian.org
Fri Sep 5 21:47:03 UTC 2008
Author: dannf
Date: 2008-09-05 21:47:02 +0000 (Fri, 05 Sep 2008)
New Revision: 1215
Modified:
active/CVE-2007-6716
active/CVE-2008-2944
active/CVE-2008-3275
active/CVE-2008-3526
active/CVE-2008-3792
Log:
debian updates
Modified: active/CVE-2007-6716
===================================================================
--- active/CVE-2007-6716 2008-09-04 22:52:34 UTC (rev 1214)
+++ active/CVE-2007-6716 2008-09-05 21:47:02 UTC (rev 1215)
@@ -16,8 +16,8 @@
upstream:
linux-2.6:
2.6.18-etch-security:
-2.6.24-etch-security:
-2.6.26-lenny-security:
+2.6.24-etch-security: N/A
+2.6.26-lenny-security: N/A
2.6.15-dapper-security:
2.6.20-feisty-security:
2.6.22-gutsy-security:
Modified: active/CVE-2008-2944
===================================================================
--- active/CVE-2008-2944 2008-09-04 22:52:34 UTC (rev 1214)
+++ active/CVE-2008-2944 2008-09-05 21:47:02 UTC (rev 1215)
@@ -1,14 +1,21 @@
Candidate: CVE-2008-2944
Description:
-References:
+ Double free vulnerability in the utrace support in the Linux kernel, probably
+ 2.6.18, in Red Hat Enterprise Linux (RHEL) 5 and Fedora Core 6 (FC6) allows
+ local users to cause a denial of service (oops), as demonstrated by a crash
+ when running the GNU GDB testsuite, a different vulnerability than
+ CVE-2008-2365.
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=207002
+ https://bugzilla.redhat.com/show_bug.cgi?id=449359
Ubuntu-Description:
Notes:
Bugs:
upstream:
linux-2.6:
-2.6.18-etch-security:
-2.6.24-etch-security:
-2.6.26-lenny-security:
+2.6.18-etch-security: N/A "no utrace"
+2.6.24-etch-security: N/A "no utrace"
+2.6.26-lenny-security: N/A "no utrace"
2.6.15-dapper-security:
2.6.20-feisty-security:
2.6.22-gutsy-security:
Modified: active/CVE-2008-3275
===================================================================
--- active/CVE-2008-3275 2008-09-04 22:52:34 UTC (rev 1214)
+++ active/CVE-2008-3275 2008-09-05 21:47:02 UTC (rev 1215)
@@ -7,7 +7,7 @@
upstream: released (2.6.25.15, 2.6.26.2)
linux-2.6:
2.6.18-etch-security: released (2.6.18.dfsg.1-22etch2) [bugfix/vfs-fix-lookup-on-deleted-directory.patch]
-2.6.24-etch-security:
+2.6.24-etch-security: pending (2.6.24-6~etchnhalf.5) [bugfix/vfs-fix-lookup-on-deleted-directory.patch]
2.6.26-lenny-security: released (2.6.26-2) [bugfix/all/stable/2.6.26.2.patch]
2.6.15-dapper-security:
2.6.20-feisty-security:
Modified: active/CVE-2008-3526
===================================================================
--- active/CVE-2008-3526 2008-09-04 22:52:34 UTC (rev 1214)
+++ active/CVE-2008-3526 2008-09-05 21:47:02 UTC (rev 1215)
@@ -8,7 +8,7 @@
upstream: pending
linux-2.6: released (2.6.26-4) [bugfix/sctp-auth-key-length-check.patch]
2.6.18-etch-security: N/A "code not present"
-2.6.24-etch-security:
+2.6.24-etch-security: pending (2.6.24-6~etchnhalf.5) [bugfix/sctp-auth-key-length-check.patch]
2.6.26-lenny-security: released (2.6.26-4) [bugfix/sctp-auth-key-length-check.patch]
2.6.15-dapper-security:
2.6.20-feisty-security:
Modified: active/CVE-2008-3792
===================================================================
--- active/CVE-2008-3792 2008-09-04 22:52:34 UTC (rev 1214)
+++ active/CVE-2008-3792 2008-09-05 21:47:02 UTC (rev 1215)
@@ -8,7 +8,7 @@
upstream: pending
linux-2.6: released (2.6.26-4) [bugfix/sctp-auth-panics.patch]
2.6.18-etch-security:
-2.6.24-etch-security:
+2.6.24-etch-security: pending (2.6.24-6~etchhalf.5) [bugfix/sctp-fix-length-in-AUTH_CHUNKS-option.patch, bugfix/sctp-auth-panics.patch]
2.6.26-lenny-security: released (2.6.26-4) [bugfix/sctp-auth-panics.patch]
2.6.15-dapper-security:
2.6.20-feisty-security:
More information about the kernel-sec-discuss
mailing list