[kernel-sec-discuss] r1606 - active retired
Moritz Muehlenhoff
jmm at alioth.debian.org
Mon Nov 16 23:43:55 UTC 2009
Author: jmm
Date: 2009-11-16 23:43:55 +0000 (Mon, 16 Nov 2009)
New Revision: 1606
Added:
retired/CVE-2009-3621
retired/CVE-2009-3624
Removed:
active/CVE-2009-3621
active/CVE-2009-3624
Log:
retire two issues
Deleted: active/CVE-2009-3621
===================================================================
--- active/CVE-2009-3621 2009-11-16 23:42:50 UTC (rev 1605)
+++ active/CVE-2009-3621 2009-11-16 23:43:55 UTC (rev 1606)
@@ -1,13 +0,0 @@
-Candidate: CVE-2009-3621
-Description:
-References:
- https://bugzilla.redhat.com/show_bug.cgi?id=529626
- http://patchwork.kernel.org/patch/54678/
- http://www.openwall.com/lists/oss-security/2009/10/19/2
-Notes:
-Bugs:
-upstream: released (2.6.32-rc6) [77238f2b942b38ab4e7f3aced44084493e4a8675], released (2.6.31.6) [027590f053888a282d09f420a39ad08a17dda76f]
-linux-2.6: released (2.6.31-2)
-2.6.18-etch-security: released (2.6.18.dfsg.1-26etch1) [bugfix/all/af_unix-fix-deadlock-on-connecting-to-shutdown-socket.patch]
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch1) [bugfix/all/af_unix-fix-deadlock-on-connecting-to-shutdown-socket.patch]
-2.6.26-lenny-security: released (2.6.26-19lenny2) [bugfix/all/af_unix-fix-deadlock-on-connecting-to-shutdown-socket.patch]
Deleted: active/CVE-2009-3624
===================================================================
--- active/CVE-2009-3624 2009-11-16 23:42:50 UTC (rev 1605)
+++ active/CVE-2009-3624 2009-11-16 23:43:55 UTC (rev 1606)
@@ -1,34 +0,0 @@
-Candidate: CVE-2009-3624
-Description:
- "The destination keyring specified to request_key() and co. is made
- available to the process that instantiates the key (the slave process
- started by /sbin/request-key typically). This is passed in the
- request_key_auth struct as the dest_keyring member.
- .
- keyctl_instantiate_key and keyctl_negate_key() call
- get_instantiation_keyring() to get the keyring to attach the newly
- constructed key to at the end of instantiation. This may be given a
- specific keyring into which a link will be made later, or it may be
- asked to find the keyring passed to request_key(). In the former
- case, it returns a keyring with the refcount incremented by
- lookup_user_key(); in the latter case, it returns the keyring from the
- request_key_auth struct - and does _not_ increment the refcount.
- .
- The latter case will eventually result in an oops when the keyring
- prematurely runs out of references and gets destroyed. The effect may
- take some time to show up as the key is destroyed lazily.
- .
- To fix this, the keyring returned by get_instantiation_keyring() must
- always have its refcount incremented, no matter where it comes from."
-References:
-http://git.kernel.org/linus/8bbf4976
-http://git.kernel.org/linus/21279cfa107af07ef985539ac0de2152b9cba5f5
-http://twitter.com/spendergrsec/status/4916661870
-Notes:
- jmm> Introduced in 2.6.29-rc1
-Bugs:
-upstream: released (2.6.32-rc5) [21279cfa107af07ef985539ac0de2152b9cba5f5], released (2.6.31.6) [7a99333e851ef087c7cd836950900602f0843c24]
-linux-2.6: released (2.6.31-2)
-2.6.18-etch-security: N/A
-2.6.24-etch-security: N/A
-2.6.26-lenny-security: N/A
Copied: retired/CVE-2009-3621 (from rev 1602, active/CVE-2009-3621)
===================================================================
--- retired/CVE-2009-3621 (rev 0)
+++ retired/CVE-2009-3621 2009-11-16 23:43:55 UTC (rev 1606)
@@ -0,0 +1,13 @@
+Candidate: CVE-2009-3621
+Description:
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=529626
+ http://patchwork.kernel.org/patch/54678/
+ http://www.openwall.com/lists/oss-security/2009/10/19/2
+Notes:
+Bugs:
+upstream: released (2.6.32-rc6) [77238f2b942b38ab4e7f3aced44084493e4a8675], released (2.6.31.6) [027590f053888a282d09f420a39ad08a17dda76f]
+linux-2.6: released (2.6.31-2)
+2.6.18-etch-security: released (2.6.18.dfsg.1-26etch1) [bugfix/all/af_unix-fix-deadlock-on-connecting-to-shutdown-socket.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch1) [bugfix/all/af_unix-fix-deadlock-on-connecting-to-shutdown-socket.patch]
+2.6.26-lenny-security: released (2.6.26-19lenny2) [bugfix/all/af_unix-fix-deadlock-on-connecting-to-shutdown-socket.patch]
Copied: retired/CVE-2009-3624 (from rev 1602, active/CVE-2009-3624)
===================================================================
--- retired/CVE-2009-3624 (rev 0)
+++ retired/CVE-2009-3624 2009-11-16 23:43:55 UTC (rev 1606)
@@ -0,0 +1,34 @@
+Candidate: CVE-2009-3624
+Description:
+ "The destination keyring specified to request_key() and co. is made
+ available to the process that instantiates the key (the slave process
+ started by /sbin/request-key typically). This is passed in the
+ request_key_auth struct as the dest_keyring member.
+ .
+ keyctl_instantiate_key and keyctl_negate_key() call
+ get_instantiation_keyring() to get the keyring to attach the newly
+ constructed key to at the end of instantiation. This may be given a
+ specific keyring into which a link will be made later, or it may be
+ asked to find the keyring passed to request_key(). In the former
+ case, it returns a keyring with the refcount incremented by
+ lookup_user_key(); in the latter case, it returns the keyring from the
+ request_key_auth struct - and does _not_ increment the refcount.
+ .
+ The latter case will eventually result in an oops when the keyring
+ prematurely runs out of references and gets destroyed. The effect may
+ take some time to show up as the key is destroyed lazily.
+ .
+ To fix this, the keyring returned by get_instantiation_keyring() must
+ always have its refcount incremented, no matter where it comes from."
+References:
+http://git.kernel.org/linus/8bbf4976
+http://git.kernel.org/linus/21279cfa107af07ef985539ac0de2152b9cba5f5
+http://twitter.com/spendergrsec/status/4916661870
+Notes:
+ jmm> Introduced in 2.6.29-rc1
+Bugs:
+upstream: released (2.6.32-rc5) [21279cfa107af07ef985539ac0de2152b9cba5f5], released (2.6.31.6) [7a99333e851ef087c7cd836950900602f0843c24]
+linux-2.6: released (2.6.31-2)
+2.6.18-etch-security: N/A
+2.6.24-etch-security: N/A
+2.6.26-lenny-security: N/A
More information about the kernel-sec-discuss
mailing list