[kernel-sec-discuss] r1468 - active
Michael Gilbert
gilbert-guest at alioth.debian.org
Tue Aug 18 21:39:16 UTC 2009
Author: gilbert-guest
Date: 2009-08-18 21:39:15 +0000 (Tue, 18 Aug 2009)
New Revision: 1468
Added:
active/CVE-2009-2767
active/CVE-2009-2768
active/CVE-2009-2844
active/CVE-2009-2846
active/CVE-2009-2847
active/CVE-2009-2848
active/CVE-2009-2849
Removed:
active/CVE-2009-WWWW
active/CVE-2009-XXXX
active/CVE-2009-YYYY
active/CVE-2009-ZZZZ
active/CVE-2009-cfg80211-null-ptr
active/CVE-2009-load_flat_shared_library-null-ptr-dereference
active/CVE-2009-parisc-eisa-underflow
Log:
cve numbers assigned to latest round of issues
Copied: active/CVE-2009-2767 (from rev 1467, active/CVE-2009-ZZZZ)
===================================================================
--- active/CVE-2009-2767 (rev 0)
+++ active/CVE-2009-2767 2009-08-18 21:39:15 UTC (rev 1468)
@@ -0,0 +1,23 @@
+Candidate: CVE-2009-2767
+Description:
+ Calling do_nanosleep() with clockid CLOCK_MONOTONIC_RAW can cause a NULL
+pointer dereference. Appears to be introduced after commit 2d42244a
+(v2.6.28-rc1).
+References:
+ http://git.kernel.org/linus/70d715fd0597f18528f389b5ac59102263067744
+ http://lkml.org/lkml/2009/8/4/40
+ http://lkml.org/lkml/2009/8/4/28
+ http://lkml.org/lkml/2009/8/2/331
+ https://bugzilla.redhat.com/show_bug.cgi?id=515867
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.31-rc6) [70d715f]
+linux-2.6: released (2.6.30-6) [bugfix/all/posix-timers-fix-oops-in-clock-nanosleep-with-CLOCK_MONOTONIC_RAW.patch]
+2.6.18-etch-security: N/A "Appears to be introduced after commit 2d42244a (v2.6.28-rc1)"
+2.6.24-etch-security: N/A "Appears to be introduced after commit 2d42244a (v2.6.28-rc1)"
+2.6.26-lenny-security: N/A "Appears to be introduced after commit 2d42244a (v2.6.28-rc1)"
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: active/CVE-2009-2768 (from rev 1467, active/CVE-2009-load_flat_shared_library-null-ptr-dereference)
===================================================================
--- active/CVE-2009-2768 (rev 0)
+++ active/CVE-2009-2768 2009-08-18 21:39:15 UTC (rev 1468)
@@ -0,0 +1,19 @@
+Candidate: CVE-2009-2768
+Description:
+ The new credentials code broke load_flat_shared_library() as it now uses an
+ uninitialized cred pointer, leading to a NULL pointer dereference.
+References:
+ http://lkml.org/lkml/2009/6/22/91
+ http://thread.gmane.org/gmane.linux.hardware.blackfin.kernel.devel/1905
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.31-rc6) [3440625d78711bee41a84cf29c3d8c579b522666]
+linux-2.6: released (2.6.30-6) [bugfix/all/flat-fix-uninitialized-ptr-with-shared-libs.patch]
+2.6.18-etch-security: N/A "kernel/cred.c introduced in 2.6.29"
+2.6.24-etch-security: N/A "kernel/cred.c introduced in 2.6.29"
+2.6.26-lenny-security: N/A "kernel/cred.c introduced in 2.6.29"
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: active/CVE-2009-2844 (from rev 1467, active/CVE-2009-cfg80211-null-ptr)
===================================================================
--- active/CVE-2009-2844 (rev 0)
+++ active/CVE-2009-2844 2009-08-18 21:39:15 UTC (rev 1468)
@@ -0,0 +1,15 @@
+Candidate: CVE-2009-2844
+Description:
+References:
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.31-rc6)
+linux-2.6: needed
+2.6.18-etch-security: N/A "Affects >= 2.6.30-rc1"
+2.6.24-etch-security: N/A "Affects >= 2.6.30-rc1"
+2.6.26-lenny-security: N/A "Affects >= 2.6.30-rc1"
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: active/CVE-2009-2846 (from rev 1467, active/CVE-2009-parisc-eisa-underflow)
===================================================================
--- active/CVE-2009-2846 (rev 0)
+++ active/CVE-2009-2846 2009-08-18 21:39:15 UTC (rev 1468)
@@ -0,0 +1,15 @@
+Candidate: CVE-2009-2846
+Description:
+References:
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: pending (2.6.31) [6b4dbcd8]
+linux-2.6: pending (2.6.30-6) [bugfix/parisc/isa-eeprom-fix-loff_t-usage.patch]
+2.6.18-etch-security:
+2.6.24-etch-security:
+2.6.26-lenny-security:
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: active/CVE-2009-2847 (from rev 1467, active/CVE-2009-XXXX)
===================================================================
--- active/CVE-2009-2847 (rev 0)
+++ active/CVE-2009-2847 2009-08-18 21:39:15 UTC (rev 1468)
@@ -0,0 +1,29 @@
+Candidate: CVE-2009-2847
+Description:
+ do_sigaltstack: avoid copying 'stack_t' as a structure to user space
+.
+ Ulrich Drepper correctly points out that there is generally padding in
+ the structure on 64-bit hosts, and that copying the structure from
+ kernel to user space can leak information from the kernel stack in those
+ padding bytes.
+.
+ Avoid the whole issue by just copying the three members one by one
+ instead, which also means that the function also can avoid the need for
+ a stack frame. This also happens to match how we copy the new structure
+ from user space, so it all even makes sense.
+References:
+ http://git.kernel.org/linus/0083fc2c50e6c5127c2802ad323adf8143ab7856
+ https://bugzilla.redhat.com/show_bug.cgi?id=515392
+ http://milw0rm.com/exploits/9352
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.31-rc6) [0083fc2]
+linux-2.6: released (2.6.30-6) [bugfix/all/do_sigaltstack-avoid-copying-stack_t-as-a-structure-to-userspace.patch]
+2.6.18-etch-security:
+2.6.24-etch-security:
+2.6.26-lenny-security:
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: active/CVE-2009-2848 (from rev 1467, active/CVE-2009-YYYY)
===================================================================
--- active/CVE-2009-2848 (rev 0)
+++ active/CVE-2009-2848 2009-08-18 21:39:15 UTC (rev 1468)
@@ -0,0 +1,18 @@
+Candidate: CVE-2009-2848
+Description:
+ execve must clear curent->child_tid
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=515423
+ http://article.gmane.org/gmane.linux.kernel/871942
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream:
+linux-2.6:
+2.6.18-etch-security:
+2.6.24-etch-security:
+2.6.26-lenny-security:
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Added: active/CVE-2009-2849
===================================================================
--- active/CVE-2009-2849 (rev 0)
+++ active/CVE-2009-2849 2009-08-18 21:39:15 UTC (rev 1468)
@@ -0,0 +1,19 @@
+Candidate: CVE-2009-2849
+Description:
+ md raid null pointer dereference (when sysfs available)
+References:
+ http://xorl.wordpress.com/2009/07/21/linux-kernel-md-driver-null-pointer-dereference/
+ http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.30.y.git;a=commit;h=3c92900d9a4afb176d3de335dc0da0198660a244
+ http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=b8d966efd9a46a9a35beac50cbff6e30565125ef
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.30.2, 2.6.31-rc) [b8d966e]
+linux-2.6: released (2.6.30-4) [bugfix/all/stable/2.6.30.2.patch]
+2.6.18-etch-security:
+2.6.24-etch-security:
+2.6.26-lenny-security:
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Deleted: active/CVE-2009-WWWW
===================================================================
--- active/CVE-2009-WWWW 2009-08-17 20:41:14 UTC (rev 1467)
+++ active/CVE-2009-WWWW 2009-08-18 21:39:15 UTC (rev 1468)
@@ -1,19 +0,0 @@
-Candidate:
-Description:
- md raid null pointer dereference (when sysfs available)
-References:
- http://xorl.wordpress.com/2009/07/21/linux-kernel-md-driver-null-pointer-dereference/
- http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.30.y.git;a=commit;h=3c92900d9a4afb176d3de335dc0da0198660a244
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=b8d966efd9a46a9a35beac50cbff6e30565125ef
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.30.2, 2.6.31-rc) [b8d966e]
-linux-2.6: released (2.6.30-4) [bugfix/all/stable/2.6.30.2.patch]
-2.6.18-etch-security:
-2.6.24-etch-security:
-2.6.26-lenny-security:
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-XXXX
===================================================================
--- active/CVE-2009-XXXX 2009-08-17 20:41:14 UTC (rev 1467)
+++ active/CVE-2009-XXXX 2009-08-18 21:39:15 UTC (rev 1468)
@@ -1,29 +0,0 @@
-Candidate:
-Description:
- do_sigaltstack: avoid copying 'stack_t' as a structure to user space
-.
- Ulrich Drepper correctly points out that there is generally padding in
- the structure on 64-bit hosts, and that copying the structure from
- kernel to user space can leak information from the kernel stack in those
- padding bytes.
-.
- Avoid the whole issue by just copying the three members one by one
- instead, which also means that the function also can avoid the need for
- a stack frame. This also happens to match how we copy the new structure
- from user space, so it all even makes sense.
-References:
- http://git.kernel.org/linus/0083fc2c50e6c5127c2802ad323adf8143ab7856
- https://bugzilla.redhat.com/show_bug.cgi?id=515392
- http://milw0rm.com/exploits/9352
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.31-rc6) [0083fc2]
-linux-2.6: released (2.6.30-6) [bugfix/all/do_sigaltstack-avoid-copying-stack_t-as-a-structure-to-userspace.patch]
-2.6.18-etch-security:
-2.6.24-etch-security:
-2.6.26-lenny-security:
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-YYYY
===================================================================
--- active/CVE-2009-YYYY 2009-08-17 20:41:14 UTC (rev 1467)
+++ active/CVE-2009-YYYY 2009-08-18 21:39:15 UTC (rev 1468)
@@ -1,18 +0,0 @@
-Candidate:
-Description:
- execve must clear curent->child_tid
-References:
- https://bugzilla.redhat.com/show_bug.cgi?id=515423
- http://article.gmane.org/gmane.linux.kernel/871942
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream:
-linux-2.6:
-2.6.18-etch-security:
-2.6.24-etch-security:
-2.6.26-lenny-security:
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-ZZZZ
===================================================================
--- active/CVE-2009-ZZZZ 2009-08-17 20:41:14 UTC (rev 1467)
+++ active/CVE-2009-ZZZZ 2009-08-18 21:39:15 UTC (rev 1468)
@@ -1,23 +0,0 @@
-Candidate:
-Description:
- Calling do_nanosleep() with clockid CLOCK_MONOTONIC_RAW can cause a NULL
-pointer dereference. Appears to be introduced after commit 2d42244a
-(v2.6.28-rc1).
-References:
- http://git.kernel.org/linus/70d715fd0597f18528f389b5ac59102263067744
- http://lkml.org/lkml/2009/8/4/40
- http://lkml.org/lkml/2009/8/4/28
- http://lkml.org/lkml/2009/8/2/331
- https://bugzilla.redhat.com/show_bug.cgi?id=515867
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.31-rc6) [70d715f]
-linux-2.6: released (2.6.30-6) [bugfix/all/posix-timers-fix-oops-in-clock-nanosleep-with-CLOCK_MONOTONIC_RAW.patch]
-2.6.18-etch-security: N/A "Appears to be introduced after commit 2d42244a (v2.6.28-rc1)"
-2.6.24-etch-security: N/A "Appears to be introduced after commit 2d42244a (v2.6.28-rc1)"
-2.6.26-lenny-security: N/A "Appears to be introduced after commit 2d42244a (v2.6.28-rc1)"
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-cfg80211-null-ptr
===================================================================
--- active/CVE-2009-cfg80211-null-ptr 2009-08-17 20:41:14 UTC (rev 1467)
+++ active/CVE-2009-cfg80211-null-ptr 2009-08-18 21:39:15 UTC (rev 1468)
@@ -1,15 +0,0 @@
-Candidate:
-Description:
-References:
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.31-rc6)
-linux-2.6: needed
-2.6.18-etch-security: N/A "Affects >= 2.6.30-rc1"
-2.6.24-etch-security: N/A "Affects >= 2.6.30-rc1"
-2.6.26-lenny-security: N/A "Affects >= 2.6.30-rc1"
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-load_flat_shared_library-null-ptr-dereference
===================================================================
--- active/CVE-2009-load_flat_shared_library-null-ptr-dereference 2009-08-17 20:41:14 UTC (rev 1467)
+++ active/CVE-2009-load_flat_shared_library-null-ptr-dereference 2009-08-18 21:39:15 UTC (rev 1468)
@@ -1,19 +0,0 @@
-Candidate:
-Description:
- The new credentials code broke load_flat_shared_library() as it now uses an
- uninitialized cred pointer, leading to a NULL pointer dereference.
-References:
- http://lkml.org/lkml/2009/6/22/91
- http://thread.gmane.org/gmane.linux.hardware.blackfin.kernel.devel/1905
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.31-rc6) [3440625d78711bee41a84cf29c3d8c579b522666]
-linux-2.6: released (2.6.30-6) [bugfix/all/flat-fix-uninitialized-ptr-with-shared-libs.patch]
-2.6.18-etch-security: N/A "kernel/cred.c introduced in 2.6.29"
-2.6.24-etch-security: N/A "kernel/cred.c introduced in 2.6.29"
-2.6.26-lenny-security: N/A "kernel/cred.c introduced in 2.6.29"
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-parisc-eisa-underflow
===================================================================
--- active/CVE-2009-parisc-eisa-underflow 2009-08-17 20:41:14 UTC (rev 1467)
+++ active/CVE-2009-parisc-eisa-underflow 2009-08-18 21:39:15 UTC (rev 1468)
@@ -1,15 +0,0 @@
-Candidate:
-Description:
-References:
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: pending (2.6.31) [6b4dbcd8]
-linux-2.6: pending (2.6.30-6) [bugfix/parisc/isa-eeprom-fix-loff_t-usage.patch]
-2.6.18-etch-security:
-2.6.24-etch-security:
-2.6.26-lenny-security:
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
More information about the kernel-sec-discuss
mailing list