[kernel-sec-discuss] r1522 - active retired
Moritz Muehlenhoff
jmm at alioth.debian.org
Mon Oct 19 17:24:38 UTC 2009
Author: jmm
Date: 2009-10-19 17:24:38 +0000 (Mon, 19 Oct 2009)
New Revision: 1522
Added:
retired/CVE-2008-3525
retired/CVE-2008-3526
retired/CVE-2008-3527
retired/CVE-2008-3686
retired/CVE-2008-3832
retired/CVE-2008-3833
retired/CVE-2008-3911
retired/CVE-2008-4210
retired/CVE-2008-4302
retired/CVE-2008-4307
Removed:
active/CVE-2008-3525
active/CVE-2008-3526
active/CVE-2008-3527
active/CVE-2008-3686
active/CVE-2008-3832
active/CVE-2008-3833
active/CVE-2008-3911
active/CVE-2008-4210
active/CVE-2008-4302
active/CVE-2008-4307
Log:
retire more issues
Deleted: active/CVE-2008-3525
===================================================================
--- active/CVE-2008-3525 2009-10-19 17:21:08 UTC (rev 1521)
+++ active/CVE-2008-3525 2009-10-19 17:24:38 UTC (rev 1522)
@@ -1,17 +0,0 @@
-Candidate: CVE-2008-3525
-Description:
-References:
- f2455eb176ac87081bbfc9a44b21c7cd2bc1967e
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.27)
-linux-2.6: released (2.6.26-7) [bugfix/wan-sbni_ioctl-cap-checks.patch]
-2.6.18-etch-security: released (2.6.18.dfsg.1-22etch3) [bugfix/wan-sbni_ioctl-cap-checks.patch]
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.6) [bugfix/wan-sbni_ioctl-cap-checks.patch]
-2.6.26-lenny-security: released (2.6.26-7) [bugfix/wan-sbni_ioctl-cap-checks.patch]
-2.6.15-dapper-security: released (2.6.15-52.73)
-2.6.20-feisty-security: ignored (EOL)
-2.6.22-gutsy-security: released (2.6.22-15.59)
-2.6.24-hardy-security: released (2.6.24-21.43)
-2.6.27-intrepid-security: N/A
Deleted: active/CVE-2008-3526
===================================================================
--- active/CVE-2008-3526 2009-10-19 17:21:08 UTC (rev 1521)
+++ active/CVE-2008-3526 2009-10-19 17:24:38 UTC (rev 1522)
@@ -1,17 +0,0 @@
-Candidate: CVE-2008-3526
-Description:
-References:
- http://permalink.gmane.org/gmane.comp.security.oss.general/861
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.27-rc5) [30c2235]
-linux-2.6: released (2.6.26-4) [bugfix/sctp-auth-key-length-check.patch]
-2.6.18-etch-security: N/A "code not present"
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.5) [bugfix/sctp-auth-key-length-check.patch]
-2.6.26-lenny-security: released (2.6.26-4) [bugfix/sctp-auth-key-length-check.patch]
-2.6.15-dapper-security: N/A
-2.6.20-feisty-security: N/A
-2.6.22-gutsy-security: N/A
-2.6.24-hardy-security: released (2.6.24-21.43)
-2.6.27-intrepid-security: N/A
Deleted: active/CVE-2008-3527
===================================================================
--- active/CVE-2008-3527 2009-10-19 17:21:08 UTC (rev 1521)
+++ active/CVE-2008-3527 2009-10-19 17:24:38 UTC (rev 1522)
@@ -1,18 +0,0 @@
-Candidate: CVE-2008-3527
-Description:
-References:
- http://rhn.redhat.com/errata/RHSA-2008-0957.html
-Ubuntu-Description:
-Notes:
- dannf> Tavis Ormandy is credited w/ reporting this in the RHSA
-Bugs:
-upstream: released (2.6.21)
-linux-2.6: release (2.6.21-1)
-2.6.18-etch-security: released (2.6.18.dfsg.1-23etch1) [bugfix/add-install_special_mapping.patch, bugfix/i386-vdso-use_install_special_mapping.patch, bugfix/x86_64-ia32-vDSO-use-install_special_mapping.patch, features/all/xen/vdso-use_install_special_mapping.patch]
-2.6.24-etch-security: N/A
-2.6.26-lenny-security: N/A
-2.6.15-dapper-security: needed
-2.6.20-feisty-security: ignored (EOL)
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2008-3686
===================================================================
--- active/CVE-2008-3686 2009-10-19 17:21:08 UTC (rev 1521)
+++ active/CVE-2008-3686 2009-10-19 17:24:38 UTC (rev 1522)
@@ -1,17 +0,0 @@
-Candidate: CVE-2008-3686
-Description:
-References:
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5e0115e500fe9dd2ca11e6f92db9123204f1327a
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.26.4), released (2.6.27)
-linux-2.6: released (2.6.26-5) [bugfix/all/stable/2.6.26.4.patch]
-2.6.18-etch-security: N/A
-2.6.24-etch-security: N/A
-2.6.26-lenny-security: released (2.6.26-5) [bugfix/all/stable/2.6.26.4.patch]
-2.6.15-dapper-security: N/A
-2.6.20-feisty-security: N/A
-2.6.22-gutsy-security: N/A
-2.6.24-hardy-security: N/A
-2.6.27-intrepid-security: N/A
Deleted: active/CVE-2008-3832
===================================================================
--- active/CVE-2008-3832 2009-10-19 17:21:08 UTC (rev 1521)
+++ active/CVE-2008-3832 2009-10-19 17:24:38 UTC (rev 1522)
@@ -1,18 +0,0 @@
-Candidate: CVE-2008-3832
-Description:
-References:
- http://kerneloops.org/oops.php?number=56705
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3832
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: N/A
-linux-2.6: N/A
-2.6.18-etch-security: N/A
-2.6.24-etch-security: N/A
-2.6.26-lenny-security: N/A
-2.6.15-dapper-security: N/A
-2.6.20-feisty-security: N/A
-2.6.22-gutsy-security: N/A
-2.6.24-hardy-security: N/A
-2.6.27-intrepid-security: N/A
Deleted: active/CVE-2008-3833
===================================================================
--- active/CVE-2008-3833 2009-10-19 17:21:08 UTC (rev 1521)
+++ active/CVE-2008-3833 2009-10-19 17:24:38 UTC (rev 1522)
@@ -1,18 +0,0 @@
-Candidate: CVE-2008-3833
-Description:
-References:
- 8c34e2d63231d4bf4852bac8521883944d770fe3
- https://bugzilla.redhat.com/show_bug.cgi?id=464450
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.19)
-linux-2.6: released (2.6.19-1)
-2.6.18-etch-security: released (2.6.18.dfsg.1-22etch3) [bugfix/remove-SUID-when-splicing-into-an-inode.patch]
-2.6.24-etch-security: N/A
-2.6.26-lenny-security: N/A
-2.6.15-dapper-security: N/A
-2.6.20-feisty-security: N/A
-2.6.22-gutsy-security: N/A
-2.6.24-hardy-security: N/A
-2.6.27-intrepid-security: N/A
Deleted: active/CVE-2008-3911
===================================================================
--- active/CVE-2008-3911 2009-10-19 17:21:08 UTC (rev 1521)
+++ active/CVE-2008-3911 2009-10-19 17:24:38 UTC (rev 1522)
@@ -1,25 +0,0 @@
-Candidate: CVE-2008-3911
-Description:
- The proc_do_xprt function in net/sunrpc/sysctl.c in the Linux kernel
- 2.6.26.3 does not check the length of a certain buffer obtained from
- userspace, which allows local users to overflow a stack-based buffer
- and have unspecified other impact via a crafted read system call for
- the /proc/sys/sunrpc/transports file.
-References:
- http://lkml.org/lkml/2008/8/30/184
- http://lkml.org/lkml/2008/8/30/140
- http://www.openwall.com/lists/oss-security/2008/09/04/2
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=27df6f25ff218072e0e879a96beeb398a79cdbc8
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.26.4), released (2.6.27)
-linux-2.6: released (2.6.26-5) [bugfix/all/stable/2.6.26.4.patch]
-2.6.18-etch-security: N/A
-2.6.24-etch-security: N/A
-2.6.26-lenny-security: released (2.6.26-5) [bugfix/all/stable/2.6.26.4.patch]
-2.6.15-dapper-security: N/A
-2.6.20-feisty-security: N/A
-2.6.22-gutsy-security: N/A
-2.6.24-hardy-security: N/A
-2.6.27-intrepid-security: N/A
Deleted: active/CVE-2008-4210
===================================================================
--- active/CVE-2008-4210 2009-10-19 17:21:08 UTC (rev 1521)
+++ active/CVE-2008-4210 2009-10-19 17:24:38 UTC (rev 1522)
@@ -1,19 +0,0 @@
-Candidate: CVE-2008-4210
-Description:
-References:
- 7b82dc0e64e93f430182f36b46b79fcee87d3532
- http://bugzilla.kernel.org/show_bug.cgi?id=8420
- https://bugzilla.redhat.com/show_bug.cgi?id=463661
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.22)
-linux-2.6: N/A
-2.6.18-etch-security: released (2.6.18.dfsg.1-22etch3) [bugfix/lockless-helpers-for-remove_suid.patch, bugfix/open-allows-sgid-in-sgid-directory.patch]
-2.6.24-etch-security: N/A
-2.6.26-lenny-security: N/A
-2.6.15-dapper-security: needed
-2.6.20-feisty-security: ignored (EOL)
-2.6.22-gutsy-security: N/A
-2.6.24-hardy-security: N/A
-2.6.27-intrepid-security: N/A
Deleted: active/CVE-2008-4302
===================================================================
--- active/CVE-2008-4302 2009-10-19 17:21:08 UTC (rev 1521)
+++ active/CVE-2008-4302 2009-10-19 17:24:38 UTC (rev 1522)
@@ -1,16 +0,0 @@
-Candidate: CVE-2008-4302
-Description:
-References:
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.23)
-linux-2.6: released (2.6.23-1)
-2.6.18-etch-security: released (2.6.18.dfsg.1-22etch3) [bugfix/splice-fix-bad-unlock_page-in-error-case.patch]
-2.6.24-etch-security: N/A
-2.6.26-lenny-security: N/A
-2.6.15-dapper-security: needed
-2.6.20-feisty-security: ignored (EOL)
-2.6.22-gutsy-security: N/A
-2.6.24-hardy-security: N/A
-2.6.27-intrepid-security: N/A
Deleted: active/CVE-2008-4307
===================================================================
--- active/CVE-2008-4307 2009-10-19 17:21:08 UTC (rev 1521)
+++ active/CVE-2008-4307 2009-10-19 17:24:38 UTC (rev 1522)
@@ -1,17 +0,0 @@
-Candidate: CVE-2008-4307
-Description:
-References:
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-4307
- c4d7c402b788b73dc24f1e54a57f89d3dc5eb7bc
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.26-rc1)
-linux-2.6: released (2.6.26-1)
-2.6.18-etch-security: released (2.6.18.dfsg.1-24etch1) [bugfix/all/nfs-remove-buggy-lock-if-signalled-case.patch]
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/all/nfs-remove-buggy-lock-if-signalled-case.patch]
-2.6.26-lenny-security: released (2.6.26-1)
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Copied: retired/CVE-2008-3525 (from rev 1520, active/CVE-2008-3525)
===================================================================
--- retired/CVE-2008-3525 (rev 0)
+++ retired/CVE-2008-3525 2009-10-19 17:24:38 UTC (rev 1522)
@@ -0,0 +1,17 @@
+Candidate: CVE-2008-3525
+Description:
+References:
+ f2455eb176ac87081bbfc9a44b21c7cd2bc1967e
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.27)
+linux-2.6: released (2.6.26-7) [bugfix/wan-sbni_ioctl-cap-checks.patch]
+2.6.18-etch-security: released (2.6.18.dfsg.1-22etch3) [bugfix/wan-sbni_ioctl-cap-checks.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.6) [bugfix/wan-sbni_ioctl-cap-checks.patch]
+2.6.26-lenny-security: released (2.6.26-7) [bugfix/wan-sbni_ioctl-cap-checks.patch]
+2.6.15-dapper-security: released (2.6.15-52.73)
+2.6.20-feisty-security: ignored (EOL)
+2.6.22-gutsy-security: released (2.6.22-15.59)
+2.6.24-hardy-security: released (2.6.24-21.43)
+2.6.27-intrepid-security: N/A
Copied: retired/CVE-2008-3526 (from rev 1516, active/CVE-2008-3526)
===================================================================
--- retired/CVE-2008-3526 (rev 0)
+++ retired/CVE-2008-3526 2009-10-19 17:24:38 UTC (rev 1522)
@@ -0,0 +1,17 @@
+Candidate: CVE-2008-3526
+Description:
+References:
+ http://permalink.gmane.org/gmane.comp.security.oss.general/861
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.27-rc5) [30c2235]
+linux-2.6: released (2.6.26-4) [bugfix/sctp-auth-key-length-check.patch]
+2.6.18-etch-security: N/A "code not present"
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.5) [bugfix/sctp-auth-key-length-check.patch]
+2.6.26-lenny-security: released (2.6.26-4) [bugfix/sctp-auth-key-length-check.patch]
+2.6.15-dapper-security: N/A
+2.6.20-feisty-security: N/A
+2.6.22-gutsy-security: N/A
+2.6.24-hardy-security: released (2.6.24-21.43)
+2.6.27-intrepid-security: N/A
Copied: retired/CVE-2008-3527 (from rev 1521, active/CVE-2008-3527)
===================================================================
--- retired/CVE-2008-3527 (rev 0)
+++ retired/CVE-2008-3527 2009-10-19 17:24:38 UTC (rev 1522)
@@ -0,0 +1,18 @@
+Candidate: CVE-2008-3527
+Description:
+References:
+ http://rhn.redhat.com/errata/RHSA-2008-0957.html
+Ubuntu-Description:
+Notes:
+ dannf> Tavis Ormandy is credited w/ reporting this in the RHSA
+Bugs:
+upstream: released (2.6.21)
+linux-2.6: release (2.6.21-1)
+2.6.18-etch-security: released (2.6.18.dfsg.1-23etch1) [bugfix/add-install_special_mapping.patch, bugfix/i386-vdso-use_install_special_mapping.patch, bugfix/x86_64-ia32-vDSO-use-install_special_mapping.patch, features/all/xen/vdso-use_install_special_mapping.patch]
+2.6.24-etch-security: N/A
+2.6.26-lenny-security: N/A
+2.6.15-dapper-security: needed
+2.6.20-feisty-security: ignored (EOL)
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2008-3686 (from rev 1516, active/CVE-2008-3686)
===================================================================
--- retired/CVE-2008-3686 (rev 0)
+++ retired/CVE-2008-3686 2009-10-19 17:24:38 UTC (rev 1522)
@@ -0,0 +1,17 @@
+Candidate: CVE-2008-3686
+Description:
+References:
+ http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5e0115e500fe9dd2ca11e6f92db9123204f1327a
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.26.4), released (2.6.27)
+linux-2.6: released (2.6.26-5) [bugfix/all/stable/2.6.26.4.patch]
+2.6.18-etch-security: N/A
+2.6.24-etch-security: N/A
+2.6.26-lenny-security: released (2.6.26-5) [bugfix/all/stable/2.6.26.4.patch]
+2.6.15-dapper-security: N/A
+2.6.20-feisty-security: N/A
+2.6.22-gutsy-security: N/A
+2.6.24-hardy-security: N/A
+2.6.27-intrepid-security: N/A
Copied: retired/CVE-2008-3832 (from rev 1516, active/CVE-2008-3832)
===================================================================
--- retired/CVE-2008-3832 (rev 0)
+++ retired/CVE-2008-3832 2009-10-19 17:24:38 UTC (rev 1522)
@@ -0,0 +1,18 @@
+Candidate: CVE-2008-3832
+Description:
+References:
+ http://kerneloops.org/oops.php?number=56705
+ https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3832
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: N/A
+linux-2.6: N/A
+2.6.18-etch-security: N/A
+2.6.24-etch-security: N/A
+2.6.26-lenny-security: N/A
+2.6.15-dapper-security: N/A
+2.6.20-feisty-security: N/A
+2.6.22-gutsy-security: N/A
+2.6.24-hardy-security: N/A
+2.6.27-intrepid-security: N/A
Copied: retired/CVE-2008-3833 (from rev 1516, active/CVE-2008-3833)
===================================================================
--- retired/CVE-2008-3833 (rev 0)
+++ retired/CVE-2008-3833 2009-10-19 17:24:38 UTC (rev 1522)
@@ -0,0 +1,18 @@
+Candidate: CVE-2008-3833
+Description:
+References:
+ 8c34e2d63231d4bf4852bac8521883944d770fe3
+ https://bugzilla.redhat.com/show_bug.cgi?id=464450
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.19)
+linux-2.6: released (2.6.19-1)
+2.6.18-etch-security: released (2.6.18.dfsg.1-22etch3) [bugfix/remove-SUID-when-splicing-into-an-inode.patch]
+2.6.24-etch-security: N/A
+2.6.26-lenny-security: N/A
+2.6.15-dapper-security: N/A
+2.6.20-feisty-security: N/A
+2.6.22-gutsy-security: N/A
+2.6.24-hardy-security: N/A
+2.6.27-intrepid-security: N/A
Copied: retired/CVE-2008-3911 (from rev 1516, active/CVE-2008-3911)
===================================================================
--- retired/CVE-2008-3911 (rev 0)
+++ retired/CVE-2008-3911 2009-10-19 17:24:38 UTC (rev 1522)
@@ -0,0 +1,25 @@
+Candidate: CVE-2008-3911
+Description:
+ The proc_do_xprt function in net/sunrpc/sysctl.c in the Linux kernel
+ 2.6.26.3 does not check the length of a certain buffer obtained from
+ userspace, which allows local users to overflow a stack-based buffer
+ and have unspecified other impact via a crafted read system call for
+ the /proc/sys/sunrpc/transports file.
+References:
+ http://lkml.org/lkml/2008/8/30/184
+ http://lkml.org/lkml/2008/8/30/140
+ http://www.openwall.com/lists/oss-security/2008/09/04/2
+ http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=27df6f25ff218072e0e879a96beeb398a79cdbc8
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.26.4), released (2.6.27)
+linux-2.6: released (2.6.26-5) [bugfix/all/stable/2.6.26.4.patch]
+2.6.18-etch-security: N/A
+2.6.24-etch-security: N/A
+2.6.26-lenny-security: released (2.6.26-5) [bugfix/all/stable/2.6.26.4.patch]
+2.6.15-dapper-security: N/A
+2.6.20-feisty-security: N/A
+2.6.22-gutsy-security: N/A
+2.6.24-hardy-security: N/A
+2.6.27-intrepid-security: N/A
Copied: retired/CVE-2008-4210 (from rev 1516, active/CVE-2008-4210)
===================================================================
--- retired/CVE-2008-4210 (rev 0)
+++ retired/CVE-2008-4210 2009-10-19 17:24:38 UTC (rev 1522)
@@ -0,0 +1,19 @@
+Candidate: CVE-2008-4210
+Description:
+References:
+ 7b82dc0e64e93f430182f36b46b79fcee87d3532
+ http://bugzilla.kernel.org/show_bug.cgi?id=8420
+ https://bugzilla.redhat.com/show_bug.cgi?id=463661
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.22)
+linux-2.6: N/A
+2.6.18-etch-security: released (2.6.18.dfsg.1-22etch3) [bugfix/lockless-helpers-for-remove_suid.patch, bugfix/open-allows-sgid-in-sgid-directory.patch]
+2.6.24-etch-security: N/A
+2.6.26-lenny-security: N/A
+2.6.15-dapper-security: needed
+2.6.20-feisty-security: ignored (EOL)
+2.6.22-gutsy-security: N/A
+2.6.24-hardy-security: N/A
+2.6.27-intrepid-security: N/A
Copied: retired/CVE-2008-4302 (from rev 1516, active/CVE-2008-4302)
===================================================================
--- retired/CVE-2008-4302 (rev 0)
+++ retired/CVE-2008-4302 2009-10-19 17:24:38 UTC (rev 1522)
@@ -0,0 +1,16 @@
+Candidate: CVE-2008-4302
+Description:
+References:
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.23)
+linux-2.6: released (2.6.23-1)
+2.6.18-etch-security: released (2.6.18.dfsg.1-22etch3) [bugfix/splice-fix-bad-unlock_page-in-error-case.patch]
+2.6.24-etch-security: N/A
+2.6.26-lenny-security: N/A
+2.6.15-dapper-security: needed
+2.6.20-feisty-security: ignored (EOL)
+2.6.22-gutsy-security: N/A
+2.6.24-hardy-security: N/A
+2.6.27-intrepid-security: N/A
Copied: retired/CVE-2008-4307 (from rev 1516, active/CVE-2008-4307)
===================================================================
--- retired/CVE-2008-4307 (rev 0)
+++ retired/CVE-2008-4307 2009-10-19 17:24:38 UTC (rev 1522)
@@ -0,0 +1,17 @@
+Candidate: CVE-2008-4307
+Description:
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-4307
+ c4d7c402b788b73dc24f1e54a57f89d3dc5eb7bc
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.26-rc1)
+linux-2.6: released (2.6.26-1)
+2.6.18-etch-security: released (2.6.18.dfsg.1-24etch1) [bugfix/all/nfs-remove-buggy-lock-if-signalled-case.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/all/nfs-remove-buggy-lock-if-signalled-case.patch]
+2.6.26-lenny-security: released (2.6.26-1)
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
More information about the kernel-sec-discuss
mailing list