[kernel-sec-discuss] r1349 - dsa-texts
Dann Frazier
dannf at alioth.debian.org
Fri May 1 05:33:39 UTC 2009
Author: dannf
Date: 2009-05-01 05:33:39 +0000 (Fri, 01 May 2009)
New Revision: 1349
Modified:
dsa-texts/2.6.24-6~etchnhalf.8etch1
Log:
more CVE texts
Modified: dsa-texts/2.6.24-6~etchnhalf.8etch1
===================================================================
--- dsa-texts/2.6.24-6~etchnhalf.8etch1 2009-04-30 22:56:59 UTC (rev 1348)
+++ dsa-texts/2.6.24-6~etchnhalf.8etch1 2009-05-01 05:33:39 UTC (rev 1349)
@@ -21,6 +21,11 @@
problems:
CVE-2008-4307
+
+ Bryn M. Reeves reported a denial of service in the NFS filesystem.
+ Local users can trigger a kernel BUG() due to a race condition
+ in the do_setlk function.
+
CVE-2008-5079
Hugo Dias reported a DoS condition in the ATM subsystem that can
@@ -28,10 +33,34 @@
twice on the same socket and reading /proc/net/atm/*vc.
CVE-2008-5395
+
+ Helge Deller discovered a denial of service condition that allows
+ local users on PA-RISC systems to crash a system by attempting
+ to unwind a stack contiaining userspace addresses.
+
CVE-2008-5700
+
+ Alan Cox discovered a lack of minimum timeouts on SG_IO requests,
+ which allows local users of systems using ATA to cause a denial
+ of service by forcing drives into PIO mode.
+
CVE-2008-5701
+
+ Vlad Malov reported an issue on 64-bit MIPS systems where a local user
+ could cause a system crash by crafing a malicious binary which makes
+ o32 syscalls with a number less than 4000.
+
CVE-2008-5702
+
+ Zvonimir Rakamaric reported an off-by-one error in the ib700wdt watchdog
+ driver which allows local users to cause a buffer underflow by making
+ a specially crafted WDIOC_SETTIMEOUT ioctl call.
+
CVE-2009-0028
+
+ Chris Evans discovered a situation in which a child process can send
+ an arbitrary signal to its parent.
+
CVE-2009-0029
Christian Borntraeger discovered an issue effecting the alpha,
@@ -69,7 +98,7 @@
CVE-2009-0676
- Clément LECIGNE discovered a bug in the sock_getsockopt function
+ Clement LECIGNE discovered a bug in the sock_getsockopt function
that may result in leaking sensitive kernel memory.
CVE-2009-0745
@@ -79,15 +108,59 @@
during a resize operation.
CVE-2009-0834
+
+ Roland McGrath discovered an issue on amd64 kernels that allows local
+ users to circumvent system call audit configurations which filter
+ based on the syscall numbers or argument details.
+
CVE-2009-0859
+
+ Jiri Olsa discovered that a local user can cause a denial of service
+ (system hang) using a SHM_INFO shmctl call on kernels compiled with
+ CONFIG_SHMEM disabled. This issue does not affect prebuilt Debian
+ kernels.
+
CVE-2009-1046
+
+ Mikulas Patocka reported an issue in the console subsystem that allows
+ a local user to cause memory corruption by selecting a small number of
+ 3-byte UTF-8 characters.
+
CVE-2009-1192
+
+ Shaohua Li reported an issue in the AGP subsystem they may allow local
+ users to read sensitive kernel memory due to a leak of uninitialized
+ memory.
+
CVE-2009-1242
+
+ Benjamin Gilbert reported a local denial of service vulnerability in the
+ KVM VMX implementation that allows local users to trigger an oops.
+
CVE-2009-1265
+
+ Thomas Pollet reported an overflow in the af_rose implementation that
+ allows remote attackers to retrieve uninitialized kernel memory that
+ may contain sensitive data.
+
CVE-2009-1337
+
+ Oleg Nesterov discovered an issue in the exit_notify function that allows
+ local users to send an arbitrary signal to a process by running a program
+ that modifies the exit_signal field and then uses an exec system call to
+ launch a setuid application.
+
CVE-2009-1338
+
+ Daniel Hokka Zakrisson discovered that a kill(-1) is permitted to reach
+ processes outside of the current process namespace.
+
CVE-2009-1439
+ Pavan Naregundi reported an issue in the CIFS filesystem code that
+ allows remote users to overwrite memory via a long nativeFileSystem
+ field in a Tree Connect response during mount.
+
For the stable distribution (etch), these problems have been fixed in
version 2.6.24-6~etchnhalf.8etch1.
More information about the kernel-sec-discuss
mailing list