[kernel-sec-discuss] r1585 - active retired

Thu Nov 12 22:12:44 UTC 2009

Author: jmm
Date: 2009-11-12 22:12:43 +0000 (Thu, 12 Nov 2009)
New Revision: 1585

Added:
   retired/CVE-2009-3043
   retired/CVE-2009-3288
Removed:
   active/CVE-2009-3043
   active/CVE-2009-3288
Log:
retire issues


Deleted: active/CVE-2009-3043
===================================================================

--- active/CVE-2009-3043	2009-11-10 16:20:13 UTC (rev 1584)
+++ active/CVE-2009-3043	2009-11-12 22:12:43 UTC (rev 1585)
@@ -1,25 +0,0 @@
-Candidate: CVE-2009-3043
-Description:
- The tty ldisc code was rewritten to use proper reference counts (commits 
- 65b770468e98 and cbe9352fa08f) in order to avoid a race with hangup, but 
- it also introduced another bug that can result in various problems such 
- as a NULL pointer dereference in run_timer_softirq() or a BUG() in 
- worker_thread. More info in the patch.
-References:
- http://git.kernel.org/linus/5c58ceff103d8a654f24769bb1baaf84a841b0cc
- http://lkml.org/lkml/2009/8/20/27
- http://lkml.org/lkml/2009/8/20/68
- http://lkml.org/lkml/2009/8/20/21
-Ubuntu-Description:
-Notes:
- Introduced in commits c65c9bc3 and c8d50041.
-Bugs:
-upstream: released (2.6.31) [5c58ceff103d8a654f24769bb1baaf84a841b0cc]
-linux-2.6: released (2.6.31-1)
-2.6.18-etch-security: N/A "introduced in 2.6.31-rc1"
-2.6.24-etch-security: N/A "introduced in 2.6.31-rc1"
-2.6.26-lenny-security: N/A "introduced in 2.6.31-rc1"
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:

Deleted: active/CVE-2009-3288
===================================================================
--- active/CVE-2009-3288	2009-11-10 16:20:13 UTC (rev 1584)
+++ active/CVE-2009-3288	2009-11-12 22:12:43 UTC (rev 1585)
@@ -1,23 +0,0 @@
-Candidate: CVE-2009-3288
-Description:
- The sg_build_indirect function in drivers/scsi/sg.c in Linux kernel
- 2.6.28-rc1 through 2.6.31-rc8 uses an incorrect variable when
- accessing an array, which allows local users to cause a denial of
- service (kernel OOPS and NULL pointer dereference), as demonstrated by
- using xcdroast to duplicate a CD.  NOTE: this is only exploitable by
- users who can open the cdrom device.
-References:
- http://www.openwall.com/lists/oss-security/2009/09/03/4
-Ubuntu-Description:
-Notes:
- jmm> e71044ee2efa4792e21d243b03d49006db66aec9
-Bugs:
-upstream: released (2.6.31.1)
-linux-2.6: released (2.6.31-1)
-2.6.18-etch-security: N/A "Introduced by upstream commit 10db10d1 in v2.6.28-rc1.
-2.6.24-etch-security: N/A "Introduced by upstream commit 10db10d1 in v2.6.28-rc1.
-2.6.26-lenny-security: N/A "Introduced by upstream commit 10db10d1 in v2.6.28-rc1.
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:

Copied: retired/CVE-2009-3043 (from rev 1584, active/CVE-2009-3043)
===================================================================
--- retired/CVE-2009-3043	                        (rev 0)
+++ retired/CVE-2009-3043	2009-11-12 22:12:43 UTC (rev 1585)
@@ -0,0 +1,25 @@
+Candidate: CVE-2009-3043
+Description:
+ The tty ldisc code was rewritten to use proper reference counts (commits 
+ 65b770468e98 and cbe9352fa08f) in order to avoid a race with hangup, but 
+ it also introduced another bug that can result in various problems such 
+ as a NULL pointer dereference in run_timer_softirq() or a BUG() in 
+ worker_thread. More info in the patch.
+References:
+ http://git.kernel.org/linus/5c58ceff103d8a654f24769bb1baaf84a841b0cc
+ http://lkml.org/lkml/2009/8/20/27
+ http://lkml.org/lkml/2009/8/20/68
+ http://lkml.org/lkml/2009/8/20/21
+Ubuntu-Description:
+Notes:
+ Introduced in commits c65c9bc3 and c8d50041.
+Bugs:
+upstream: released (2.6.31) [5c58ceff103d8a654f24769bb1baaf84a841b0cc]
+linux-2.6: released (2.6.31-1)
+2.6.18-etch-security: N/A "introduced in 2.6.31-rc1"
+2.6.24-etch-security: N/A "introduced in 2.6.31-rc1"
+2.6.26-lenny-security: N/A "introduced in 2.6.31-rc1"
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:

Copied: retired/CVE-2009-3288 (from rev 1584, active/CVE-2009-3288)
===================================================================
--- retired/CVE-2009-3288	                        (rev 0)
+++ retired/CVE-2009-3288	2009-11-12 22:12:43 UTC (rev 1585)
@@ -0,0 +1,23 @@
+Candidate: CVE-2009-3288
+Description:
+ The sg_build_indirect function in drivers/scsi/sg.c in Linux kernel
+ 2.6.28-rc1 through 2.6.31-rc8 uses an incorrect variable when
+ accessing an array, which allows local users to cause a denial of
+ service (kernel OOPS and NULL pointer dereference), as demonstrated by
+ using xcdroast to duplicate a CD.  NOTE: this is only exploitable by
+ users who can open the cdrom device.
+References:
+ http://www.openwall.com/lists/oss-security/2009/09/03/4
+Ubuntu-Description:
+Notes:
+ jmm> e71044ee2efa4792e21d243b03d49006db66aec9
+Bugs:
+upstream: released (2.6.31.1)
+linux-2.6: released (2.6.31-1)
+2.6.18-etch-security: N/A "Introduced by upstream commit 10db10d1 in v2.6.28-rc1.
+2.6.24-etch-security: N/A "Introduced by upstream commit 10db10d1 in v2.6.28-rc1.
+2.6.26-lenny-security: N/A "Introduced by upstream commit 10db10d1 in v2.6.28-rc1.
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:


