[kernel-sec-discuss] r1530 - / active retired
Moritz Muehlenhoff
jmm at alioth.debian.org
Tue Oct 20 21:46:22 UTC 2009
Author: jmm
Date: 2009-10-20 21:46:22 +0000 (Tue, 20 Oct 2009)
New Revision: 1530
Added:
CVE-2009-0834
CVE-2009-1336
retired/CVE-2008-4410
retired/CVE-2008-4554
retired/CVE-2008-4576
retired/CVE-2008-4618
retired/CVE-2008-4933
retired/CVE-2008-4934
retired/CVE-2008-5025
retired/CVE-2008-5029
retired/CVE-2008-5033
retired/CVE-2008-5079
retired/CVE-2008-5182
retired/CVE-2008-5395
retired/CVE-2008-5700
retired/CVE-2008-5701
retired/CVE-2008-5702
retired/CVE-2008-5713
retired/CVE-2008-6107
retired/CVE-2009-0024
retired/CVE-2009-0028
retired/CVE-2009-0029
retired/CVE-2009-0031
retired/CVE-2009-0065
retired/CVE-2009-0269
retired/CVE-2009-0322
retired/CVE-2009-0675
retired/CVE-2009-0676
retired/CVE-2009-0745
retired/CVE-2009-0746
retired/CVE-2009-0747
retired/CVE-2009-0748
retired/CVE-2009-0778
retired/CVE-2009-0787
retired/CVE-2009-0835
retired/CVE-2009-0859
retired/CVE-2009-0935
retired/CVE-2009-1046
retired/CVE-2009-1184
retired/CVE-2009-1192
retired/CVE-2009-1242
retired/CVE-2009-1243
retired/CVE-2009-1265
retired/CVE-2009-1337
Removed:
active/CVE-2008-4410
active/CVE-2008-4554
active/CVE-2008-4576
active/CVE-2008-4618
active/CVE-2008-4933
active/CVE-2008-4934
active/CVE-2008-5025
active/CVE-2008-5029
active/CVE-2008-5033
active/CVE-2008-5079
active/CVE-2008-5182
active/CVE-2008-5395
active/CVE-2008-5700
active/CVE-2008-5701
active/CVE-2008-5702
active/CVE-2008-5713
active/CVE-2008-6107
active/CVE-2009-0024
active/CVE-2009-0028
active/CVE-2009-0029
active/CVE-2009-0031
active/CVE-2009-0065
active/CVE-2009-0269
active/CVE-2009-0322
active/CVE-2009-0675
active/CVE-2009-0676
active/CVE-2009-0745
active/CVE-2009-0746
active/CVE-2009-0747
active/CVE-2009-0748
active/CVE-2009-0778
active/CVE-2009-0787
active/CVE-2009-0834
active/CVE-2009-0835
active/CVE-2009-0859
active/CVE-2009-0935
active/CVE-2009-1046
active/CVE-2009-1184
active/CVE-2009-1192
active/CVE-2009-1242
active/CVE-2009-1243
active/CVE-2009-1265
active/CVE-2009-1336
active/CVE-2009-1337
Log:
retire more issues
Copied: CVE-2009-0834 (from rev 1529, active/CVE-2009-0834)
===================================================================
--- CVE-2009-0834 (rev 0)
+++ CVE-2009-0834 2009-10-20 21:46:22 UTC (rev 1530)
@@ -0,0 +1,26 @@
+Candidate: CVE-2009-0834
+Description:
+ The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier
+ on the x86_64 platform does not properly handle (1) a 32-bit process making
+ a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which
+ allows local users to bypass certain syscall audit configurations via
+ crafted syscalls, a related issue to CVE-2009-0342 and CVE-2009-0343.
+References:
+ http://marc.info/?l=linux-kernel&m=123579056530191&w=2
+ http://marc.info/?l=linux-kernel&m=123579065130246&w=2
+ http://marc.info/?l=oss-security&m=123597642832637&w=2
+ http://scary.beasts.org/security/CESA-2009-001.html
+ http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ccbe495caa5e604b04d5a31d7459a6f6a76a756c
+ https://bugzilla.redhat.com/show_bug.cgi?id=487990
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.27.20, 2.6.28.8, 2.6.29-rc7)
+linux-2.6: released (2.6.29-1)
+2.6.18-etch-security: released (2.6.18.dfsg.1-24etch1) [bugfix/syscall-audit-fix-32+64-syscall-hole.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/syscall-audit-fix-32+64-syscall-hole.patch]
+2.6.26-lenny-security: released (2.6.26-15lenny1) [bugfix/x86/syscall-audit-fix-32+64-syscall-hole.patch]
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: CVE-2009-1336 (from rev 1529, active/CVE-2009-1336)
===================================================================
--- CVE-2009-1336 (rev 0)
+++ CVE-2009-1336 2009-10-20 21:46:22 UTC (rev 1530)
@@ -0,0 +1,17 @@
+Candidate: CVE-2009-1336
+Description:
+References:
+ http://git.kernel.org/linus/54af3bb543c071769141387a42deaaab5074da55
+ https://bugzilla.redhat.com/show_bug.cgi?id=494074
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.23-1)
+linux-2.6: released (2.6.23-rc9)
+2.6.18-etch-security: released (2.6.18.dfsg.1-24etch1) [bugfix/all/nfs-fix-oops-in-encode_lookup.patch]
+2.6.24-etch-security: N/A
+2.6.26-lenny-security: N/A
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Deleted: active/CVE-2008-4410
===================================================================
--- active/CVE-2008-4410 2009-10-19 22:44:54 UTC (rev 1529)
+++ active/CVE-2008-4410 2009-10-20 21:46:22 UTC (rev 1530)
@@ -1,18 +0,0 @@
-Candidate: CVE-2008-4410
-Description:
-References:
- http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git;a=commit;h=de59985e3a623d4d5d6207f1777398ca0606ab1c
- http://www.openwall.com/lists/oss-security/2008/10/03/3
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.27)
-linux-2.6: released (2.6.26-8) [bugfix/x86-fix-broken-LDT-access-in-VMI.patch]
-2.6.18-etch-security: N/A
-2.6.24-etch-security: N/A
-2.6.26-lenny-security: released (2.6.26-8) [bugfix/x86-fix-broken-LDT-access-in-VMI.patch]
-2.6.15-dapper-security: N/A
-2.6.20-feisty-security: N/A
-2.6.22-gutsy-security: N/A
-2.6.24-hardy-security: N/A
-2.6.27-intrepid-security: N/A
Deleted: active/CVE-2008-4554
===================================================================
--- active/CVE-2008-4554 2009-10-19 22:44:54 UTC (rev 1529)
+++ active/CVE-2008-4554 2009-10-20 21:46:22 UTC (rev 1530)
@@ -1,18 +0,0 @@
-Candidate: CVE-2008-4554
-Description:
-References:
- http://www.openwall.com/lists/oss-security/2008/10/13/1
- efc968d450e013049a662d22727cf132618dcb2f
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.27)
-linux-2.6: released (2.6.26-9) [bugfix/all/dont-allow-splice-to-files-opened-with-O_APPEND.patch]
-2.6.18-etch-security: released (2.6.18.dfsg.1-23etch1) [bugfix/dont-allow-splice-to-files-opened-with-O_APPEND.patch]
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.7) [bugfix/all/dont-allow-splice-to-files-opened-with-O_APPEND.patch]
-2.6.26-lenny-security: released (2.6.26-9) [bugfix/all/dont-allow-splice-to-files-opened-with-O_APPEND.patch]
-2.6.15-dapper-security: N/A
-2.6.20-feisty-security: ignored (EOL)
-2.6.22-gutsy-security: needed
-2.6.24-hardy-security: N/A
-2.6.27-intrepid-security: N/A
Deleted: active/CVE-2008-4576
===================================================================
--- active/CVE-2008-4576 2009-10-19 22:44:54 UTC (rev 1529)
+++ active/CVE-2008-4576 2009-10-20 21:46:22 UTC (rev 1530)
@@ -1,18 +0,0 @@
-Candidate: CVE-2008-4576
-Description:
-References:
- http://www.gossamer-threads.com/lists/linux/kernel/981012?page=last
- add52379dde2e5300e2d574b172e62c6cf43b3d3
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.27)
-linux-2.6: released (2.6.26-9) [bugfix/all/stable/2.6.26.6.patch]
-2.6.18-etch-security: released (2.6.18.dfsg.1-23etch1) [bugfix/sctp-fix-oops-when-INIT-ACK-indicates-that-peer-doesnt-support-AUTH.patch]
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.7) [bugfix/sctp-fix-oops-when-INIT-ACK-indicates-that-peer-doesnt-support-AUTH.patch]
-2.6.26-lenny-security: released (2.6.26-9) [bugfix/all/stable/2.6.26.6.patch]
-2.6.15-dapper-security: needed
-2.6.20-feisty-security: ignored (EOL)
-2.6.22-gutsy-security: needed
-2.6.24-hardy-security: needed
-2.6.27-intrepid-security: N/A
Deleted: active/CVE-2008-4618
===================================================================
--- active/CVE-2008-4618 2009-10-19 22:44:54 UTC (rev 1529)
+++ active/CVE-2008-4618 2009-10-20 21:46:22 UTC (rev 1530)
@@ -1,17 +0,0 @@
-Candidate: CVE-2008-4618
-Description:
- ba0166708ef4da7eeb61dd92bbba4d5a749d6561
-References:
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.27)
-linux-2.6: released (2.6.26-10) [bugfix/all/sctp-fix-kernel-panic-while-process-protocol-violation-parameter.patch]
-2.6.18-etch-security: N/A "vulnerable code not present"
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.7) [bugfix/all/sctp-fix-kernel-panic-while-process-protocol-violation-parameter.patch]
-2.6.26-lenny-security: released (2.6.26-10) [bugfix/all/sctp-fix-kernel-panic-while-process-protocol-violation-parameter.patch]
-2.6.15-dapper-security: needed
-2.6.20-feisty-security: ignored (EOL)
-2.6.22-gutsy-security: needed
-2.6.24-hardy-security: needed
-2.6.27-intrepid-security: N/A
Deleted: active/CVE-2008-4933
===================================================================
--- active/CVE-2008-4933 2009-10-19 22:44:54 UTC (rev 1529)
+++ active/CVE-2008-4933 2009-10-20 21:46:22 UTC (rev 1530)
@@ -1,18 +0,0 @@
-Candidate: CVE-2008-4933
-Description:
-References:
- http://www.openwall.com/lists/oss-security/2008/11/03/2
- efc7ffcb4237f8cb9938909041c4ed38f6e1bf40
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.28)
-linux-2.6: released (2.6.26-11) [bugfix/all/hfsplus-fix-Buffer-overflow-with-a-corrupted-image.patch]
-2.6.18-etch-security: released (2.6.18.dfsg.1-23etch1) [bugfix/hfsplus-fix-Buffer-overflow-with-a-corrupted-image.patch]
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.7) [bugfix/hfsplus-fix-Buffer-overflow-with-a-corrupted-image.patch]
-2.6.26-lenny-security: released (2.6.26-11) [bugfix/all/hfsplus-fix-Buffer-overflow-with-a-corrupted-image.patch]
-2.6.15-dapper-security: needed
-2.6.20-feisty-security: ignored (EOL)
-2.6.22-gutsy-security: needed
-2.6.24-hardy-security: needed
-2.6.27-intrepid-security: needed
Deleted: active/CVE-2008-4934
===================================================================
--- active/CVE-2008-4934 2009-10-19 22:44:54 UTC (rev 1529)
+++ active/CVE-2008-4934 2009-10-20 21:46:22 UTC (rev 1530)
@@ -1,18 +0,0 @@
-Candidate: CVE-2008-4934
-Description:
-References:
- http://www.openwall.com/lists/oss-security/2008/11/03/2
- 649f1ee6c705aab644035a7998d7b574193a598a
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.28)
-linux-2.6: released (2.6.26-11) [bugfix/all/hfsplus-check_read_mapping_page-return-value.patch]
-2.6.18-etch-security: released (2.6.18.dfsg.1-23etch1) [bugfix/hfsplus-check_read_mapping_page-return-value.patch]
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.7) [bugfix/hfsplus-check_read_mapping_page-return-value.patch]
-2.6.26-lenny-security: released (2.6.26-11) [bugfix/all/hfsplus-check_read_mapping_page-return-value.patch]
-2.6.15-dapper-security: needed
-2.6.20-feisty-security: ignored (EOL)
-2.6.22-gutsy-security: needed
-2.6.24-hardy-security: needed
-2.6.27-intrepid-security: needed
Deleted: active/CVE-2008-5025
===================================================================
--- active/CVE-2008-5025 2009-10-19 22:44:54 UTC (rev 1529)
+++ active/CVE-2008-5025 2009-10-20 21:46:22 UTC (rev 1530)
@@ -1,18 +0,0 @@
-Candidate: CVE-2008-5025
-Description:
-References:
- http://www.openwall.com/lists/oss-security/2008/11/10/3
- d38b7aa
-Ubuntu-Description:
-Notes:
- jmm> efc7ffcb4237f8cb9938909041c4ed38f6e1bf40
-Bugs:
-upstream: released (2.6.28)
-linux-2.6: released (2.6.26-11) [bugfix/all/hfs-fix-namelength-memory-corruption.patch]
-2.6.18-etch-security: released (2.6.18.dfsg.1-23etch1) [bugfix/hfs-fix-namelength-memory-corruption.patch]
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.7) [bugfix/hfs-fix-namelength-memory-corruption.patch]
-2.6.26-lenny-security: released (2.6.26-11) [bugfix/all/hfs-fix-namelength-memory-corruption.patch]
-2.6.15-dapper-security: needed
-2.6.22-gutsy-security: needed
-2.6.24-hardy-security: needed
-2.6.27-intrepid-security: needed
Deleted: active/CVE-2008-5029
===================================================================
--- active/CVE-2008-5029 2009-10-19 22:44:54 UTC (rev 1529)
+++ active/CVE-2008-5029 2009-10-20 21:46:22 UTC (rev 1530)
@@ -1,24 +0,0 @@
-Candidate: CVE-2008-5029
-Description:
- The __scm_destroy function in net/core/scm.c in the Linux kernel
- 2.6.27.4, 2.6.26, and earlier makes indirect recursive calls to itself
- through calls to the fput function, which allows local users to cause
- a denial of service (panic) via vectors related to sending an
- SCM_RIGHTS message through a UNIX domain socket and closing file
- descriptors.
-References:
- http://marc.info/?l=linux-netdev&m=122593044330973&w=2
- http://www.openwall.com/lists/oss-security/2008/11/06/1
- https://bugzilla.redhat.com/show_bug.cgi?id=470201
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.26.8)
-linux-2.6: released (2.6.26-11) [bugfix/all/stable/2.6.26.8.patch]
-2.6.18-etch-security: released (2.6.18.dfsg.1-23etch1) [bugfix/af_unix-fix-garbage-collector-races.patch, bugfix/af_unix-convert-socks-to-unix_socks.patch, bugfix/net-unix-fix-inflight-counting-bug-in-garbage-collector.patch, bugfix/net-fix-recursive-descent-in-__scm_destroy.patch]
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.7) [bugfix/unix-domain-counting-gc.patch, bugfix/unix-domain-recursive-descent.patch, bugfix/unix-domain-recursive-descent-abi-ignore.patch]
-2.6.26-lenny-security: released (2.6.26-11) [bugfix/all/stable/2.6.26.8.patch]
-2.6.15-dapper-security: needed
-2.6.22-gutsy-security: needed
-2.6.24-hardy-security: needed
-2.6.27-intrepid-security: needed
Deleted: active/CVE-2008-5033
===================================================================
--- active/CVE-2008-5033 2009-10-19 22:44:54 UTC (rev 1529)
+++ active/CVE-2008-5033 2009-10-20 21:46:22 UTC (rev 1530)
@@ -1,17 +0,0 @@
-Candidate: CVE-2008-5033
-Description:
-References:
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-5033
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=01a1a3cc1e3fbe718bd06a2a5d4d1a2d0fb4d7d9
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.28)
-linux-2.6: released (2.6.26-11) [bugfix/all/tvaudio-treble-bass-control-oops.patch]
-2.6.18-etch-security: N/A
-2.6.24-etch-security: N/A
-2.6.26-lenny-security: released (2.6.26-11) [bugfix/all/tvaudio-treble-bass-control-oops.patch]
-2.6.15-dapper-security:
-2.6.20-feisty-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
Deleted: active/CVE-2008-5079
===================================================================
--- active/CVE-2008-5079 2009-10-19 22:44:54 UTC (rev 1529)
+++ active/CVE-2008-5079 2009-10-20 21:46:22 UTC (rev 1530)
@@ -1,18 +0,0 @@
-Candidate: CVE-2008-5079
-Description:
-References:
- http://marc.info/?l=linux-netdev&m=122841256115780&w=2
- http://marc.info/?l=linux-netdev&m=122843162615569&w=2
-Ubuntu-Description:
-Notes:
- jmm> 17b24b3c97498935a2ef9777370b1151dfed3f6f
-Bugs:
-upstream: released (2.6.28)
-linux-2.6: released (2.6.26-12) [bugfix/all/atm-duplicate-listen-on-socket-corrupts-the-vcc-table.patch]
-2.6.18-etch-security: released (2.6.18.dfsg.1-23etch1) [bugfix/atm-duplicate-listen-on-socket-corrupts-the-vcc-table.patch]
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.8) [bugfix/all/atm-duplicate-listen-on-socket-corrupts-the-vcc-table.patch]
-2.6.26-lenny-security: released (2.6.26-12) [bugfix/all/atm-duplicate-listen-on-socket-corrupts-the-vcc-table.patch]
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2008-5182
===================================================================
--- active/CVE-2008-5182 2009-10-19 22:44:54 UTC (rev 1529)
+++ active/CVE-2008-5182 2009-10-20 21:46:22 UTC (rev 1530)
@@ -1,15 +0,0 @@
-Candidate: CVE-2008-5182
-Description:
-References:
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.28-rc5)
-linux-2.6: released (2.6.26-12) [bugfix/all/inotify-watch-removal-umount-races.patch]
-2.6.18-etch-security: released (2.6.18.dfsg.1-23etch1) [bugfix/inotify-watch-removal-umount-races.patch]
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.7) [bugfix/all/inotify-watch-removal-umount-races.patch]
-2.6.26-lenny-security: released (2.6.26-12) [bugfix/all/inotify-watch-removal-umount-races.patch]
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2008-5395
===================================================================
--- active/CVE-2008-5395 2009-10-19 22:44:54 UTC (rev 1529)
+++ active/CVE-2008-5395 2009-10-20 21:46:22 UTC (rev 1530)
@@ -1,19 +0,0 @@
-Candidate: CVE-2008-5395
-Description:
- The parisc_show_stack function in arch/parisc/kernel/traps.c in the Linux
- kernel before 2.6.28-rc7 on PA-RISC allows local users to cause a denial of
- service (system crash) via vectors associated with an attempt to unwind a
- stack that contains userspace addresses.
-References:
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.28)
-linux-2.6: released (2.6.26-13) [bugfix/parisc/userspace-unwind-crash.patch]
-2.6.18-etch-security: released (2.6.18.dfsg.1-24etch1) [bugfix/hppa/userspace-unwind-crash.patch]
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/hppa/userspace-unwind-crash.patch]
-2.6.26-lenny-security: released (2.6.26-13) [bugfix/parisc/userspace-unwind-crash.patch]
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2008-5700
===================================================================
--- active/CVE-2008-5700 2009-10-19 22:44:54 UTC (rev 1529)
+++ active/CVE-2008-5700 2009-10-20 21:46:22 UTC (rev 1530)
@@ -1,21 +0,0 @@
-Candidate: CVE-2008-5700
-Description:
- libata in the Linux kernel before 2.6.27.9 does not set minimum
- timeouts for SG_IO requests, which allows local usersto cause a
- deniale (Programmed I/O mode on drives) via multiple simultaneous
- invocations of an unspecified test program.
-References:
- http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=f2f1fa78a155524b849edf359e42a3001ea652c0
- https://bugzilla.redhat.com/show_bug.cgi?id=474495
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.27.9)
-linux-2.6: released (2.6.26-13) [bugfix/enforce-minimum-SG_IO-timeout.patch]
-2.6.18-etch-security: N/A "code not present"
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/all/enforce-minimum-SG_IO-timeout.patch]
-2.6.26-lenny-security: released (2.6.26-13) [bugfix/enforce-minimum-SG_IO-timeout.patch]
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2008-5701
===================================================================
--- active/CVE-2008-5701 2009-10-19 22:44:54 UTC (rev 1529)
+++ active/CVE-2008-5701 2009-10-20 21:46:22 UTC (rev 1530)
@@ -1,22 +0,0 @@
-Candidate: CVE-2008-5701
-Description:
- Array index error in arch/mips/kernel/scall64-o32.S in the Linux kernel
- before 2.6.28-rc8 on 64-bit MIPS platforms allows local users to cause a
- denial of service (system crash) via an o32 syscall with a small syscall
- number, which leads to an attempted read operation outside the bounds of
- the syscall table.
-References:
- http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=e807f9574e37a3f202e677feaaad1b7c5d2c0db8
- http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.28-rc8
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.28)
-linux-2.6: released (2.6.26-13) [bugfix/mips/fix-potential-dos.patch]
-2.6.18-etch-security: released (2.6.18.dfsg.1-24etch1) [bugfix/mips/fix-potential-dos.patch]
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/mips/fix-potential-dos.patch]
-2.6.26-lenny-security: released (2.6.26-13) [bugfix/mips/fix-potential-dos.patch]
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2008-5702
===================================================================
--- active/CVE-2008-5702 2009-10-19 22:44:54 UTC (rev 1529)
+++ active/CVE-2008-5702 2009-10-20 21:46:22 UTC (rev 1530)
@@ -1,27 +0,0 @@
-Candidate: CVE-2008-5702
-Description:
- Buffer underflow in the ibwdt_ioctl function in
- drivers/watchdog/ib700wdt.c in the Linux kernel before 2.6.28-rc1
- might allow local users to have an unknown impact via a certain
- /dev/watchdog WDIOC_SETTIMEOUT IOCTL call.
-References:
- http://lkml.org/lkml/2008/10/5/173
- http://openwall.com/lists/oss-security/2008/12/10/2
- http://openwall.com/lists/oss-security/2008/12/17/6
- http://openwall.com/lists/oss-security/2008/12/17/9
- http://openwall.com/lists/oss-security/2008/12/17/20
- http://bugzilla.kernel.org/show_bug.cgi?id=11399
- http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=7c2500f17d65092d93345f3996cf82ebca17e9ff
-Ubuntu-Description:
-Notes:
- dannf> Not an issue for Debian by default due to /dev/watchdog perms
-Bugs:
-upstream: released (2.6.27.9, 2.6.28-rc1) [7c2500f17d65092d93345f3996cf82ebca17e9ff]
-linux-2.6: released (2.6.26-13) [bugfix/all/watchdog-ib700wdt-buffer_underflow.patch]
-2.6.18-etch-security: released (2.6.18.dfsg.1-24etch1) [bugfix/all/watchdog-ib700wdt-buffer_underflow.patch]
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/all/watchdog-ib700wdt-buffer_underflow.patch]
-2.6.26-lenny-security: released (2.6.26-13) [bugfix/all/watchdog-ib700wdt-buffer_underflow.patch]
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2008-5713
===================================================================
--- active/CVE-2008-5713 2009-10-19 22:44:54 UTC (rev 1529)
+++ active/CVE-2008-5713 2009-10-20 21:46:22 UTC (rev 1530)
@@ -1,25 +0,0 @@
-Candidate: CVE-2008-5713
-Description:
- The __qdisc_run function in net/sched/sch_generic.c in the Linux
- kernel before 2.6.25 on SMP machines allows local users to cause a
- denial of service (soft lockup) by sending a large amount of network
- traffic, as demonstrated by multiple simultaneous invocations of the
- Netperf benchmark application in UDP_STREAM mode.
-References:
- http://openwall.com/lists/oss-security/2008/12/23/1
- http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=2ba2506ca7ca62c56edaa334b0fe61eb5eab6ab0
- https://bugzilla.redhat.com/show_bug.cgi?id=477744
- https://bugzilla.redhat.com/attachment.cgi?id=327745
- http://www.securityfocus.com/bid/32985
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.24.5, 2.6.25-rc9) [2ba2506ca7ca62c56edaa334b0fe61eb5eab6ab0]
-linux-2.6: released (2.6.25-1)
-2.6.18-etch-security: released (2.6.18.dfsg.1-24etch1) [bugfix/all/net-add-preempt-point-in-qdisc_run.patch]
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.1) [bugfix/all/stable/2.6.24.5.patch]
-2.6.26-lenny-security: N/A
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2008-6107
===================================================================
--- active/CVE-2008-6107 2009-10-19 22:44:54 UTC (rev 1529)
+++ active/CVE-2008-6107 2009-10-20 21:46:22 UTC (rev 1530)
@@ -1,25 +0,0 @@
-Candidate: CVE-2008-6107
-Description:
- The (1) sys32_mremap function in arch/sparc64/kernel/sys_sparc32.c, the
- (2) sparc_mmap_check function in arch/sparc/kernel/sys_sparc.c, and the
- (3) sparc64_mmap_check function in arch/sparc64/kernel/sys_sparc.c, in
- the Linux kernel before 2.6.25.4, omit some virtual-address range (aka
- span) checks when the mremap MREMAP_FIXED bit is not set, which allows
- local users to cause a denial of service (panic) via unspecified mremap
- calls, a related issue to CVE-2008-2137.
-References:
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.4
- http://marc.info/?l=linux-kernel&m=121071103304610&w=2
- 94d149c34cda933ff5096aca94bb23bf68602f4e
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.25.4, 2.6.26)
-linux-2.6: released (2.6.25-4)
-2.6.18-etch-security: released (2.6.18.dfsg.1-18etch5) [bugfix/sparc-fix-mremap-addr-range-validation.patch]
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.3) [bugfix/sparc-fix-mremap-addr-range-validation.patch]
-2.6.26-lenny-security: N/A
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-0024
===================================================================
--- active/CVE-2009-0024 2009-10-19 22:44:54 UTC (rev 1529)
+++ active/CVE-2009-0024 2009-10-20 21:46:22 UTC (rev 1530)
@@ -1,16 +0,0 @@
-Candidate: CVE-2009-0024
-Description:
-References:
-Ubuntu-Description:
-Notes:
- Introduced in 2.6.23
-Bugs:
-upstream: released (2.6.24.1)
-linux-2.6: released (2.6.24-4)
-2.6.18-etch-security: N/A
-2.6.24-etch-security: N/A
-2.6.26-lenny-security: released (2.6.24-4)
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-0028
===================================================================
--- active/CVE-2009-0028 2009-10-19 22:44:54 UTC (rev 1529)
+++ active/CVE-2009-0028 2009-10-20 21:46:22 UTC (rev 1530)
@@ -1,24 +0,0 @@
-Candidate: CVE-2009-0028
-Description:
- The clone system call in the Linux kernel 2.6.28 and earlier allows local
- users to send arbitrary signals to a parent process from an unprivileged
- child process by launching an additional child process with the CLONE_PARENT
- flag, and then letting this new process exit.
-References:
- http://scary.beasts.org/security/CESA-2009-002.html
- http://scarybeastsecurity.blogspot.com/2009/02/linux-kernel-minor-signal-vulnerability.html
- https://bugzilla.redhat.com/show_bug.cgi?id=479932
- http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00003.html
- 2d5516cbb9d
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.29-rc8)
-linux-2.6: released (2.6.29-1)
-2.6.18-etch-security: released (2.6.18.dfsg.1-24etch1) [bugfix/all/copy_process-fix-CLONE_PARENT-and-parent_exec_id-interaction.patch]
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/all/copy_process-fix-CLONE_PARENT-and-parent_exec_id-interaction.patch]
-2.6.26-lenny-security: released (2.6.26-15lenny1) [bugfix/all/copy_process-fix-CLONE_PARENT-and-parent_exec_id-interaction.patch]
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-0029
===================================================================
--- active/CVE-2009-0029 2009-10-19 22:44:54 UTC (rev 1529)
+++ active/CVE-2009-0029 2009-10-20 21:46:22 UTC (rev 1530)
@@ -1,15 +0,0 @@
-Candidate: CVE-2009-0029
-Description:
-References:
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.29) "needs regression fix d6c178e9694e7e0c7ffe0289cf4389a498cac735, which came after 2.6.29"
-linux-2.6: released (2.6.29-1) "d6c178e9694e7e0c7ffe0289cf4389a498cac735 is queued for 2.6.29-2"
-2.6.18-etch-security: released (2.6.18.dfsg.1-24etch1) [bugfix/all/CVE-2009-0029/0001-Move-compat-system-call-declarations.patch, bugfix/all/CVE-2009-0029/0002-Convert-all-system-calls-to-return-a.patch, bugfix/all/CVE-2009-0029/0003-Rename-old_readdir-to-sys_old_readdi.patch, bugfix/all/CVE-2009-0029/0004pre1-ia64-kill-sys32_pipe.patch, bugfix/all/CVE-2009-0029/0004pre2-unify-sys_pipe.patch, bugfix/all/CVE-2009-0029/0004pre3-kill-redundant-sys_pipe-protos.patch, bugfix/all/CVE-2009-0029/0004-Remove-__attribute__-weak-from-sy.patch, bugfix/all/CVE-2009-0029/0005-Make-sys_pselect7-static.patch, bugfix/all/CVE-2009-0029/0006-Make-sys_syslog-a-conditional-system.patch, bugfix/all/CVE-2009-0029/0007pre1-create-arch-kconfig.patch, bugfix/all/CVE-2009-0029/0007-System-call-wrapper-infrastructure.patch, bugfix/all/CVE-2009-0029/0008-powerpc-Enable-syscall-wrappers-for.patch, bugfix/all/CVE-2009-0029/0009-s390-enable-system-call-wrappers.patch, bugfix/all/CVE-2009-0029/0010-System-call-wrapper-special-cases.patch, bugfix/all/CVE-2009-0029/0011-System-call-wrappers-part-01.patch, bugfix/all/CVE-2009-0029/0012-System-call-wrappers-part-02.patch, bugfix/all/CVE-2009-0029/0013-System-call-wrappers-part-03.patch, bugfix/all/CVE-2009-0029/0014-System-call-wrappers-part-04.patch, bugfix/all/CVE-2009-0029/0015-System-call-wrappers-part-05.patch, bugfix/all/CVE-2009-0029/0016-System-call-wrappers-part-06.patch, bugfix/all/CVE-2009-0029/0017-System-call-wrappers-part-07.patch, bugfix/all/CVE-2009-0029/0018-System-call-wrappers-part-08.patch, bugfix/all/CVE-2009-0029/0019-System-call-wrappers-part-09.patch, bugfix/all/CVE-2009-0029/0020-System-call-wrappers-part-10.patch, bugfix/all/CVE-2009-0029/0021-System-call-wrappers-part-11.patch, bugfix/all/CVE-2009-0029/0022-System-call-wrappers-part-12.patch, bugfix/all/CVE-2009-0029/0023-System-call-wrappers-part-13.patch, bugfix/all/CVE-2009-0029/0024-System-call-wrappers-part-14.patch, bugfix/all/CVE-2009-0029/0025-System-call-wrappers-part-15.patch, bugfix/all/CVE-2009-0029/0026-System-call-wrappers-part-16.patch, bugfix/all/CVE-2009-0029/0027-System-call-wrappers-part-17.patch, bugfix/all/CVE-2009-0029/0028-System-call-wrappers-part-18.patch, bugfix/all/CVE-2009-0029/0029-System-call-wrappers-part-19.patch, bugfix/all/CVE-2009-0029/0030-System-call-wrappers-part-20.patch, bugfix/all/CVE-2009-0029/0031-System-call-wrappers-part-21.patch, bugfix/all/CVE-2009-0029/0032-System-call-wrappers-part-22.patch, bugfix/all/CVE-2009-0029/0033-System-call-wrappers-part-23.patch, bugfix/all/CVE-2009-0029/0034-System-call-wrappers-part-24.patch, bugfix/all/CVE-2009-0029/0035-System-call-wrappers-part-25.patch, bugfix/all/CVE-2009-0029/0036-System-call-wrappers-part-26.patch, bugfix/all/CVE-2009-0029/0037pre1-missing-include.patch, bugfix/all/CVE-2009-0029/0037-System-call-wrappers-part-27.patch, bugfix/all/CVE-2009-0029/0038pre1-missing-include.patch, bugfix/all/CVE-2009-0029/0038pre2-missing-include.patch, bugfix/all/CVE-2009-0029/0038-System-call-wrappers-part-28.patch, bugfix/all/CVE-2009-0029/0039-System-call-wrappers-part-29.patch, bugfix/all/CVE-2009-0029/0040-System-call-wrappers-part-30.patch, bugfix/all/CVE-2009-0029/0041-System-call-wrappers-part-31.patch, bugfix/all/CVE-2009-0029/0042-System-call-wrappers-part-32.patch, bugfix/all/CVE-2009-0029/0043pre1-missing-include.patch, bugfix/all/CVE-2009-0029/0043-System-call-wrappers-part-33.patch, bugfix/all/CVE-2009-0029/0044pre1-system-call-cleanup.patch, bugfix/all/CVE-2009-0029/0044-s390-specific-system-call-wrappers.patch, bugfix/all/CVE-2009-0029/0091-avoid-abi-change.patch, bugfix/all/CVE-2009-0029/mips-rename-sys_pipe.patch, bugfix/all/CVE-2009-0029/mips-enable-syscall-wrappers.patch, bugfix/all/CVE-2009-0029/mips-enable-syscall-wrappers-no-abi-change.patch, bugfix/all/CVE-2009-0029/alpha-use-syscall-wrappers.patch, bugfix/all/CVE-2009-0029/compat-zero-upper-32bits-of-offset_high-and-offset_low.patch, bugfix/all/CVE-2009-0029/fix-uml-compile.patch, bugfix/all/CVE-2009-0029/sparc64-use-syscall-wrappers.patch, bugfix/all/CVE-2009-0029/sparc64-wrap-arch-specific-syscalls.patch, bugfix/all/CVE-2009-0029/drop-sys_write-sys_lseek-exports.patch, bugfix/all/CVE-2009-0029/mips-rename-sys_pipe-2.patch]
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/all/CVE-2009-0029/0001-Move-compat-system-call-declarations.patch, bugfix/all/CVE-2009-0029/0002-Convert-all-system-calls-to-return-a.patch, bugfix/all/CVE-2009-0029/0003-Rename-old_readdir-to-sys_old_readdi.patch, bugfix/all/CVE-2009-0029/0004pre1-ia64-kill-sys32_pipe.patch, bugfix/all/CVE-2009-0029/0004pre2-unify-sys_pipe.patch, bugfix/all/CVE-2009-0029/0004-Remove-__attribute__-weak-from-sy.patch, bugfix/all/CVE-2009-0029/0005-Make-sys_pselect7-static.patch, bugfix/all/CVE-2009-0029/0006-Make-sys_syslog-a-conditional-system.patch, bugfix/all/CVE-2009-0029/0007pre1-create-arch-kconfig.patch, bugfix/all/CVE-2009-0029/0007-System-call-wrapper-infrastructure.patch, bugfix/all/CVE-2009-0029/0008-powerpc-Enable-syscall-wrappers-for.patch, bugfix/all/CVE-2009-0029/0009-s390-enable-system-call-wrappers.patch, bugfix/all/CVE-2009-0029/0010-System-call-wrapper-special-cases.patch, bugfix/all/CVE-2009-0029/0011-System-call-wrappers-part-01.patch, bugfix/all/CVE-2009-0029/0012-System-call-wrappers-part-02.patch, bugfix/all/CVE-2009-0029/0013-System-call-wrappers-part-03.patch, bugfix/all/CVE-2009-0029/0014-System-call-wrappers-part-04.patch, bugfix/all/CVE-2009-0029/0015-System-call-wrappers-part-05.patch, bugfix/all/CVE-2009-0029/0016-System-call-wrappers-part-06.patch, bugfix/all/CVE-2009-0029/0017-System-call-wrappers-part-07.patch, bugfix/all/CVE-2009-0029/0018-System-call-wrappers-part-08.patch, bugfix/all/CVE-2009-0029/0019pre1-missing-include.patch, bugfix/all/CVE-2009-0029/0019-System-call-wrappers-part-09.patch, bugfix/all/CVE-2009-0029/0020-System-call-wrappers-part-10.patch, bugfix/all/CVE-2009-0029/0021-System-call-wrappers-part-11.patch, bugfix/all/CVE-2009-0029/0022-System-call-wrappers-part-12.patch, bugfix/all/CVE-2009-0029/0023-System-call-wrappers-part-13.patch, bugfix/all/CVE-2009-0029/0024-System-call-wrappers-part-14.patch, bugfix/all/CVE-2009-0029/0025-System-call-wrappers-part-15.patch, bugfix/all/CVE-2009-0029/0026-System-call-wrappers-part-16.patch, bugfix/all/CVE-2009-0029/0027-System-call-wrappers-part-17.patch, bugfix/all/CVE-2009-0029/0028-System-call-wrappers-part-18.patch, bugfix/all/CVE-2009-0029/0029-System-call-wrappers-part-19.patch, bugfix/all/CVE-2009-0029/0030-System-call-wrappers-part-20.patch, bugfix/all/CVE-2009-0029/0031-System-call-wrappers-part-21.patch, bugfix/all/CVE-2009-0029/0032-System-call-wrappers-part-22.patch, bugfix/all/CVE-2009-0029/0033-System-call-wrappers-part-23.patch, bugfix/all/CVE-2009-0029/0034-System-call-wrappers-part-24.patch, bugfix/all/CVE-2009-0029/0035-System-call-wrappers-part-25.patch, bugfix/all/CVE-2009-0029/0036-System-call-wrappers-part-26.patch, bugfix/all/CVE-2009-0029/0037pre1-missing-include.patch, bugfix/all/CVE-2009-0029/0037-System-call-wrappers-part-27.patch, bugfix/all/CVE-2009-0029/0038pre1-missing-include.patch, bugfix/all/CVE-2009-0029/0038-System-call-wrappers-part-28.patch, bugfix/all/CVE-2009-0029/0039-System-call-wrappers-part-29.patch, bugfix/all/CVE-2009-0029/0040-System-call-wrappers-part-30.patch, bugfix/all/CVE-2009-0029/0041pre1-missing-include.patch, bugfix/all/CVE-2009-0029/0041-System-call-wrappers-part-31.patch, bugfix/all/CVE-2009-0029/0042pre1-missing-include.patch, bugfix/all/CVE-2009-0029/0042-System-call-wrappers-part-32.patch, bugfix/all/CVE-2009-0029/0043pre1-missing-include.patch, bugfix/all/CVE-2009-0029/0043-System-call-wrappers-part-33.patch, bugfix/all/CVE-2009-0029/0044-s390-specific-system-call-wrappers.patch, bugfix/all/CVE-2009-0029/mips-rename-sys_pipe.patch, bugfix/all/CVE-2009-0029/alpha-use-syscall-wrappers.patch, bugfix/all/CVE-2009-0029/sparc64-use-syscall-wrappers.patch, bugfix/all/CVE-2009-0029/mips-enable-syscall-wrappers.patch, bugfix/all/CVE-2009-0029/mips-enable-syscall-wrappers-no-abi-change.patch, bugfix/all/CVE-2009-0029/sparc64-wrap-arch-specific-syscalls.patch, bugfix/all/CVE-2009-0029/fix-uml-compile.patch, bugfix/all/CVE-2009-0029/compat-zero-upper-32bits-of-offset_high-and-offset_low.patch]
-2.6.26-lenny-security: released (2.6.26-13lenny2) [bugfix/all/CVE-2009-0029/0001-Move-compat-system-call-declarations.patch, bugfix/all/CVE-2009-0029/0002-Convert-all-system-calls-to-return-a.patch, bugfix/all/CVE-2009-0029/0003-Rename-old_readdir-to-sys_old_readdi.patch, bugfix/all/CVE-2009-0029/0004pre1-ia64-kill-sys32_pipe.patch, bugfix/all/CVE-2009-0029/0004-Remove-__attribute__-weak-from-sy.patch, bugfix/all/CVE-2009-0029/0005-Make-sys_pselect7-static.patch, bugfix/all/CVE-2009-0029/0006-Make-sys_syslog-a-conditional-system.patch, bugfix/all/CVE-2009-0029/0007-System-call-wrapper-infrastructure.patch, bugfix/all/CVE-2009-0029/0008-powerpc-Enable-syscall-wrappers-for.patch, bugfix/all/CVE-2009-0029/0009-s390-enable-system-call-wrappers.patch, bugfix/all/CVE-2009-0029/0010-System-call-wrapper-special-cases.patch, bugfix/all/CVE-2009-0029/0011-System-call-wrappers-part-01.patch, bugfix/all/CVE-2009-0029/0012-System-call-wrappers-part-02.patch, bugfix/all/CVE-2009-0029/0013-System-call-wrappers-part-03.patch, bugfix/all/CVE-2009-0029/0014-System-call-wrappers-part-04.patch, bugfix/all/CVE-2009-0029/0015-System-call-wrappers-part-05.patch, bugfix/all/CVE-2009-0029/0016-System-call-wrappers-part-06.patch, bugfix/all/CVE-2009-0029/0017-System-call-wrappers-part-07.patch, bugfix/all/CVE-2009-0029/0018-System-call-wrappers-part-08.patch, bugfix/all/CVE-2009-0029/0019-System-call-wrappers-part-09.patch, bugfix/all/CVE-2009-0029/0020-System-call-wrappers-part-10.patch, bugfix/all/CVE-2009-0029/0021-System-call-wrappers-part-11.patch, bugfix/all/CVE-2009-0029/0022-System-call-wrappers-part-12.patch, bugfix/all/CVE-2009-0029/0023-System-call-wrappers-part-13.patch, bugfix/all/CVE-2009-0029/0024-System-call-wrappers-part-14.patch, bugfix/all/CVE-2009-0029/0025-System-call-wrappers-part-15.patch, bugfix/all/CVE-2009-0029/0026-System-call-wrappers-part-16.patch, bugfix/all/CVE-2009-0029/0027-System-call-wrappers-part-17.patch, bugfix/all/CVE-2009-0029/0028-System-call-wrappers-part-18.patch, bugfix/all/CVE-2009-0029/0029-System-call-wrappers-part-19.patch, bugfix/all/CVE-2009-0029/0030-System-call-wrappers-part-20.patch, bugfix/all/CVE-2009-0029/0031-System-call-wrappers-part-21.patch, bugfix/all/CVE-2009-0029/0032-System-call-wrappers-part-22.patch, bugfix/all/CVE-2009-0029/0033-System-call-wrappers-part-23.patch, bugfix/all/CVE-2009-0029/0034-System-call-wrappers-part-24.patch, bugfix/all/CVE-2009-0029/0035-System-call-wrappers-part-25.patch, bugfix/all/CVE-2009-0029/0036-System-call-wrappers-part-26.patch, bugfix/all/CVE-2009-0029/0037-System-call-wrappers-part-27.patch, bugfix/all/CVE-2009-0029/0038pre1-missing-include.patch, bugfix/all/CVE-2009-0029/0038-System-call-wrappers-part-28.patch, bugfix/all/CVE-2009-0029/0039-System-call-wrappers-part-29.patch, bugfix/all/CVE-2009-0029/0040-System-call-wrappers-part-30.patch, bugfix/all/CVE-2009-0029/0041-System-call-wrappers-part-31.patch, bugfix/all/CVE-2009-0029/0042-System-call-wrappers-part-32.patch, bugfix/all/CVE-2009-0029/0043-System-call-wrappers-part-33.patch, bugfix/all/CVE-2009-0029/0044-s390-specific-system-call-wrappers.patch, bugfix/all/CVE-2009-0029/mips-rename-sys_pipe.patch, bugfix/all/CVE-2009-0029/mips-enable-syscall-wrappers.patch, bugfix/all/CVE-2009-0029/sparc64-use-syscall-wrappers.patch, bugfix/all/CVE-2009-0029/sparc64-wrap-arch-specific-syscalls.patch, bugfix/all/CVE-2009-0029/alpha-use-syscall-wrappers.patch, bugfix/all/CVE-2009-0029/mips-enable-syscall-wrappers-no-abi-change.patch, bugfix/all/CVE-2009-0029/fix-uml-compile.patch bugfix/mips/fix-llseek-sign-extend-issue.patch]
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-0031
===================================================================
--- active/CVE-2009-0031 2009-10-19 22:44:54 UTC (rev 1529)
+++ active/CVE-2009-0031 2009-10-20 21:46:22 UTC (rev 1530)
@@ -1,16 +0,0 @@
-Candidate: CVE-2009-0031
-Description:
-References:
- 0d54ee1c7850a954026deec4cd4885f331da35cc
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.29-rc3)
-linux-2.6: released (2.6.29-1)
-2.6.18-etch-security: released (2.6.18.dfsg.1-24etch1) [bugfix/all/security-keyctl-missing-kfree.patch]
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/all/security-keyctl-missing-kfree.patch]
-2.6.26-lenny-security: released (2.6.26-13lenny1) [bugfix/all/security-keyctl-missing-kfree.patch]
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-0065
===================================================================
--- active/CVE-2009-0065 2009-10-19 22:44:54 UTC (rev 1529)
+++ active/CVE-2009-0065 2009-10-20 21:46:22 UTC (rev 1530)
@@ -1,18 +0,0 @@
-Candidate: CVE-2009-0065
-Description:
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9fcb95a105758b81ef0131cd18e2db5149f13e95
- http://patchwork.ozlabs.org/patch/15024/
- https://bugzilla.redhat.com/show_bug.cgi?id=478800
-References:
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.29-rc1)
-linux-2.6: released (2.6.29-1)
-2.6.18-etch-security: released (2.6.18.dfsg.1-24etch1) [bugfix/all/sctp-avoid-memory-overflow.patch]
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/all/sctp-avoid-memory-overflow.patch]
-2.6.26-lenny-security: released (2.6.26-13lenny1) [bugfix/all/sctp-avoid-memory-overflow.patch]
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-0269
===================================================================
--- active/CVE-2009-0269 2009-10-19 22:44:54 UTC (rev 1529)
+++ active/CVE-2009-0269 2009-10-20 21:46:22 UTC (rev 1530)
@@ -1,17 +0,0 @@
-Candidate: CVE-2009-0269
-Description:
-References:
- http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=a17d5232de7b53d34229de79ec22f4bb04adb7e4
-Ubuntu-Description:
-Notes:
- encryptfs was merged in 2.6.19
-Bugs:
-upstream: released (2.6.29-rc1)
-linux-2.6: released (2.6.29-1)
-2.6.18-etch-security: N/A
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/all/ecryptfs-check-readlink-result-before-use.patch]
-2.6.26-lenny-security: released (2.6.26-13lenny1) [bugfix/all/ecryptfs-check-readlink-result-before-use.patch]
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-0322
===================================================================
--- active/CVE-2009-0322 2009-10-19 22:44:54 UTC (rev 1529)
+++ active/CVE-2009-0322 2009-10-20 21:46:22 UTC (rev 1530)
@@ -1,16 +0,0 @@
-Candidate: CVE-2009-0322
-Description:
-References:
-Ubuntu-Description:
-Notes:
- 81156928f8fe31621e467490b9d441c0285998c3
-Bugs:
-upstream: released (2.6.27.13, 2.6.28.2, 2.6.29-rc3)
-linux-2.6: released (2.6.29-1)
-2.6.18-etch-security: released (2.6.18.dfsg.1-24etch1) [bugfix/all/dell_rbu-use-scnprintf-instead-of-sprintf.patch]
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/all/dell_rbu-use-scnprintf-instead-of-sprintf.patch]
-2.6.26-lenny-security: released (2.6.26-13lenny1) [bugfix/x86/dell_rbu-use-scnprintf-instead-of-sprintf.patch]
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-0675
===================================================================
--- active/CVE-2009-0675 2009-10-19 22:44:54 UTC (rev 1529)
+++ active/CVE-2009-0675 2009-10-20 21:46:22 UTC (rev 1530)
@@ -1,29 +0,0 @@
-Candidate: CVE-2009-0675
-Description:
- The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux
- kernel before 2.6.28.6 permits SKFP_CLR_STATS requests only when
- the CAP_NET_ADMIN capability is absent, instead of when this
- capability is present, which allows local users to reset the
- driver statistics, related to an "inverted logic" issue.
-References:
- URL:http://lists.openwall.net/netdev/2009/01/28/90
- MLIST:[oss-security] 20090220 CVE request: kernel: skfp_ioctl inverted logic flaw
- URL:http://openwall.com/lists/oss-security/2009/02/20/2
- CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c25b9abbc2c2c0da88e180c3933d6e773245815a
- CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.6
- CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=486534
- SECUNIA:33938
- URL:http://secunia.com/advisories/33938
-Ubuntu-Description:
-Notes:
- jmm> Well, that's not exactly earth-shattering...
-Bugs:
-upstream: released (2.6.28.6, 2.6.29-rc4)
-linux-2.6: released (2.6.29-1)
-2.6.18-etch-security: released (2.6.18.dfsg.1-24etch1) [bugfix/all/skfp-fix-inverted-cap-logic.patch]
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/all/skfp-fix-inverted-cap-logic.patch]
-2.6.26-lenny-security: released (2.6.26-13lenny2) [bugfix/all/skfp-fix-inverted-cap-logic.patch]
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-0676
===================================================================
--- active/CVE-2009-0676 2009-10-19 22:44:54 UTC (rev 1529)
+++ active/CVE-2009-0676 2009-10-20 21:46:22 UTC (rev 1530)
@@ -1,27 +0,0 @@
-Candidate: CVE-2009-0676
-Description:
- The sock_getsockopt function in net/core/sock.c in the Linux kernel
- before 2.6.28.6 does not initialize a certain structure member, which
- allows local users to obtain potentially sensitive information from
- kernel memory via an SO_BSDCOMPAT getsockopt request.
-References:
- MLIST:[linux-kernel] 20090212 [PATCH] 4 bytes kernel memory disclosure in SO_BSDCOMPAT gsopt try #2
- URL:http://lkml.org/lkml/2009/2/12/123
- MLIST:[oss-security] 20090220 CVE request: kernel: memory disclosure in SO_BSDCOMPAT gsopt
- URL:http://openwall.com/lists/oss-security/2009/02/20/1
- CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=df0bca049d01c0ee94afb7cd5dfd959541e6c8da
- CONFIRM:http://patchwork.kernel.org/patch/6816/
- CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.6
- CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=486305
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.28.6, 2.6.29-rc5)
-linux-2.6: released (2.6.29-1)
-2.6.18-etch-security: released (2.6.18.dfsg.1-24etch1) [bugfix/all/net-SO_BSDCOMPAT-leak.patch, bugfix/all/net-SO_BSDCOMPAT-leak-2.patch]
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/all/net-SO_BSDCOMPAT-leak.patch, bugfix/all/net-SO_BSDCOMPAT-leak-2.patch]
-2.6.26-lenny-security: released (2.6.26-13lenny1) [bugfix/all/net-SO_BSDCOMPAT-leak.patch, bugfix/all/net-SO_BSDCOMPAT-leak-2.patch]
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-0745
===================================================================
--- active/CVE-2009-0745 2009-10-19 22:44:54 UTC (rev 1529)
+++ active/CVE-2009-0745 2009-10-20 21:46:22 UTC (rev 1530)
@@ -1,31 +0,0 @@
-Candidate: CVE-2009-0745
-Description:
- The ext4_group_add function in fs/ext4/resize.c in the Linux
- kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does
- not properly initialize the group descriptor during a resize
- (aka resize2fs) operation, which might allow local users to
- cause a denial of service (OOPS) by arranging for crafted
- values to be present in available memory.
-References:
- http://bugzilla.kernel.org/show_bug.cgi?id=12433
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fdff73f094e7220602cc3f8959c7230517976412
- http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.19
- http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.7
-Ubuntu-Description:
-Notes:
- jmm> ext4 is marked as experimental and the vulnerability fairly
- jmm> obscure, I don't think we should spend energy on this. Dann,
- jmm> if you don't object I'll mark this as "unimportant" in the
- jmm> security tracker
- dannf> Yeah, certainly unimportant, but I'll apply anyway since it
- dannf> applies trivially
-Bugs:
-upstream: released (2.6.28.7, 2.6.29-rc4)
-linux-2.6: released (2.6.29-1)
-2.6.18-etch-security: N/A "code not present"
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/all/ext4-initialize-the-new-group-descriptor-when-resizing-the-filesystem.patch]
-2.6.26-lenny-security: released (2.6.26-13lenny2) [bugfix/all/ext4-initialize-the-new-group-descriptor-when-resizing-the-filesystem.patch]
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-0746
===================================================================
--- active/CVE-2009-0746 2009-10-19 22:44:54 UTC (rev 1529)
+++ active/CVE-2009-0746 2009-10-20 21:46:22 UTC (rev 1530)
@@ -1,27 +0,0 @@
-Candidate: CVE-2009-0746
-Description:
- The make_indexed_dir function in fs/ext4/namei.c in the Linux kernel
- 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate
- a certain rec_len field, which allows local users to cause a denial
- of service (OOPS) by attempting to mount a crafted ext4 filesystem.
-References:
- http://bugzilla.kernel.org/show_bug.cgi?id=12430
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e6b8bc09ba2075cd91fbffefcd2778b1a00bd76f
- http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.19
- http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.7
-Ubuntu-Description:
-Notes:
- jmm> ext4 is marked as experimental and the vulnerability fairly
- jmm> obscure, I don't think we should spend energy on this. Dann,
- jmm> if you don't object I'll mark this as "unimportant" in the
- jmm> security tracker
-Bugs:
-upstream: released (2.6.28.7, 2.6.29-rc4)
-linux-2.6: released (2.6.28-1) [bugfix/all/stable/2.6.28.7.patch]
-2.6.18-etch-security: N/A
-2.6.24-etch-security: ignored
-2.6.26-lenny-security: released (2.6.26-13lenny2) [bugfix/all/ext4-add-sanity-check-to-make_indexed_dir.patch]
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-0747
===================================================================
--- active/CVE-2009-0747 2009-10-19 22:44:54 UTC (rev 1529)
+++ active/CVE-2009-0747 2009-10-20 21:46:22 UTC (rev 1530)
@@ -1,29 +0,0 @@
-Candidate: CVE-2009-0747
-Description:
- The ext4_isize function in fs/ext4/ext4.h in the Linux kernel
- 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 uses the
- i_size_high structure member during operations on arbitrary
- types of files, which allows local users to cause a denial of
- service (CPU consumption and error-message flood) by
- attempting to mount a crafted ext4 filesystem.
-References:
- http://bugzilla.kernel.org/show_bug.cgi?id=12375
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=06a279d636734da32bb62dd2f7b0ade666f65d7c
- http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.19
- http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.7
-Ubuntu-Description:
-Notes:
- jmm> ext4 is marked as experimental and the vulnerability fairly
- jmm> obscure, I don't think we should spend energy on this. Dann,
- jmm> if you don't object I'll mark this as "unimportant" in the
- jmm> security tracker
-Bugs:
-upstream: released (2.6.28.7, 2.6.29-rc4)
-linux-2.6: released (2.6.28-2) [bugfix/all/stable/2.6.28.7.patch]
-2.6.18-etch-security: N/A
-2.6.24-etch-security: N/A "code not present"
-2.6.26-lenny-security: released (2.6.26-13lenny2) [bugfix/all/ext4-only-use-i_size_high-for-regular-files.patch]
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-0748
===================================================================
--- active/CVE-2009-0748 2009-10-19 22:44:54 UTC (rev 1529)
+++ active/CVE-2009-0748 2009-10-20 21:46:22 UTC (rev 1530)
@@ -1,24 +0,0 @@
-Candidate: CVE-2009-0748
-Description:
- The ext4_fill_super function in fs/ext4/super.c in the Linux kernel
- 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate
- the superblock configuration, which allows local users to cause a
- denial of service (NULL pointer dereference and OOPS) by attempting
- to mount a crafted ext4 filesystem.
-References:
-Ubuntu-Description:
-Notes:
- jmm> ext4 is marked as experimental and the vulnerability fairly
- jmm> obscure, I don't think we should spend energy on this. Dann,
- jmm> if you don't object I'll mark this as "unimportant" in the
- jmm> security tracker
-Bugs:
-upstream: released (2.6.28.7, 2.6.29-rc1))
-linux-2.6: released (2.6.29-1)
-2.6.18-etch-security: N/A
-2.6.24-etch-security: ignored "code has changed - likely vulnerable, but not important enough to port"
-2.6.26-lenny-security: released (2.6.26-13lenny2) [bugfix/all/ext4-add-sanity-checks-for-the-superblock-before-mounting.patch]
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-0778
===================================================================
--- active/CVE-2009-0778 2009-10-19 22:44:54 UTC (rev 1529)
+++ active/CVE-2009-0778 2009-10-20 21:46:22 UTC (rev 1530)
@@ -1,16 +0,0 @@
-Candidate: CVE-2009-0778
-Description:
-References:
-Ubuntu-Description:
-Notes:
- dannf> Was introduced after 2.6.24 and fixed before 2.6.25
-Bugs:
-upstream: N/A
-linux-2.6: N/A
-2.6.18-etch-security: N/A
-2.6.24-etch-security: N/A
-2.6.26-lenny-security: N/A
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-0787
===================================================================
--- active/CVE-2009-0787 2009-10-19 22:44:54 UTC (rev 1529)
+++ active/CVE-2009-0787 2009-10-20 21:46:22 UTC (rev 1530)
@@ -1,23 +0,0 @@
-Candidate: CVE-2009-0787
-Description:
- The ecryptfs_write_metadata_to_contents function in the eCryptfs
- functionality in the Linux kernel 2.6.28 before 2.6.28.9 uses an
- incorrect size when writing kernel memory to an eCryptfs file
- header, which triggers an out-of-bounds read and allows local
- local users to obtain portions of kernel memory.
-References:
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=8faece5f906725c10e7a1f6caf84452abadbdc7b
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.9
-Ubuntu-Description:
-Notes:
- dannf> Supposedly only affects 2.6.28
-Bugs:
-upstream: released (2.6.28.9, 2.6.29)
-linux-2.6: released (2.6.29-1)
-2.6.18-etch-security: N/A
-2.6.24-etch-security: N/A
-2.6.26-lenny-security: N/A
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-0834
===================================================================
--- active/CVE-2009-0834 2009-10-19 22:44:54 UTC (rev 1529)
+++ active/CVE-2009-0834 2009-10-20 21:46:22 UTC (rev 1530)
@@ -1,26 +0,0 @@
-Candidate: CVE-2009-0834
-Description:
- The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier
- on the x86_64 platform does not properly handle (1) a 32-bit process making
- a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which
- allows local users to bypass certain syscall audit configurations via
- crafted syscalls, a related issue to CVE-2009-0342 and CVE-2009-0343.
-References:
- http://marc.info/?l=linux-kernel&m=123579056530191&w=2
- http://marc.info/?l=linux-kernel&m=123579065130246&w=2
- http://marc.info/?l=oss-security&m=123597642832637&w=2
- http://scary.beasts.org/security/CESA-2009-001.html
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ccbe495caa5e604b04d5a31d7459a6f6a76a756c
- https://bugzilla.redhat.com/show_bug.cgi?id=487990
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.27.20, 2.6.28.8, 2.6.29-rc7)
-linux-2.6: released (2.6.29-1)
-2.6.18-etch-security: released (2.6.18.dfsg.1-24etch1) [bugfix/syscall-audit-fix-32+64-syscall-hole.patch]
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/syscall-audit-fix-32+64-syscall-hole.patch]
-2.6.26-lenny-security: released (2.6.26-15lenny1) [bugfix/x86/syscall-audit-fix-32+64-syscall-hole.patch]
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-0835
===================================================================
--- active/CVE-2009-0835 2009-10-19 22:44:54 UTC (rev 1529)
+++ active/CVE-2009-0835 2009-10-20 21:46:22 UTC (rev 1530)
@@ -1,34 +0,0 @@
-Candidate: CVE-2009-0835
-Description:
- The __secure_computing function in kernel/seccomp.c in the seccomp subsystem
- in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform, when
- CONFIG_SECCOMP is enabled, does not properly handle (1) a 32-bit process
- making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which
- allows local users to bypass intended access restrictions via crafted syscalls
- that are misinterpreted as (a) stat or (b) chmod, a related issue to
- CVE-2009-0342 and CVE-2009-0343.
-References:
- http://marc.info/?l=linux-kernel&m=123579056530191&w=2
- http://marc.info/?l=linux-kernel&m=123579069630311&w=2
- http://marc.info/?l=oss-security&m=123597627132485&w=2
- http://lkml.org/lkml/2009/2/28/23
- http://scary.beasts.org/security/CESA-2009-001.html
- http://scary.beasts.org/security/CESA-2009-004.html
- http://scarybeastsecurity.blogspot.com/2009/02/linux-kernel-minor-seccomp.html
- https://bugzilla.redhat.com/show_bug.cgi?id=487255
-Ubuntu-Description:
-Notes:
- jmm> CONFIG_SECCOMP has only been enabled in 2.6.26. Since it's ultra-obscure
- jmm> and mostly unused anyway, we can likely mark in N/A for 2.6.18 and 2.6.24
- jmm> Dann, what do you think?
- dannf> agreed
-Bugs:
-upstream: released (2.6.28.8, 2.6.29) [1ab4bad21786384ff68dc6576d021acd4e42d8ce, 5b1017404aea6d2e552e991b3fd814d839e9cd67]
-linux-2.6: released (2.6.29-1)
-2.6.18-etch-security: N/A
-2.6.24-etch-security: N/A
-2.6.26-lenny-security: released (2.6.26-15lenny1) [bugfix/all/seccomp-fix-32+64-syscall-hole.patch]
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-0859
===================================================================
--- active/CVE-2009-0859 2009-10-19 22:44:54 UTC (rev 1529)
+++ active/CVE-2009-0859 2009-10-20 21:46:22 UTC (rev 1530)
@@ -1,31 +0,0 @@
-Candidate: CVE-2009-0859
-Description:
- The shm_get_stat function in ipc/shm.c in the shm subsystem
- in the Linux kernel before 2.6.28.5, when CONFIG_SHMEM is
- disabled, misinterprets the data type of an inode, which allows
- local users to cause a denial of service (system hang) via
- an SHM_INFO shmctl call, as demonstrated by running the ipcs
- program.
-References:
- http://marc.info/?l=git-commits-head&m=123387479500599&w=2
- http://marc.info/?l=linux-kernel&m=120428209704324&w=2
- http://marc.info/?l=linux-kernel&m=123309645625549&w=2
- http://openwall.com/lists/oss-security/2009/03/06/1
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a68e61e8ff2d46327a37b69056998b47745db6fa
- http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.5
- http://patchwork.kernel.org/patch/6554/
-Ubuntu-Description:
-Notes:
- jmm> All Debian kernels set CONFIG_SHMEM, so this is moot except
- jmm> for locally modified configs and even for that I fail to
- jmm> see why anyone would run a kernel w/o CONFIG_SHMEM?
-Bugs:
-upstream: released (2.6.29-rc4)
-linux-2.6: released (2.6.29-1)
-2.6.18-etch-security: released (2.6.18.dfsg.1-24etch1) [bugfix/all/shm-fix-shmctl-SHM_INFO-lockup-without-CONFIG_SHMEM.patch]
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/all/shm-fix-shmctl-SHM_INFO-lockup-without-CONFIG_SHMEM.patch]
-2.6.26-lenny-security: released (2.6.26-15lenny1) [bugfix/all/shm-fix-shmctl-SHM_INFO-lockup-without-CONFIG_SHMEM.patch]
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-0935
===================================================================
--- active/CVE-2009-0935 2009-10-19 22:44:54 UTC (rev 1529)
+++ active/CVE-2009-0935 2009-10-20 21:46:22 UTC (rev 1530)
@@ -1,24 +0,0 @@
-Candidate: CVE-2009-0935
-Description:
- The inotify_read function in the Linux kernel 2.6 before 2.6.29-rc3
- allows local users to cause a denial of service (OOPS) via a read
- with an invalid address to an inotify instance, which causes the
- device's event list mutex to be unlocked twice and prevents proper
- synchronization of a data structure for the inotify instance.
-References:
- http://marc.info/?l=linux-kernel&m=123337123501681&w=2
- http://www.openwall.com/lists/oss-security/2009/03/06/2
- https://bugzilla.redhat.com/show_bug.cgi?id=488935
-Ubuntu-Description:
-Notes:
- jmm> Issue was introduced in 2.6.27-rc9
-Bugs:
-upstream: released (2.6.30)
-linux-2.6: released (2.6.30-1)
-2.6.18-etch-security: N/A
-2.6.24-etch-security: N/A
-2.6.26-lenny-security: N/A
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-1046
===================================================================
--- active/CVE-2009-1046 2009-10-19 22:44:54 UTC (rev 1529)
+++ active/CVE-2009-1046 2009-10-20 21:46:22 UTC (rev 1530)
@@ -1,28 +0,0 @@
-Candidate: CVE-2009-1046
-Description:
- The console selection feature in the Linux kernel 2.6.28 before
- 2.6.28.4, 2.6.25, and possibly earlier versions, when the UTF-8
- console is used, allows physically proximate attackers to cause
- a denial of service (memory corruption) by selecting a small
- number of 3-byte UTF-8 characters, which triggers an "an
- off-by-two memory error." NOTE: it is not clear whether this issue
- crosses privilege boundaries.
-References:
- http://lists.openwall.net/linux-kernel/2009/01/30/333
- http://lists.openwall.net/linux-kernel/2009/02/02/364
- http://www.openwall.com/lists/oss-security/2009/02/12/10
- http://www.openwall.com/lists/oss-security/2009/02/12/11
- http://www.openwall.com/lists/oss-security/2009/02/12/9
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.4
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.28.4, 2.5.29-rc4)
-linux-2.6: released (2.6.29-1)
-2.6.18-etch-security: N/A "Appears to have been introduced by 759448f in 2.6.23-rc1"
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/all/fix-off-by-2-error-in-console-selection.patch]
-2.6.26-lenny-security: released (2.6.26-15lenny1) [bugfix/all/fix-off-by-2-error-in-console-selection.patch]
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-1184
===================================================================
--- active/CVE-2009-1184 2009-10-19 22:44:54 UTC (rev 1529)
+++ active/CVE-2009-1184 2009-10-20 21:46:22 UTC (rev 1530)
@@ -1,18 +0,0 @@
-Candidate: CVE-2009-1184
-Description:
-References:
-Ubuntu-Description:
-Notes:
- dannf> Code was removed before 2.6.30, so no fix went into
- dannf> Linus' tree. Issue was introduced upstream in
- dannf> 2.6.25-rc1
-Bugs:
-upstream: N/A
-linux-2.6: released (2.6.29-5)
-2.6.18-etch-security: N/A "Code not present
-2.6.24-etch-security: N/A
-2.6.26-lenny-security: released (2.6.26-15lenny1) [bugfix/all/unreached-code-in-selinux_ip_postroute_iptables_compat.patch]
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-1192
===================================================================
--- active/CVE-2009-1192 2009-10-19 22:44:54 UTC (rev 1529)
+++ active/CVE-2009-1192 2009-10-20 21:46:22 UTC (rev 1530)
@@ -1,20 +0,0 @@
-Candidate: CVE-2009-1192
-Description:
- "AGP pages might be mapped into userspace finally, so the pages should
- be set to zero before userspace can use it. Otherwise there is potential
- information leakage."
-References:
- http://git.kernel.org/linus/59de2bebabc5027f93df999d59cc65df591c3e6e
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1192
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.30)
-linux-2.6: released (2.6.29-4) [bugfix/all/stable/2.6.29.2.patch]
-2.6.18-etch-security: released (2.6.18.dfsg.1-24etch1) [bugfix/all/agp-zero-pages-before-sending-to-userspace.patch]
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/all/agp-zero-pages-before-sending-to-userspace.patch]
-2.6.26-lenny-security: released (2.6.26-15lenny1) [bugfix/all/agp-zero-pages-before-sending-to-userspace.patch]
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-1242
===================================================================
--- active/CVE-2009-1242 2009-10-19 22:44:54 UTC (rev 1529)
+++ active/CVE-2009-1242 2009-10-20 21:46:22 UTC (rev 1530)
@@ -1,28 +0,0 @@
-Candidate: CVE-2009-1242
-Description:
- The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX
- implementation in the KVM subsystem in the Linux kernel before
- 2.6.29.1 on the i386 platform allows guest OS users to cause a
- denial of service (OOPS) by setting the EFER_LME (aka "Long mode
- enable") bit in the Extended Feature Enable Register (EFER)
- model-specific register, which is specific to the x86_64 platform.
-References:
- http://openwall.com/lists/oss-security/2009/04/01/3
- http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-EFER-8585
- http://www.globalsecuritymag.com/Vigil-nce-Linux-kernel-denial-of,20090402,8311
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=16175a796d061833aacfbd9672235f2d2725df65
- http://patchwork.kernel.org/patch/15549/
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29.1
- http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.29-git1.log
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.29.1) [16175a796d061833aacfbd9672235f2d2725df65]
-linux-2.6: released (2.6.29-2)
-2.6.18-etch-security: N/A "no KVM"
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/kvm-vmx-inhibit-EFER-access.patch]
-2.6.26-lenny-security: released (2.6.26-15lenny1) [bugfix/x86/kvm-vmx-inhibit-EFER-access.patch]
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-1243
===================================================================
--- active/CVE-2009-1243 2009-10-19 22:44:54 UTC (rev 1529)
+++ active/CVE-2009-1243 2009-10-20 21:46:22 UTC (rev 1530)
@@ -1,24 +0,0 @@
-Candidate: CVE-2009-1243
-Description:
- net/ipv4/udp.c in the Linux kernel before 2.6.29.1 performs an unlocking
- step in certain incorrect circumstances, which allows local users to cause
- a denial of service (panic) by reading zero bytes from the /proc/net/udp
- file and unspecified other files, related to the "udp seq_file infrastructure."
-References:
- http://openwall.com/lists/oss-security/2009/04/01/4
- http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-proc-net-udp-8586
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=30842f2989aacfaba3ccb39829b3417be9313dbe
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29.1
-Ubuntu-Description:
-Notes:645ca708
- jmm> Introduced in 645ca708, so only affects >= 2.6.28
-Bugs:
-upstream: released (2.6.29.1)
-linux-2.6: released (2.6.29-2)
-2.6.18-etch-security: N/A
-2.6.24-etch-security: N/A
-2.6.26-lenny-security: N/A
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-1265
===================================================================
--- active/CVE-2009-1265 2009-10-19 22:44:54 UTC (rev 1529)
+++ active/CVE-2009-1265 2009-10-20 21:46:22 UTC (rev 1530)
@@ -1,16 +0,0 @@
-Candidate: CVE-2009-1265
-Description: af_rose/x25: Sanity check the maximum user frame size
-References:
- 83e0bbcbe2145f160fbaa109b0439dae7f4a38a9
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.30-rc1) [83e0bbcbe2145f160fbaa109b0439dae7f4a38a9]
-linux-2.6: released (2.6.30-1)
-2.6.18-etch-security: released (2.6.18.dfsg.1-24etch1) [bugfix/all/af_rose+x25-sanity-check-the-max-user-frame-size.patch]
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/all/af_rose+x25-sanity-check-the-max-user-frame-size.patch]
-2.6.26-lenny-security: released (2.6.26-15lenny1) [bugfix/all/af_rose+x25-sanity-check-the-max-user-frame-size.patch]
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-1336
===================================================================
--- active/CVE-2009-1336 2009-10-19 22:44:54 UTC (rev 1529)
+++ active/CVE-2009-1336 2009-10-20 21:46:22 UTC (rev 1530)
@@ -1,17 +0,0 @@
-Candidate: CVE-2009-1336
-Description:
-References:
- http://git.kernel.org/linus/54af3bb543c071769141387a42deaaab5074da55
- https://bugzilla.redhat.com/show_bug.cgi?id=494074
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.23-1)
-linux-2.6: released (2.6.23-rc9)
-2.6.18-etch-security: released (2.6.18.dfsg.1-24etch1) [bugfix/all/nfs-fix-oops-in-encode_lookup.patch]
-2.6.24-etch-security: N/A
-2.6.26-lenny-security: N/A
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-1337
===================================================================
--- active/CVE-2009-1337 2009-10-19 22:44:54 UTC (rev 1529)
+++ active/CVE-2009-1337 2009-10-20 21:46:22 UTC (rev 1530)
@@ -1,17 +0,0 @@
-Candidate: CVE-2009-1337
-Description:
-References:
- https://bugzilla.redhat.com/show_bug.cgi?id=493771
- http://git.kernel.org/linus/432870dab85a2f69dc417022646cb9a70acf7f94
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.30-rc1)
-linux-2.6: released (2.6.29-5)
-2.6.18-etch-security: released (2.6.18.dfsg.1-24etch1) [bugfix/all/exit_notify-kill-wrong-CAP_KILL-check.patch]
-2.6.24-etch-security: released (2.6.26-6~etchnhalf.8etch1) [bugfix/all/exit_notify-kill-wrong-CAP_KILL-check.patch]
-2.6.26-lenny-security: released (2.6.26-15lenny1) [bugfix/all/exit_notify-kill-wrong-CAP_KILL-check.patch]
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Copied: retired/CVE-2008-4410 (from rev 1529, active/CVE-2008-4410)
===================================================================
--- retired/CVE-2008-4410 (rev 0)
+++ retired/CVE-2008-4410 2009-10-20 21:46:22 UTC (rev 1530)
@@ -0,0 +1,18 @@
+Candidate: CVE-2008-4410
+Description:
+References:
+ http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git;a=commit;h=de59985e3a623d4d5d6207f1777398ca0606ab1c
+ http://www.openwall.com/lists/oss-security/2008/10/03/3
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.27)
+linux-2.6: released (2.6.26-8) [bugfix/x86-fix-broken-LDT-access-in-VMI.patch]
+2.6.18-etch-security: N/A
+2.6.24-etch-security: N/A
+2.6.26-lenny-security: released (2.6.26-8) [bugfix/x86-fix-broken-LDT-access-in-VMI.patch]
+2.6.15-dapper-security: N/A
+2.6.20-feisty-security: N/A
+2.6.22-gutsy-security: N/A
+2.6.24-hardy-security: N/A
+2.6.27-intrepid-security: N/A
Copied: retired/CVE-2008-4554 (from rev 1529, active/CVE-2008-4554)
===================================================================
--- retired/CVE-2008-4554 (rev 0)
+++ retired/CVE-2008-4554 2009-10-20 21:46:22 UTC (rev 1530)
@@ -0,0 +1,18 @@
+Candidate: CVE-2008-4554
+Description:
+References:
+ http://www.openwall.com/lists/oss-security/2008/10/13/1
+ efc968d450e013049a662d22727cf132618dcb2f
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.27)
+linux-2.6: released (2.6.26-9) [bugfix/all/dont-allow-splice-to-files-opened-with-O_APPEND.patch]
+2.6.18-etch-security: released (2.6.18.dfsg.1-23etch1) [bugfix/dont-allow-splice-to-files-opened-with-O_APPEND.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.7) [bugfix/all/dont-allow-splice-to-files-opened-with-O_APPEND.patch]
+2.6.26-lenny-security: released (2.6.26-9) [bugfix/all/dont-allow-splice-to-files-opened-with-O_APPEND.patch]
+2.6.15-dapper-security: N/A
+2.6.20-feisty-security: ignored (EOL)
+2.6.22-gutsy-security: needed
+2.6.24-hardy-security: N/A
+2.6.27-intrepid-security: N/A
Copied: retired/CVE-2008-4576 (from rev 1529, active/CVE-2008-4576)
===================================================================
--- retired/CVE-2008-4576 (rev 0)
+++ retired/CVE-2008-4576 2009-10-20 21:46:22 UTC (rev 1530)
@@ -0,0 +1,18 @@
+Candidate: CVE-2008-4576
+Description:
+References:
+ http://www.gossamer-threads.com/lists/linux/kernel/981012?page=last
+ add52379dde2e5300e2d574b172e62c6cf43b3d3
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.27)
+linux-2.6: released (2.6.26-9) [bugfix/all/stable/2.6.26.6.patch]
+2.6.18-etch-security: released (2.6.18.dfsg.1-23etch1) [bugfix/sctp-fix-oops-when-INIT-ACK-indicates-that-peer-doesnt-support-AUTH.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.7) [bugfix/sctp-fix-oops-when-INIT-ACK-indicates-that-peer-doesnt-support-AUTH.patch]
+2.6.26-lenny-security: released (2.6.26-9) [bugfix/all/stable/2.6.26.6.patch]
+2.6.15-dapper-security: needed
+2.6.20-feisty-security: ignored (EOL)
+2.6.22-gutsy-security: needed
+2.6.24-hardy-security: needed
+2.6.27-intrepid-security: N/A
Copied: retired/CVE-2008-4618 (from rev 1529, active/CVE-2008-4618)
===================================================================
--- retired/CVE-2008-4618 (rev 0)
+++ retired/CVE-2008-4618 2009-10-20 21:46:22 UTC (rev 1530)
@@ -0,0 +1,17 @@
+Candidate: CVE-2008-4618
+Description:
+ ba0166708ef4da7eeb61dd92bbba4d5a749d6561
+References:
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.27)
+linux-2.6: released (2.6.26-10) [bugfix/all/sctp-fix-kernel-panic-while-process-protocol-violation-parameter.patch]
+2.6.18-etch-security: N/A "vulnerable code not present"
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.7) [bugfix/all/sctp-fix-kernel-panic-while-process-protocol-violation-parameter.patch]
+2.6.26-lenny-security: released (2.6.26-10) [bugfix/all/sctp-fix-kernel-panic-while-process-protocol-violation-parameter.patch]
+2.6.15-dapper-security: needed
+2.6.20-feisty-security: ignored (EOL)
+2.6.22-gutsy-security: needed
+2.6.24-hardy-security: needed
+2.6.27-intrepid-security: N/A
Copied: retired/CVE-2008-4933 (from rev 1529, active/CVE-2008-4933)
===================================================================
--- retired/CVE-2008-4933 (rev 0)
+++ retired/CVE-2008-4933 2009-10-20 21:46:22 UTC (rev 1530)
@@ -0,0 +1,18 @@
+Candidate: CVE-2008-4933
+Description:
+References:
+ http://www.openwall.com/lists/oss-security/2008/11/03/2
+ efc7ffcb4237f8cb9938909041c4ed38f6e1bf40
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.28)
+linux-2.6: released (2.6.26-11) [bugfix/all/hfsplus-fix-Buffer-overflow-with-a-corrupted-image.patch]
+2.6.18-etch-security: released (2.6.18.dfsg.1-23etch1) [bugfix/hfsplus-fix-Buffer-overflow-with-a-corrupted-image.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.7) [bugfix/hfsplus-fix-Buffer-overflow-with-a-corrupted-image.patch]
+2.6.26-lenny-security: released (2.6.26-11) [bugfix/all/hfsplus-fix-Buffer-overflow-with-a-corrupted-image.patch]
+2.6.15-dapper-security: needed
+2.6.20-feisty-security: ignored (EOL)
+2.6.22-gutsy-security: needed
+2.6.24-hardy-security: needed
+2.6.27-intrepid-security: needed
Copied: retired/CVE-2008-4934 (from rev 1529, active/CVE-2008-4934)
===================================================================
--- retired/CVE-2008-4934 (rev 0)
+++ retired/CVE-2008-4934 2009-10-20 21:46:22 UTC (rev 1530)
@@ -0,0 +1,18 @@
+Candidate: CVE-2008-4934
+Description:
+References:
+ http://www.openwall.com/lists/oss-security/2008/11/03/2
+ 649f1ee6c705aab644035a7998d7b574193a598a
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.28)
+linux-2.6: released (2.6.26-11) [bugfix/all/hfsplus-check_read_mapping_page-return-value.patch]
+2.6.18-etch-security: released (2.6.18.dfsg.1-23etch1) [bugfix/hfsplus-check_read_mapping_page-return-value.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.7) [bugfix/hfsplus-check_read_mapping_page-return-value.patch]
+2.6.26-lenny-security: released (2.6.26-11) [bugfix/all/hfsplus-check_read_mapping_page-return-value.patch]
+2.6.15-dapper-security: needed
+2.6.20-feisty-security: ignored (EOL)
+2.6.22-gutsy-security: needed
+2.6.24-hardy-security: needed
+2.6.27-intrepid-security: needed
Copied: retired/CVE-2008-5025 (from rev 1529, active/CVE-2008-5025)
===================================================================
--- retired/CVE-2008-5025 (rev 0)
+++ retired/CVE-2008-5025 2009-10-20 21:46:22 UTC (rev 1530)
@@ -0,0 +1,18 @@
+Candidate: CVE-2008-5025
+Description:
+References:
+ http://www.openwall.com/lists/oss-security/2008/11/10/3
+ d38b7aa
+Ubuntu-Description:
+Notes:
+ jmm> efc7ffcb4237f8cb9938909041c4ed38f6e1bf40
+Bugs:
+upstream: released (2.6.28)
+linux-2.6: released (2.6.26-11) [bugfix/all/hfs-fix-namelength-memory-corruption.patch]
+2.6.18-etch-security: released (2.6.18.dfsg.1-23etch1) [bugfix/hfs-fix-namelength-memory-corruption.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.7) [bugfix/hfs-fix-namelength-memory-corruption.patch]
+2.6.26-lenny-security: released (2.6.26-11) [bugfix/all/hfs-fix-namelength-memory-corruption.patch]
+2.6.15-dapper-security: needed
+2.6.22-gutsy-security: needed
+2.6.24-hardy-security: needed
+2.6.27-intrepid-security: needed
Copied: retired/CVE-2008-5029 (from rev 1529, active/CVE-2008-5029)
===================================================================
--- retired/CVE-2008-5029 (rev 0)
+++ retired/CVE-2008-5029 2009-10-20 21:46:22 UTC (rev 1530)
@@ -0,0 +1,24 @@
+Candidate: CVE-2008-5029
+Description:
+ The __scm_destroy function in net/core/scm.c in the Linux kernel
+ 2.6.27.4, 2.6.26, and earlier makes indirect recursive calls to itself
+ through calls to the fput function, which allows local users to cause
+ a denial of service (panic) via vectors related to sending an
+ SCM_RIGHTS message through a UNIX domain socket and closing file
+ descriptors.
+References:
+ http://marc.info/?l=linux-netdev&m=122593044330973&w=2
+ http://www.openwall.com/lists/oss-security/2008/11/06/1
+ https://bugzilla.redhat.com/show_bug.cgi?id=470201
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.26.8)
+linux-2.6: released (2.6.26-11) [bugfix/all/stable/2.6.26.8.patch]
+2.6.18-etch-security: released (2.6.18.dfsg.1-23etch1) [bugfix/af_unix-fix-garbage-collector-races.patch, bugfix/af_unix-convert-socks-to-unix_socks.patch, bugfix/net-unix-fix-inflight-counting-bug-in-garbage-collector.patch, bugfix/net-fix-recursive-descent-in-__scm_destroy.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.7) [bugfix/unix-domain-counting-gc.patch, bugfix/unix-domain-recursive-descent.patch, bugfix/unix-domain-recursive-descent-abi-ignore.patch]
+2.6.26-lenny-security: released (2.6.26-11) [bugfix/all/stable/2.6.26.8.patch]
+2.6.15-dapper-security: needed
+2.6.22-gutsy-security: needed
+2.6.24-hardy-security: needed
+2.6.27-intrepid-security: needed
Copied: retired/CVE-2008-5033 (from rev 1529, active/CVE-2008-5033)
===================================================================
--- retired/CVE-2008-5033 (rev 0)
+++ retired/CVE-2008-5033 2009-10-20 21:46:22 UTC (rev 1530)
@@ -0,0 +1,17 @@
+Candidate: CVE-2008-5033
+Description:
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-5033
+ http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=01a1a3cc1e3fbe718bd06a2a5d4d1a2d0fb4d7d9
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.28)
+linux-2.6: released (2.6.26-11) [bugfix/all/tvaudio-treble-bass-control-oops.patch]
+2.6.18-etch-security: N/A
+2.6.24-etch-security: N/A
+2.6.26-lenny-security: released (2.6.26-11) [bugfix/all/tvaudio-treble-bass-control-oops.patch]
+2.6.15-dapper-security:
+2.6.20-feisty-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
Copied: retired/CVE-2008-5079 (from rev 1529, active/CVE-2008-5079)
===================================================================
--- retired/CVE-2008-5079 (rev 0)
+++ retired/CVE-2008-5079 2009-10-20 21:46:22 UTC (rev 1530)
@@ -0,0 +1,18 @@
+Candidate: CVE-2008-5079
+Description:
+References:
+ http://marc.info/?l=linux-netdev&m=122841256115780&w=2
+ http://marc.info/?l=linux-netdev&m=122843162615569&w=2
+Ubuntu-Description:
+Notes:
+ jmm> 17b24b3c97498935a2ef9777370b1151dfed3f6f
+Bugs:
+upstream: released (2.6.28)
+linux-2.6: released (2.6.26-12) [bugfix/all/atm-duplicate-listen-on-socket-corrupts-the-vcc-table.patch]
+2.6.18-etch-security: released (2.6.18.dfsg.1-23etch1) [bugfix/atm-duplicate-listen-on-socket-corrupts-the-vcc-table.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.8) [bugfix/all/atm-duplicate-listen-on-socket-corrupts-the-vcc-table.patch]
+2.6.26-lenny-security: released (2.6.26-12) [bugfix/all/atm-duplicate-listen-on-socket-corrupts-the-vcc-table.patch]
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2008-5182 (from rev 1529, active/CVE-2008-5182)
===================================================================
--- retired/CVE-2008-5182 (rev 0)
+++ retired/CVE-2008-5182 2009-10-20 21:46:22 UTC (rev 1530)
@@ -0,0 +1,15 @@
+Candidate: CVE-2008-5182
+Description:
+References:
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.28-rc5)
+linux-2.6: released (2.6.26-12) [bugfix/all/inotify-watch-removal-umount-races.patch]
+2.6.18-etch-security: released (2.6.18.dfsg.1-23etch1) [bugfix/inotify-watch-removal-umount-races.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.7) [bugfix/all/inotify-watch-removal-umount-races.patch]
+2.6.26-lenny-security: released (2.6.26-12) [bugfix/all/inotify-watch-removal-umount-races.patch]
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2008-5395 (from rev 1529, active/CVE-2008-5395)
===================================================================
--- retired/CVE-2008-5395 (rev 0)
+++ retired/CVE-2008-5395 2009-10-20 21:46:22 UTC (rev 1530)
@@ -0,0 +1,19 @@
+Candidate: CVE-2008-5395
+Description:
+ The parisc_show_stack function in arch/parisc/kernel/traps.c in the Linux
+ kernel before 2.6.28-rc7 on PA-RISC allows local users to cause a denial of
+ service (system crash) via vectors associated with an attempt to unwind a
+ stack that contains userspace addresses.
+References:
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.28)
+linux-2.6: released (2.6.26-13) [bugfix/parisc/userspace-unwind-crash.patch]
+2.6.18-etch-security: released (2.6.18.dfsg.1-24etch1) [bugfix/hppa/userspace-unwind-crash.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/hppa/userspace-unwind-crash.patch]
+2.6.26-lenny-security: released (2.6.26-13) [bugfix/parisc/userspace-unwind-crash.patch]
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2008-5700 (from rev 1529, active/CVE-2008-5700)
===================================================================
--- retired/CVE-2008-5700 (rev 0)
+++ retired/CVE-2008-5700 2009-10-20 21:46:22 UTC (rev 1530)
@@ -0,0 +1,21 @@
+Candidate: CVE-2008-5700
+Description:
+ libata in the Linux kernel before 2.6.27.9 does not set minimum
+ timeouts for SG_IO requests, which allows local usersto cause a
+ deniale (Programmed I/O mode on drives) via multiple simultaneous
+ invocations of an unspecified test program.
+References:
+ http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=f2f1fa78a155524b849edf359e42a3001ea652c0
+ https://bugzilla.redhat.com/show_bug.cgi?id=474495
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.27.9)
+linux-2.6: released (2.6.26-13) [bugfix/enforce-minimum-SG_IO-timeout.patch]
+2.6.18-etch-security: N/A "code not present"
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/all/enforce-minimum-SG_IO-timeout.patch]
+2.6.26-lenny-security: released (2.6.26-13) [bugfix/enforce-minimum-SG_IO-timeout.patch]
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2008-5701 (from rev 1529, active/CVE-2008-5701)
===================================================================
--- retired/CVE-2008-5701 (rev 0)
+++ retired/CVE-2008-5701 2009-10-20 21:46:22 UTC (rev 1530)
@@ -0,0 +1,22 @@
+Candidate: CVE-2008-5701
+Description:
+ Array index error in arch/mips/kernel/scall64-o32.S in the Linux kernel
+ before 2.6.28-rc8 on 64-bit MIPS platforms allows local users to cause a
+ denial of service (system crash) via an o32 syscall with a small syscall
+ number, which leads to an attempted read operation outside the bounds of
+ the syscall table.
+References:
+ http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=e807f9574e37a3f202e677feaaad1b7c5d2c0db8
+ http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.28-rc8
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.28)
+linux-2.6: released (2.6.26-13) [bugfix/mips/fix-potential-dos.patch]
+2.6.18-etch-security: released (2.6.18.dfsg.1-24etch1) [bugfix/mips/fix-potential-dos.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/mips/fix-potential-dos.patch]
+2.6.26-lenny-security: released (2.6.26-13) [bugfix/mips/fix-potential-dos.patch]
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2008-5702 (from rev 1529, active/CVE-2008-5702)
===================================================================
--- retired/CVE-2008-5702 (rev 0)
+++ retired/CVE-2008-5702 2009-10-20 21:46:22 UTC (rev 1530)
@@ -0,0 +1,27 @@
+Candidate: CVE-2008-5702
+Description:
+ Buffer underflow in the ibwdt_ioctl function in
+ drivers/watchdog/ib700wdt.c in the Linux kernel before 2.6.28-rc1
+ might allow local users to have an unknown impact via a certain
+ /dev/watchdog WDIOC_SETTIMEOUT IOCTL call.
+References:
+ http://lkml.org/lkml/2008/10/5/173
+ http://openwall.com/lists/oss-security/2008/12/10/2
+ http://openwall.com/lists/oss-security/2008/12/17/6
+ http://openwall.com/lists/oss-security/2008/12/17/9
+ http://openwall.com/lists/oss-security/2008/12/17/20
+ http://bugzilla.kernel.org/show_bug.cgi?id=11399
+ http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=7c2500f17d65092d93345f3996cf82ebca17e9ff
+Ubuntu-Description:
+Notes:
+ dannf> Not an issue for Debian by default due to /dev/watchdog perms
+Bugs:
+upstream: released (2.6.27.9, 2.6.28-rc1) [7c2500f17d65092d93345f3996cf82ebca17e9ff]
+linux-2.6: released (2.6.26-13) [bugfix/all/watchdog-ib700wdt-buffer_underflow.patch]
+2.6.18-etch-security: released (2.6.18.dfsg.1-24etch1) [bugfix/all/watchdog-ib700wdt-buffer_underflow.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/all/watchdog-ib700wdt-buffer_underflow.patch]
+2.6.26-lenny-security: released (2.6.26-13) [bugfix/all/watchdog-ib700wdt-buffer_underflow.patch]
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2008-5713 (from rev 1529, active/CVE-2008-5713)
===================================================================
--- retired/CVE-2008-5713 (rev 0)
+++ retired/CVE-2008-5713 2009-10-20 21:46:22 UTC (rev 1530)
@@ -0,0 +1,25 @@
+Candidate: CVE-2008-5713
+Description:
+ The __qdisc_run function in net/sched/sch_generic.c in the Linux
+ kernel before 2.6.25 on SMP machines allows local users to cause a
+ denial of service (soft lockup) by sending a large amount of network
+ traffic, as demonstrated by multiple simultaneous invocations of the
+ Netperf benchmark application in UDP_STREAM mode.
+References:
+ http://openwall.com/lists/oss-security/2008/12/23/1
+ http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=2ba2506ca7ca62c56edaa334b0fe61eb5eab6ab0
+ https://bugzilla.redhat.com/show_bug.cgi?id=477744
+ https://bugzilla.redhat.com/attachment.cgi?id=327745
+ http://www.securityfocus.com/bid/32985
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.24.5, 2.6.25-rc9) [2ba2506ca7ca62c56edaa334b0fe61eb5eab6ab0]
+linux-2.6: released (2.6.25-1)
+2.6.18-etch-security: released (2.6.18.dfsg.1-24etch1) [bugfix/all/net-add-preempt-point-in-qdisc_run.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.1) [bugfix/all/stable/2.6.24.5.patch]
+2.6.26-lenny-security: N/A
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2008-6107 (from rev 1529, active/CVE-2008-6107)
===================================================================
--- retired/CVE-2008-6107 (rev 0)
+++ retired/CVE-2008-6107 2009-10-20 21:46:22 UTC (rev 1530)
@@ -0,0 +1,25 @@
+Candidate: CVE-2008-6107
+Description:
+ The (1) sys32_mremap function in arch/sparc64/kernel/sys_sparc32.c, the
+ (2) sparc_mmap_check function in arch/sparc/kernel/sys_sparc.c, and the
+ (3) sparc64_mmap_check function in arch/sparc64/kernel/sys_sparc.c, in
+ the Linux kernel before 2.6.25.4, omit some virtual-address range (aka
+ span) checks when the mremap MREMAP_FIXED bit is not set, which allows
+ local users to cause a denial of service (panic) via unspecified mremap
+ calls, a related issue to CVE-2008-2137.
+References:
+ http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.4
+ http://marc.info/?l=linux-kernel&m=121071103304610&w=2
+ 94d149c34cda933ff5096aca94bb23bf68602f4e
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.25.4, 2.6.26)
+linux-2.6: released (2.6.25-4)
+2.6.18-etch-security: released (2.6.18.dfsg.1-18etch5) [bugfix/sparc-fix-mremap-addr-range-validation.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.3) [bugfix/sparc-fix-mremap-addr-range-validation.patch]
+2.6.26-lenny-security: N/A
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2009-0024 (from rev 1529, active/CVE-2009-0024)
===================================================================
--- retired/CVE-2009-0024 (rev 0)
+++ retired/CVE-2009-0024 2009-10-20 21:46:22 UTC (rev 1530)
@@ -0,0 +1,16 @@
+Candidate: CVE-2009-0024
+Description:
+References:
+Ubuntu-Description:
+Notes:
+ Introduced in 2.6.23
+Bugs:
+upstream: released (2.6.24.1)
+linux-2.6: released (2.6.24-4)
+2.6.18-etch-security: N/A
+2.6.24-etch-security: N/A
+2.6.26-lenny-security: released (2.6.24-4)
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2009-0028 (from rev 1529, active/CVE-2009-0028)
===================================================================
--- retired/CVE-2009-0028 (rev 0)
+++ retired/CVE-2009-0028 2009-10-20 21:46:22 UTC (rev 1530)
@@ -0,0 +1,24 @@
+Candidate: CVE-2009-0028
+Description:
+ The clone system call in the Linux kernel 2.6.28 and earlier allows local
+ users to send arbitrary signals to a parent process from an unprivileged
+ child process by launching an additional child process with the CLONE_PARENT
+ flag, and then letting this new process exit.
+References:
+ http://scary.beasts.org/security/CESA-2009-002.html
+ http://scarybeastsecurity.blogspot.com/2009/02/linux-kernel-minor-signal-vulnerability.html
+ https://bugzilla.redhat.com/show_bug.cgi?id=479932
+ http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00003.html
+ 2d5516cbb9d
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.29-rc8)
+linux-2.6: released (2.6.29-1)
+2.6.18-etch-security: released (2.6.18.dfsg.1-24etch1) [bugfix/all/copy_process-fix-CLONE_PARENT-and-parent_exec_id-interaction.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/all/copy_process-fix-CLONE_PARENT-and-parent_exec_id-interaction.patch]
+2.6.26-lenny-security: released (2.6.26-15lenny1) [bugfix/all/copy_process-fix-CLONE_PARENT-and-parent_exec_id-interaction.patch]
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2009-0029 (from rev 1529, active/CVE-2009-0029)
===================================================================
--- retired/CVE-2009-0029 (rev 0)
+++ retired/CVE-2009-0029 2009-10-20 21:46:22 UTC (rev 1530)
@@ -0,0 +1,15 @@
+Candidate: CVE-2009-0029
+Description:
+References:
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.29) "needs regression fix d6c178e9694e7e0c7ffe0289cf4389a498cac735, which came after 2.6.29"
+linux-2.6: released (2.6.29-1) "d6c178e9694e7e0c7ffe0289cf4389a498cac735 is queued for 2.6.29-2"
+2.6.18-etch-security: released (2.6.18.dfsg.1-24etch1) [bugfix/all/CVE-2009-0029/0001-Move-compat-system-call-declarations.patch, bugfix/all/CVE-2009-0029/0002-Convert-all-system-calls-to-return-a.patch, bugfix/all/CVE-2009-0029/0003-Rename-old_readdir-to-sys_old_readdi.patch, bugfix/all/CVE-2009-0029/0004pre1-ia64-kill-sys32_pipe.patch, bugfix/all/CVE-2009-0029/0004pre2-unify-sys_pipe.patch, bugfix/all/CVE-2009-0029/0004pre3-kill-redundant-sys_pipe-protos.patch, bugfix/all/CVE-2009-0029/0004-Remove-__attribute__-weak-from-sy.patch, bugfix/all/CVE-2009-0029/0005-Make-sys_pselect7-static.patch, bugfix/all/CVE-2009-0029/0006-Make-sys_syslog-a-conditional-system.patch, bugfix/all/CVE-2009-0029/0007pre1-create-arch-kconfig.patch, bugfix/all/CVE-2009-0029/0007-System-call-wrapper-infrastructure.patch, bugfix/all/CVE-2009-0029/0008-powerpc-Enable-syscall-wrappers-for.patch, bugfix/all/CVE-2009-0029/0009-s390-enable-system-call-wrappers.patch, bugfix/all/CVE-2009-0029/0010-System-call-wrapper-special-cases.patch, bugfix/all/CVE-2009-0029/0011-System-call-wrappers-part-01.patch, bugfix/all/CVE-2009-0029/0012-System-call-wrappers-part-02.patch, bugfix/all/CVE-2009-0029/0013-System-call-wrappers-part-03.patch, bugfix/all/CVE-2009-0029/0014-System-call-wrappers-part-04.patch, bugfix/all/CVE-2009-0029/0015-System-call-wrappers-part-05.patch, bugfix/all/CVE-2009-0029/0016-System-call-wrappers-part-06.patch, bugfix/all/CVE-2009-0029/0017-System-call-wrappers-part-07.patch, bugfix/all/CVE-2009-0029/0018-System-call-wrappers-part-08.patch, bugfix/all/CVE-2009-0029/0019-System-call-wrappers-part-09.patch, bugfix/all/CVE-2009-0029/0020-System-call-wrappers-part-10.patch, bugfix/all/CVE-2009-0029/0021-System-call-wrappers-part-11.patch, bugfix/all/CVE-2009-0029/0022-System-call-wrappers-part-12.patch, bugfix/all/CVE-2009-0029/0023-System-call-wrappers-part-13.patch, bugfix/all/CVE-2009-0029/0024-System-call-wrappers-part-14.patch, bugfix/all/CVE-2009-0029/0025-System-call-wrappers-part-15.patch, bugfix/all/CVE-2009-0029/0026-System-call-wrappers-part-16.patch, bugfix/all/CVE-2009-0029/0027-System-call-wrappers-part-17.patch, bugfix/all/CVE-2009-0029/0028-System-call-wrappers-part-18.patch, bugfix/all/CVE-2009-0029/0029-System-call-wrappers-part-19.patch, bugfix/all/CVE-2009-0029/0030-System-call-wrappers-part-20.patch, bugfix/all/CVE-2009-0029/0031-System-call-wrappers-part-21.patch, bugfix/all/CVE-2009-0029/0032-System-call-wrappers-part-22.patch, bugfix/all/CVE-2009-0029/0033-System-call-wrappers-part-23.patch, bugfix/all/CVE-2009-0029/0034-System-call-wrappers-part-24.patch, bugfix/all/CVE-2009-0029/0035-System-call-wrappers-part-25.patch, bugfix/all/CVE-2009-0029/0036-System-call-wrappers-part-26.patch, bugfix/all/CVE-2009-0029/0037pre1-missing-include.patch, bugfix/all/CVE-2009-0029/0037-System-call-wrappers-part-27.patch, bugfix/all/CVE-2009-0029/0038pre1-missing-include.patch, bugfix/all/CVE-2009-0029/0038pre2-missing-include.patch, bugfix/all/CVE-2009-0029/0038-System-call-wrappers-part-28.patch, bugfix/all/CVE-2009-0029/0039-System-call-wrappers-part-29.patch, bugfix/all/CVE-2009-0029/0040-System-call-wrappers-part-30.patch, bugfix/all/CVE-2009-0029/0041-System-call-wrappers-part-31.patch, bugfix/all/CVE-2009-0029/0042-System-call-wrappers-part-32.patch, bugfix/all/CVE-2009-0029/0043pre1-missing-include.patch, bugfix/all/CVE-2009-0029/0043-System-call-wrappers-part-33.patch, bugfix/all/CVE-2009-0029/0044pre1-system-call-cleanup.patch, bugfix/all/CVE-2009-0029/0044-s390-specific-system-call-wrappers.patch, bugfix/all/CVE-2009-0029/0091-avoid-abi-change.patch, bugfix/all/CVE-2009-0029/mips-rename-sys_pipe.patch, bugfix/all/CVE-2009-0029/mips-enable-syscall-wrappers.patch, bugfix/all/CVE-2009-0029/mips-enable-syscall-wrappers-no-abi-change.patch, bugfix/all/CVE-2009-0029/alpha-use-syscall-wrappers.patch, bugfix/all/CVE-2009-0029/compat-zero-upper-32bits-of-offset_high-and-offset_low.patch, bugfix/all/CVE-2009-0029/fix-uml-compile.patch, bugfix/all/CVE-2009-0029/sparc64-use-syscall-wrappers.patch, bugfix/all/CVE-2009-0029/sparc64-wrap-arch-specific-syscalls.patch, bugfix/all/CVE-2009-0029/drop-sys_write-sys_lseek-exports.patch, bugfix/all/CVE-2009-0029/mips-rename-sys_pipe-2.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/all/CVE-2009-0029/0001-Move-compat-system-call-declarations.patch, bugfix/all/CVE-2009-0029/0002-Convert-all-system-calls-to-return-a.patch, bugfix/all/CVE-2009-0029/0003-Rename-old_readdir-to-sys_old_readdi.patch, bugfix/all/CVE-2009-0029/0004pre1-ia64-kill-sys32_pipe.patch, bugfix/all/CVE-2009-0029/0004pre2-unify-sys_pipe.patch, bugfix/all/CVE-2009-0029/0004-Remove-__attribute__-weak-from-sy.patch, bugfix/all/CVE-2009-0029/0005-Make-sys_pselect7-static.patch, bugfix/all/CVE-2009-0029/0006-Make-sys_syslog-a-conditional-system.patch, bugfix/all/CVE-2009-0029/0007pre1-create-arch-kconfig.patch, bugfix/all/CVE-2009-0029/0007-System-call-wrapper-infrastructure.patch, bugfix/all/CVE-2009-0029/0008-powerpc-Enable-syscall-wrappers-for.patch, bugfix/all/CVE-2009-0029/0009-s390-enable-system-call-wrappers.patch, bugfix/all/CVE-2009-0029/0010-System-call-wrapper-special-cases.patch, bugfix/all/CVE-2009-0029/0011-System-call-wrappers-part-01.patch, bugfix/all/CVE-2009-0029/0012-System-call-wrappers-part-02.patch, bugfix/all/CVE-2009-0029/0013-System-call-wrappers-part-03.patch, bugfix/all/CVE-2009-0029/0014-System-call-wrappers-part-04.patch, bugfix/all/CVE-2009-0029/0015-System-call-wrappers-part-05.patch, bugfix/all/CVE-2009-0029/0016-System-call-wrappers-part-06.patch, bugfix/all/CVE-2009-0029/0017-System-call-wrappers-part-07.patch, bugfix/all/CVE-2009-0029/0018-System-call-wrappers-part-08.patch, bugfix/all/CVE-2009-0029/0019pre1-missing-include.patch, bugfix/all/CVE-2009-0029/0019-System-call-wrappers-part-09.patch, bugfix/all/CVE-2009-0029/0020-System-call-wrappers-part-10.patch, bugfix/all/CVE-2009-0029/0021-System-call-wrappers-part-11.patch, bugfix/all/CVE-2009-0029/0022-System-call-wrappers-part-12.patch, bugfix/all/CVE-2009-0029/0023-System-call-wrappers-part-13.patch, bugfix/all/CVE-2009-0029/0024-System-call-wrappers-part-14.patch, bugfix/all/CVE-2009-0029/0025-System-call-wrappers-part-15.patch, bugfix/all/CVE-2009-0029/0026-System-call-wrappers-part-16.patch, bugfix/all/CVE-2009-0029/0027-System-call-wrappers-part-17.patch, bugfix/all/CVE-2009-0029/0028-System-call-wrappers-part-18.patch, bugfix/all/CVE-2009-0029/0029-System-call-wrappers-part-19.patch, bugfix/all/CVE-2009-0029/0030-System-call-wrappers-part-20.patch, bugfix/all/CVE-2009-0029/0031-System-call-wrappers-part-21.patch, bugfix/all/CVE-2009-0029/0032-System-call-wrappers-part-22.patch, bugfix/all/CVE-2009-0029/0033-System-call-wrappers-part-23.patch, bugfix/all/CVE-2009-0029/0034-System-call-wrappers-part-24.patch, bugfix/all/CVE-2009-0029/0035-System-call-wrappers-part-25.patch, bugfix/all/CVE-2009-0029/0036-System-call-wrappers-part-26.patch, bugfix/all/CVE-2009-0029/0037pre1-missing-include.patch, bugfix/all/CVE-2009-0029/0037-System-call-wrappers-part-27.patch, bugfix/all/CVE-2009-0029/0038pre1-missing-include.patch, bugfix/all/CVE-2009-0029/0038-System-call-wrappers-part-28.patch, bugfix/all/CVE-2009-0029/0039-System-call-wrappers-part-29.patch, bugfix/all/CVE-2009-0029/0040-System-call-wrappers-part-30.patch, bugfix/all/CVE-2009-0029/0041pre1-missing-include.patch, bugfix/all/CVE-2009-0029/0041-System-call-wrappers-part-31.patch, bugfix/all/CVE-2009-0029/0042pre1-missing-include.patch, bugfix/all/CVE-2009-0029/0042-System-call-wrappers-part-32.patch, bugfix/all/CVE-2009-0029/0043pre1-missing-include.patch, bugfix/all/CVE-2009-0029/0043-System-call-wrappers-part-33.patch, bugfix/all/CVE-2009-0029/0044-s390-specific-system-call-wrappers.patch, bugfix/all/CVE-2009-0029/mips-rename-sys_pipe.patch, bugfix/all/CVE-2009-0029/alpha-use-syscall-wrappers.patch, bugfix/all/CVE-2009-0029/sparc64-use-syscall-wrappers.patch, bugfix/all/CVE-2009-0029/mips-enable-syscall-wrappers.patch, bugfix/all/CVE-2009-0029/mips-enable-syscall-wrappers-no-abi-change.patch, bugfix/all/CVE-2009-0029/sparc64-wrap-arch-specific-syscalls.patch, bugfix/all/CVE-2009-0029/fix-uml-compile.patch, bugfix/all/CVE-2009-0029/compat-zero-upper-32bits-of-offset_high-and-offset_low.patch]
+2.6.26-lenny-security: released (2.6.26-13lenny2) [bugfix/all/CVE-2009-0029/0001-Move-compat-system-call-declarations.patch, bugfix/all/CVE-2009-0029/0002-Convert-all-system-calls-to-return-a.patch, bugfix/all/CVE-2009-0029/0003-Rename-old_readdir-to-sys_old_readdi.patch, bugfix/all/CVE-2009-0029/0004pre1-ia64-kill-sys32_pipe.patch, bugfix/all/CVE-2009-0029/0004-Remove-__attribute__-weak-from-sy.patch, bugfix/all/CVE-2009-0029/0005-Make-sys_pselect7-static.patch, bugfix/all/CVE-2009-0029/0006-Make-sys_syslog-a-conditional-system.patch, bugfix/all/CVE-2009-0029/0007-System-call-wrapper-infrastructure.patch, bugfix/all/CVE-2009-0029/0008-powerpc-Enable-syscall-wrappers-for.patch, bugfix/all/CVE-2009-0029/0009-s390-enable-system-call-wrappers.patch, bugfix/all/CVE-2009-0029/0010-System-call-wrapper-special-cases.patch, bugfix/all/CVE-2009-0029/0011-System-call-wrappers-part-01.patch, bugfix/all/CVE-2009-0029/0012-System-call-wrappers-part-02.patch, bugfix/all/CVE-2009-0029/0013-System-call-wrappers-part-03.patch, bugfix/all/CVE-2009-0029/0014-System-call-wrappers-part-04.patch, bugfix/all/CVE-2009-0029/0015-System-call-wrappers-part-05.patch, bugfix/all/CVE-2009-0029/0016-System-call-wrappers-part-06.patch, bugfix/all/CVE-2009-0029/0017-System-call-wrappers-part-07.patch, bugfix/all/CVE-2009-0029/0018-System-call-wrappers-part-08.patch, bugfix/all/CVE-2009-0029/0019-System-call-wrappers-part-09.patch, bugfix/all/CVE-2009-0029/0020-System-call-wrappers-part-10.patch, bugfix/all/CVE-2009-0029/0021-System-call-wrappers-part-11.patch, bugfix/all/CVE-2009-0029/0022-System-call-wrappers-part-12.patch, bugfix/all/CVE-2009-0029/0023-System-call-wrappers-part-13.patch, bugfix/all/CVE-2009-0029/0024-System-call-wrappers-part-14.patch, bugfix/all/CVE-2009-0029/0025-System-call-wrappers-part-15.patch, bugfix/all/CVE-2009-0029/0026-System-call-wrappers-part-16.patch, bugfix/all/CVE-2009-0029/0027-System-call-wrappers-part-17.patch, bugfix/all/CVE-2009-0029/0028-System-call-wrappers-part-18.patch, bugfix/all/CVE-2009-0029/0029-System-call-wrappers-part-19.patch, bugfix/all/CVE-2009-0029/0030-System-call-wrappers-part-20.patch, bugfix/all/CVE-2009-0029/0031-System-call-wrappers-part-21.patch, bugfix/all/CVE-2009-0029/0032-System-call-wrappers-part-22.patch, bugfix/all/CVE-2009-0029/0033-System-call-wrappers-part-23.patch, bugfix/all/CVE-2009-0029/0034-System-call-wrappers-part-24.patch, bugfix/all/CVE-2009-0029/0035-System-call-wrappers-part-25.patch, bugfix/all/CVE-2009-0029/0036-System-call-wrappers-part-26.patch, bugfix/all/CVE-2009-0029/0037-System-call-wrappers-part-27.patch, bugfix/all/CVE-2009-0029/0038pre1-missing-include.patch, bugfix/all/CVE-2009-0029/0038-System-call-wrappers-part-28.patch, bugfix/all/CVE-2009-0029/0039-System-call-wrappers-part-29.patch, bugfix/all/CVE-2009-0029/0040-System-call-wrappers-part-30.patch, bugfix/all/CVE-2009-0029/0041-System-call-wrappers-part-31.patch, bugfix/all/CVE-2009-0029/0042-System-call-wrappers-part-32.patch, bugfix/all/CVE-2009-0029/0043-System-call-wrappers-part-33.patch, bugfix/all/CVE-2009-0029/0044-s390-specific-system-call-wrappers.patch, bugfix/all/CVE-2009-0029/mips-rename-sys_pipe.patch, bugfix/all/CVE-2009-0029/mips-enable-syscall-wrappers.patch, bugfix/all/CVE-2009-0029/sparc64-use-syscall-wrappers.patch, bugfix/all/CVE-2009-0029/sparc64-wrap-arch-specific-syscalls.patch, bugfix/all/CVE-2009-0029/alpha-use-syscall-wrappers.patch, bugfix/all/CVE-2009-0029/mips-enable-syscall-wrappers-no-abi-change.patch, bugfix/all/CVE-2009-0029/fix-uml-compile.patch bugfix/mips/fix-llseek-sign-extend-issue.patch]
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2009-0031 (from rev 1529, active/CVE-2009-0031)
===================================================================
--- retired/CVE-2009-0031 (rev 0)
+++ retired/CVE-2009-0031 2009-10-20 21:46:22 UTC (rev 1530)
@@ -0,0 +1,16 @@
+Candidate: CVE-2009-0031
+Description:
+References:
+ 0d54ee1c7850a954026deec4cd4885f331da35cc
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.29-rc3)
+linux-2.6: released (2.6.29-1)
+2.6.18-etch-security: released (2.6.18.dfsg.1-24etch1) [bugfix/all/security-keyctl-missing-kfree.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/all/security-keyctl-missing-kfree.patch]
+2.6.26-lenny-security: released (2.6.26-13lenny1) [bugfix/all/security-keyctl-missing-kfree.patch]
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2009-0065 (from rev 1529, active/CVE-2009-0065)
===================================================================
--- retired/CVE-2009-0065 (rev 0)
+++ retired/CVE-2009-0065 2009-10-20 21:46:22 UTC (rev 1530)
@@ -0,0 +1,18 @@
+Candidate: CVE-2009-0065
+Description:
+ http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9fcb95a105758b81ef0131cd18e2db5149f13e95
+ http://patchwork.ozlabs.org/patch/15024/
+ https://bugzilla.redhat.com/show_bug.cgi?id=478800
+References:
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.29-rc1)
+linux-2.6: released (2.6.29-1)
+2.6.18-etch-security: released (2.6.18.dfsg.1-24etch1) [bugfix/all/sctp-avoid-memory-overflow.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/all/sctp-avoid-memory-overflow.patch]
+2.6.26-lenny-security: released (2.6.26-13lenny1) [bugfix/all/sctp-avoid-memory-overflow.patch]
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2009-0269 (from rev 1529, active/CVE-2009-0269)
===================================================================
--- retired/CVE-2009-0269 (rev 0)
+++ retired/CVE-2009-0269 2009-10-20 21:46:22 UTC (rev 1530)
@@ -0,0 +1,17 @@
+Candidate: CVE-2009-0269
+Description:
+References:
+ http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=a17d5232de7b53d34229de79ec22f4bb04adb7e4
+Ubuntu-Description:
+Notes:
+ encryptfs was merged in 2.6.19
+Bugs:
+upstream: released (2.6.29-rc1)
+linux-2.6: released (2.6.29-1)
+2.6.18-etch-security: N/A
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/all/ecryptfs-check-readlink-result-before-use.patch]
+2.6.26-lenny-security: released (2.6.26-13lenny1) [bugfix/all/ecryptfs-check-readlink-result-before-use.patch]
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2009-0322 (from rev 1529, active/CVE-2009-0322)
===================================================================
--- retired/CVE-2009-0322 (rev 0)
+++ retired/CVE-2009-0322 2009-10-20 21:46:22 UTC (rev 1530)
@@ -0,0 +1,16 @@
+Candidate: CVE-2009-0322
+Description:
+References:
+Ubuntu-Description:
+Notes:
+ 81156928f8fe31621e467490b9d441c0285998c3
+Bugs:
+upstream: released (2.6.27.13, 2.6.28.2, 2.6.29-rc3)
+linux-2.6: released (2.6.29-1)
+2.6.18-etch-security: released (2.6.18.dfsg.1-24etch1) [bugfix/all/dell_rbu-use-scnprintf-instead-of-sprintf.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/all/dell_rbu-use-scnprintf-instead-of-sprintf.patch]
+2.6.26-lenny-security: released (2.6.26-13lenny1) [bugfix/x86/dell_rbu-use-scnprintf-instead-of-sprintf.patch]
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2009-0675 (from rev 1529, active/CVE-2009-0675)
===================================================================
--- retired/CVE-2009-0675 (rev 0)
+++ retired/CVE-2009-0675 2009-10-20 21:46:22 UTC (rev 1530)
@@ -0,0 +1,29 @@
+Candidate: CVE-2009-0675
+Description:
+ The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux
+ kernel before 2.6.28.6 permits SKFP_CLR_STATS requests only when
+ the CAP_NET_ADMIN capability is absent, instead of when this
+ capability is present, which allows local users to reset the
+ driver statistics, related to an "inverted logic" issue.
+References:
+ URL:http://lists.openwall.net/netdev/2009/01/28/90
+ MLIST:[oss-security] 20090220 CVE request: kernel: skfp_ioctl inverted logic flaw
+ URL:http://openwall.com/lists/oss-security/2009/02/20/2
+ CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c25b9abbc2c2c0da88e180c3933d6e773245815a
+ CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.6
+ CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=486534
+ SECUNIA:33938
+ URL:http://secunia.com/advisories/33938
+Ubuntu-Description:
+Notes:
+ jmm> Well, that's not exactly earth-shattering...
+Bugs:
+upstream: released (2.6.28.6, 2.6.29-rc4)
+linux-2.6: released (2.6.29-1)
+2.6.18-etch-security: released (2.6.18.dfsg.1-24etch1) [bugfix/all/skfp-fix-inverted-cap-logic.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/all/skfp-fix-inverted-cap-logic.patch]
+2.6.26-lenny-security: released (2.6.26-13lenny2) [bugfix/all/skfp-fix-inverted-cap-logic.patch]
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2009-0676 (from rev 1529, active/CVE-2009-0676)
===================================================================
--- retired/CVE-2009-0676 (rev 0)
+++ retired/CVE-2009-0676 2009-10-20 21:46:22 UTC (rev 1530)
@@ -0,0 +1,27 @@
+Candidate: CVE-2009-0676
+Description:
+ The sock_getsockopt function in net/core/sock.c in the Linux kernel
+ before 2.6.28.6 does not initialize a certain structure member, which
+ allows local users to obtain potentially sensitive information from
+ kernel memory via an SO_BSDCOMPAT getsockopt request.
+References:
+ MLIST:[linux-kernel] 20090212 [PATCH] 4 bytes kernel memory disclosure in SO_BSDCOMPAT gsopt try #2
+ URL:http://lkml.org/lkml/2009/2/12/123
+ MLIST:[oss-security] 20090220 CVE request: kernel: memory disclosure in SO_BSDCOMPAT gsopt
+ URL:http://openwall.com/lists/oss-security/2009/02/20/1
+ CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=df0bca049d01c0ee94afb7cd5dfd959541e6c8da
+ CONFIRM:http://patchwork.kernel.org/patch/6816/
+ CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.6
+ CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=486305
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.28.6, 2.6.29-rc5)
+linux-2.6: released (2.6.29-1)
+2.6.18-etch-security: released (2.6.18.dfsg.1-24etch1) [bugfix/all/net-SO_BSDCOMPAT-leak.patch, bugfix/all/net-SO_BSDCOMPAT-leak-2.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/all/net-SO_BSDCOMPAT-leak.patch, bugfix/all/net-SO_BSDCOMPAT-leak-2.patch]
+2.6.26-lenny-security: released (2.6.26-13lenny1) [bugfix/all/net-SO_BSDCOMPAT-leak.patch, bugfix/all/net-SO_BSDCOMPAT-leak-2.patch]
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2009-0745 (from rev 1529, active/CVE-2009-0745)
===================================================================
--- retired/CVE-2009-0745 (rev 0)
+++ retired/CVE-2009-0745 2009-10-20 21:46:22 UTC (rev 1530)
@@ -0,0 +1,31 @@
+Candidate: CVE-2009-0745
+Description:
+ The ext4_group_add function in fs/ext4/resize.c in the Linux
+ kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does
+ not properly initialize the group descriptor during a resize
+ (aka resize2fs) operation, which might allow local users to
+ cause a denial of service (OOPS) by arranging for crafted
+ values to be present in available memory.
+References:
+ http://bugzilla.kernel.org/show_bug.cgi?id=12433
+ http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fdff73f094e7220602cc3f8959c7230517976412
+ http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.19
+ http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.7
+Ubuntu-Description:
+Notes:
+ jmm> ext4 is marked as experimental and the vulnerability fairly
+ jmm> obscure, I don't think we should spend energy on this. Dann,
+ jmm> if you don't object I'll mark this as "unimportant" in the
+ jmm> security tracker
+ dannf> Yeah, certainly unimportant, but I'll apply anyway since it
+ dannf> applies trivially
+Bugs:
+upstream: released (2.6.28.7, 2.6.29-rc4)
+linux-2.6: released (2.6.29-1)
+2.6.18-etch-security: N/A "code not present"
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/all/ext4-initialize-the-new-group-descriptor-when-resizing-the-filesystem.patch]
+2.6.26-lenny-security: released (2.6.26-13lenny2) [bugfix/all/ext4-initialize-the-new-group-descriptor-when-resizing-the-filesystem.patch]
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2009-0746 (from rev 1529, active/CVE-2009-0746)
===================================================================
--- retired/CVE-2009-0746 (rev 0)
+++ retired/CVE-2009-0746 2009-10-20 21:46:22 UTC (rev 1530)
@@ -0,0 +1,27 @@
+Candidate: CVE-2009-0746
+Description:
+ The make_indexed_dir function in fs/ext4/namei.c in the Linux kernel
+ 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate
+ a certain rec_len field, which allows local users to cause a denial
+ of service (OOPS) by attempting to mount a crafted ext4 filesystem.
+References:
+ http://bugzilla.kernel.org/show_bug.cgi?id=12430
+ http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e6b8bc09ba2075cd91fbffefcd2778b1a00bd76f
+ http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.19
+ http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.7
+Ubuntu-Description:
+Notes:
+ jmm> ext4 is marked as experimental and the vulnerability fairly
+ jmm> obscure, I don't think we should spend energy on this. Dann,
+ jmm> if you don't object I'll mark this as "unimportant" in the
+ jmm> security tracker
+Bugs:
+upstream: released (2.6.28.7, 2.6.29-rc4)
+linux-2.6: released (2.6.28-1) [bugfix/all/stable/2.6.28.7.patch]
+2.6.18-etch-security: N/A
+2.6.24-etch-security: ignored
+2.6.26-lenny-security: released (2.6.26-13lenny2) [bugfix/all/ext4-add-sanity-check-to-make_indexed_dir.patch]
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2009-0747 (from rev 1529, active/CVE-2009-0747)
===================================================================
--- retired/CVE-2009-0747 (rev 0)
+++ retired/CVE-2009-0747 2009-10-20 21:46:22 UTC (rev 1530)
@@ -0,0 +1,29 @@
+Candidate: CVE-2009-0747
+Description:
+ The ext4_isize function in fs/ext4/ext4.h in the Linux kernel
+ 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 uses the
+ i_size_high structure member during operations on arbitrary
+ types of files, which allows local users to cause a denial of
+ service (CPU consumption and error-message flood) by
+ attempting to mount a crafted ext4 filesystem.
+References:
+ http://bugzilla.kernel.org/show_bug.cgi?id=12375
+ http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=06a279d636734da32bb62dd2f7b0ade666f65d7c
+ http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.19
+ http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.7
+Ubuntu-Description:
+Notes:
+ jmm> ext4 is marked as experimental and the vulnerability fairly
+ jmm> obscure, I don't think we should spend energy on this. Dann,
+ jmm> if you don't object I'll mark this as "unimportant" in the
+ jmm> security tracker
+Bugs:
+upstream: released (2.6.28.7, 2.6.29-rc4)
+linux-2.6: released (2.6.28-2) [bugfix/all/stable/2.6.28.7.patch]
+2.6.18-etch-security: N/A
+2.6.24-etch-security: N/A "code not present"
+2.6.26-lenny-security: released (2.6.26-13lenny2) [bugfix/all/ext4-only-use-i_size_high-for-regular-files.patch]
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2009-0748 (from rev 1529, active/CVE-2009-0748)
===================================================================
--- retired/CVE-2009-0748 (rev 0)
+++ retired/CVE-2009-0748 2009-10-20 21:46:22 UTC (rev 1530)
@@ -0,0 +1,24 @@
+Candidate: CVE-2009-0748
+Description:
+ The ext4_fill_super function in fs/ext4/super.c in the Linux kernel
+ 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate
+ the superblock configuration, which allows local users to cause a
+ denial of service (NULL pointer dereference and OOPS) by attempting
+ to mount a crafted ext4 filesystem.
+References:
+Ubuntu-Description:
+Notes:
+ jmm> ext4 is marked as experimental and the vulnerability fairly
+ jmm> obscure, I don't think we should spend energy on this. Dann,
+ jmm> if you don't object I'll mark this as "unimportant" in the
+ jmm> security tracker
+Bugs:
+upstream: released (2.6.28.7, 2.6.29-rc1))
+linux-2.6: released (2.6.29-1)
+2.6.18-etch-security: N/A
+2.6.24-etch-security: ignored "code has changed - likely vulnerable, but not important enough to port"
+2.6.26-lenny-security: released (2.6.26-13lenny2) [bugfix/all/ext4-add-sanity-checks-for-the-superblock-before-mounting.patch]
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2009-0778 (from rev 1529, active/CVE-2009-0778)
===================================================================
--- retired/CVE-2009-0778 (rev 0)
+++ retired/CVE-2009-0778 2009-10-20 21:46:22 UTC (rev 1530)
@@ -0,0 +1,16 @@
+Candidate: CVE-2009-0778
+Description:
+References:
+Ubuntu-Description:
+Notes:
+ dannf> Was introduced after 2.6.24 and fixed before 2.6.25
+Bugs:
+upstream: N/A
+linux-2.6: N/A
+2.6.18-etch-security: N/A
+2.6.24-etch-security: N/A
+2.6.26-lenny-security: N/A
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2009-0787 (from rev 1529, active/CVE-2009-0787)
===================================================================
--- retired/CVE-2009-0787 (rev 0)
+++ retired/CVE-2009-0787 2009-10-20 21:46:22 UTC (rev 1530)
@@ -0,0 +1,23 @@
+Candidate: CVE-2009-0787
+Description:
+ The ecryptfs_write_metadata_to_contents function in the eCryptfs
+ functionality in the Linux kernel 2.6.28 before 2.6.28.9 uses an
+ incorrect size when writing kernel memory to an eCryptfs file
+ header, which triggers an out-of-bounds read and allows local
+ local users to obtain portions of kernel memory.
+References:
+ http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=8faece5f906725c10e7a1f6caf84452abadbdc7b
+ http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.9
+Ubuntu-Description:
+Notes:
+ dannf> Supposedly only affects 2.6.28
+Bugs:
+upstream: released (2.6.28.9, 2.6.29)
+linux-2.6: released (2.6.29-1)
+2.6.18-etch-security: N/A
+2.6.24-etch-security: N/A
+2.6.26-lenny-security: N/A
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2009-0835 (from rev 1529, active/CVE-2009-0835)
===================================================================
--- retired/CVE-2009-0835 (rev 0)
+++ retired/CVE-2009-0835 2009-10-20 21:46:22 UTC (rev 1530)
@@ -0,0 +1,34 @@
+Candidate: CVE-2009-0835
+Description:
+ The __secure_computing function in kernel/seccomp.c in the seccomp subsystem
+ in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform, when
+ CONFIG_SECCOMP is enabled, does not properly handle (1) a 32-bit process
+ making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which
+ allows local users to bypass intended access restrictions via crafted syscalls
+ that are misinterpreted as (a) stat or (b) chmod, a related issue to
+ CVE-2009-0342 and CVE-2009-0343.
+References:
+ http://marc.info/?l=linux-kernel&m=123579056530191&w=2
+ http://marc.info/?l=linux-kernel&m=123579069630311&w=2
+ http://marc.info/?l=oss-security&m=123597627132485&w=2
+ http://lkml.org/lkml/2009/2/28/23
+ http://scary.beasts.org/security/CESA-2009-001.html
+ http://scary.beasts.org/security/CESA-2009-004.html
+ http://scarybeastsecurity.blogspot.com/2009/02/linux-kernel-minor-seccomp.html
+ https://bugzilla.redhat.com/show_bug.cgi?id=487255
+Ubuntu-Description:
+Notes:
+ jmm> CONFIG_SECCOMP has only been enabled in 2.6.26. Since it's ultra-obscure
+ jmm> and mostly unused anyway, we can likely mark in N/A for 2.6.18 and 2.6.24
+ jmm> Dann, what do you think?
+ dannf> agreed
+Bugs:
+upstream: released (2.6.28.8, 2.6.29) [1ab4bad21786384ff68dc6576d021acd4e42d8ce, 5b1017404aea6d2e552e991b3fd814d839e9cd67]
+linux-2.6: released (2.6.29-1)
+2.6.18-etch-security: N/A
+2.6.24-etch-security: N/A
+2.6.26-lenny-security: released (2.6.26-15lenny1) [bugfix/all/seccomp-fix-32+64-syscall-hole.patch]
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2009-0859 (from rev 1529, active/CVE-2009-0859)
===================================================================
--- retired/CVE-2009-0859 (rev 0)
+++ retired/CVE-2009-0859 2009-10-20 21:46:22 UTC (rev 1530)
@@ -0,0 +1,31 @@
+Candidate: CVE-2009-0859
+Description:
+ The shm_get_stat function in ipc/shm.c in the shm subsystem
+ in the Linux kernel before 2.6.28.5, when CONFIG_SHMEM is
+ disabled, misinterprets the data type of an inode, which allows
+ local users to cause a denial of service (system hang) via
+ an SHM_INFO shmctl call, as demonstrated by running the ipcs
+ program.
+References:
+ http://marc.info/?l=git-commits-head&m=123387479500599&w=2
+ http://marc.info/?l=linux-kernel&m=120428209704324&w=2
+ http://marc.info/?l=linux-kernel&m=123309645625549&w=2
+ http://openwall.com/lists/oss-security/2009/03/06/1
+ http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a68e61e8ff2d46327a37b69056998b47745db6fa
+ http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.5
+ http://patchwork.kernel.org/patch/6554/
+Ubuntu-Description:
+Notes:
+ jmm> All Debian kernels set CONFIG_SHMEM, so this is moot except
+ jmm> for locally modified configs and even for that I fail to
+ jmm> see why anyone would run a kernel w/o CONFIG_SHMEM?
+Bugs:
+upstream: released (2.6.29-rc4)
+linux-2.6: released (2.6.29-1)
+2.6.18-etch-security: released (2.6.18.dfsg.1-24etch1) [bugfix/all/shm-fix-shmctl-SHM_INFO-lockup-without-CONFIG_SHMEM.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/all/shm-fix-shmctl-SHM_INFO-lockup-without-CONFIG_SHMEM.patch]
+2.6.26-lenny-security: released (2.6.26-15lenny1) [bugfix/all/shm-fix-shmctl-SHM_INFO-lockup-without-CONFIG_SHMEM.patch]
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2009-0935 (from rev 1529, active/CVE-2009-0935)
===================================================================
--- retired/CVE-2009-0935 (rev 0)
+++ retired/CVE-2009-0935 2009-10-20 21:46:22 UTC (rev 1530)
@@ -0,0 +1,24 @@
+Candidate: CVE-2009-0935
+Description:
+ The inotify_read function in the Linux kernel 2.6 before 2.6.29-rc3
+ allows local users to cause a denial of service (OOPS) via a read
+ with an invalid address to an inotify instance, which causes the
+ device's event list mutex to be unlocked twice and prevents proper
+ synchronization of a data structure for the inotify instance.
+References:
+ http://marc.info/?l=linux-kernel&m=123337123501681&w=2
+ http://www.openwall.com/lists/oss-security/2009/03/06/2
+ https://bugzilla.redhat.com/show_bug.cgi?id=488935
+Ubuntu-Description:
+Notes:
+ jmm> Issue was introduced in 2.6.27-rc9
+Bugs:
+upstream: released (2.6.30)
+linux-2.6: released (2.6.30-1)
+2.6.18-etch-security: N/A
+2.6.24-etch-security: N/A
+2.6.26-lenny-security: N/A
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2009-1046 (from rev 1529, active/CVE-2009-1046)
===================================================================
--- retired/CVE-2009-1046 (rev 0)
+++ retired/CVE-2009-1046 2009-10-20 21:46:22 UTC (rev 1530)
@@ -0,0 +1,28 @@
+Candidate: CVE-2009-1046
+Description:
+ The console selection feature in the Linux kernel 2.6.28 before
+ 2.6.28.4, 2.6.25, and possibly earlier versions, when the UTF-8
+ console is used, allows physically proximate attackers to cause
+ a denial of service (memory corruption) by selecting a small
+ number of 3-byte UTF-8 characters, which triggers an "an
+ off-by-two memory error." NOTE: it is not clear whether this issue
+ crosses privilege boundaries.
+References:
+ http://lists.openwall.net/linux-kernel/2009/01/30/333
+ http://lists.openwall.net/linux-kernel/2009/02/02/364
+ http://www.openwall.com/lists/oss-security/2009/02/12/10
+ http://www.openwall.com/lists/oss-security/2009/02/12/11
+ http://www.openwall.com/lists/oss-security/2009/02/12/9
+ http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.4
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.28.4, 2.5.29-rc4)
+linux-2.6: released (2.6.29-1)
+2.6.18-etch-security: N/A "Appears to have been introduced by 759448f in 2.6.23-rc1"
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/all/fix-off-by-2-error-in-console-selection.patch]
+2.6.26-lenny-security: released (2.6.26-15lenny1) [bugfix/all/fix-off-by-2-error-in-console-selection.patch]
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2009-1184 (from rev 1529, active/CVE-2009-1184)
===================================================================
--- retired/CVE-2009-1184 (rev 0)
+++ retired/CVE-2009-1184 2009-10-20 21:46:22 UTC (rev 1530)
@@ -0,0 +1,18 @@
+Candidate: CVE-2009-1184
+Description:
+References:
+Ubuntu-Description:
+Notes:
+ dannf> Code was removed before 2.6.30, so no fix went into
+ dannf> Linus' tree. Issue was introduced upstream in
+ dannf> 2.6.25-rc1
+Bugs:
+upstream: N/A
+linux-2.6: released (2.6.29-5)
+2.6.18-etch-security: N/A "Code not present
+2.6.24-etch-security: N/A
+2.6.26-lenny-security: released (2.6.26-15lenny1) [bugfix/all/unreached-code-in-selinux_ip_postroute_iptables_compat.patch]
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2009-1192 (from rev 1529, active/CVE-2009-1192)
===================================================================
--- retired/CVE-2009-1192 (rev 0)
+++ retired/CVE-2009-1192 2009-10-20 21:46:22 UTC (rev 1530)
@@ -0,0 +1,20 @@
+Candidate: CVE-2009-1192
+Description:
+ "AGP pages might be mapped into userspace finally, so the pages should
+ be set to zero before userspace can use it. Otherwise there is potential
+ information leakage."
+References:
+ http://git.kernel.org/linus/59de2bebabc5027f93df999d59cc65df591c3e6e
+ https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1192
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.30)
+linux-2.6: released (2.6.29-4) [bugfix/all/stable/2.6.29.2.patch]
+2.6.18-etch-security: released (2.6.18.dfsg.1-24etch1) [bugfix/all/agp-zero-pages-before-sending-to-userspace.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/all/agp-zero-pages-before-sending-to-userspace.patch]
+2.6.26-lenny-security: released (2.6.26-15lenny1) [bugfix/all/agp-zero-pages-before-sending-to-userspace.patch]
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2009-1242 (from rev 1529, active/CVE-2009-1242)
===================================================================
--- retired/CVE-2009-1242 (rev 0)
+++ retired/CVE-2009-1242 2009-10-20 21:46:22 UTC (rev 1530)
@@ -0,0 +1,28 @@
+Candidate: CVE-2009-1242
+Description:
+ The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX
+ implementation in the KVM subsystem in the Linux kernel before
+ 2.6.29.1 on the i386 platform allows guest OS users to cause a
+ denial of service (OOPS) by setting the EFER_LME (aka "Long mode
+ enable") bit in the Extended Feature Enable Register (EFER)
+ model-specific register, which is specific to the x86_64 platform.
+References:
+ http://openwall.com/lists/oss-security/2009/04/01/3
+ http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-EFER-8585
+ http://www.globalsecuritymag.com/Vigil-nce-Linux-kernel-denial-of,20090402,8311
+ http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=16175a796d061833aacfbd9672235f2d2725df65
+ http://patchwork.kernel.org/patch/15549/
+ http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29.1
+ http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.29-git1.log
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.29.1) [16175a796d061833aacfbd9672235f2d2725df65]
+linux-2.6: released (2.6.29-2)
+2.6.18-etch-security: N/A "no KVM"
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/kvm-vmx-inhibit-EFER-access.patch]
+2.6.26-lenny-security: released (2.6.26-15lenny1) [bugfix/x86/kvm-vmx-inhibit-EFER-access.patch]
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2009-1243 (from rev 1529, active/CVE-2009-1243)
===================================================================
--- retired/CVE-2009-1243 (rev 0)
+++ retired/CVE-2009-1243 2009-10-20 21:46:22 UTC (rev 1530)
@@ -0,0 +1,24 @@
+Candidate: CVE-2009-1243
+Description:
+ net/ipv4/udp.c in the Linux kernel before 2.6.29.1 performs an unlocking
+ step in certain incorrect circumstances, which allows local users to cause
+ a denial of service (panic) by reading zero bytes from the /proc/net/udp
+ file and unspecified other files, related to the "udp seq_file infrastructure."
+References:
+ http://openwall.com/lists/oss-security/2009/04/01/4
+ http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-proc-net-udp-8586
+ http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=30842f2989aacfaba3ccb39829b3417be9313dbe
+ http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29.1
+Ubuntu-Description:
+Notes:645ca708
+ jmm> Introduced in 645ca708, so only affects >= 2.6.28
+Bugs:
+upstream: released (2.6.29.1)
+linux-2.6: released (2.6.29-2)
+2.6.18-etch-security: N/A
+2.6.24-etch-security: N/A
+2.6.26-lenny-security: N/A
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2009-1265 (from rev 1529, active/CVE-2009-1265)
===================================================================
--- retired/CVE-2009-1265 (rev 0)
+++ retired/CVE-2009-1265 2009-10-20 21:46:22 UTC (rev 1530)
@@ -0,0 +1,16 @@
+Candidate: CVE-2009-1265
+Description: af_rose/x25: Sanity check the maximum user frame size
+References:
+ 83e0bbcbe2145f160fbaa109b0439dae7f4a38a9
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.30-rc1) [83e0bbcbe2145f160fbaa109b0439dae7f4a38a9]
+linux-2.6: released (2.6.30-1)
+2.6.18-etch-security: released (2.6.18.dfsg.1-24etch1) [bugfix/all/af_rose+x25-sanity-check-the-max-user-frame-size.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/all/af_rose+x25-sanity-check-the-max-user-frame-size.patch]
+2.6.26-lenny-security: released (2.6.26-15lenny1) [bugfix/all/af_rose+x25-sanity-check-the-max-user-frame-size.patch]
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2009-1337 (from rev 1529, active/CVE-2009-1337)
===================================================================
--- retired/CVE-2009-1337 (rev 0)
+++ retired/CVE-2009-1337 2009-10-20 21:46:22 UTC (rev 1530)
@@ -0,0 +1,17 @@
+Candidate: CVE-2009-1337
+Description:
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=493771
+ http://git.kernel.org/linus/432870dab85a2f69dc417022646cb9a70acf7f94
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.30-rc1)
+linux-2.6: released (2.6.29-5)
+2.6.18-etch-security: released (2.6.18.dfsg.1-24etch1) [bugfix/all/exit_notify-kill-wrong-CAP_KILL-check.patch]
+2.6.24-etch-security: released (2.6.26-6~etchnhalf.8etch1) [bugfix/all/exit_notify-kill-wrong-CAP_KILL-check.patch]
+2.6.26-lenny-security: released (2.6.26-15lenny1) [bugfix/all/exit_notify-kill-wrong-CAP_KILL-check.patch]
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
More information about the kernel-sec-discuss
mailing list