[kernel-sec-discuss] r1532 - active

Moritz Muehlenhoff jmm at alioth.debian.org
Tue Oct 20 21:54:36 UTC 2009 

Author: jmm
Date: 2009-10-20 21:54:36 +0000 (Tue, 20 Oct 2009)
New Revision: 1532

Added:
   active/CVE-2005-4881
   active/CVE-2009-3228
Removed:
   active/CVE-2009-tc-leak
Log:
temp issue has received CVE assignments


Added: active/CVE-2005-4881
===================================================================
--- active/CVE-2005-4881	                        (rev 0)
+++ active/CVE-2005-4881	2009-10-20 21:54:36 UTC (rev 1532)
@@ -0,0 +1,10 @@
+Candidate: CVE-2005-4881
+Description:
+References:
+Notes:
+Bugs:
+upstream: released (2.6.13-rc1)
+linux-2.6: released (2.6.13-1)
+2.6.18-etch-security: N/A
+2.6.24-etch-security: N/A
+2.6.26-lenny-security: N/A

Added: active/CVE-2009-3228
===================================================================
--- active/CVE-2009-3228	                        (rev 0)
+++ active/CVE-2009-3228	2009-10-20 21:54:36 UTC (rev 1532)
@@ -0,0 +1,27 @@
+Candidate: CVE-2009-3228
+Description:
+ The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the 
+ Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize
+ certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow
+ local users to obtain sensitive information from kernel memory via unspecified
+ vectors.
+References:
+ http://www.openwall.com/lists/oss-security/2009/09/03/1
+ http://www.openwall.com/lists/oss-security/2009/09/05/2
+ http://www.openwall.com/lists/oss-security/2009/09/06/2
+ http://www.openwall.com/lists/oss-security/2009/09/07/2
+ http://www.openwall.com/lists/oss-security/2009/09/17/1
+ http://www.openwall.com/lists/oss-security/2009/09/17/9
+ http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=096ed17f20affc2db0e307658c69
+ http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=16ebb5e0b36ceadc8186f71d68b0c4f
+ http://patchwork.ozlabs.org/patch/32830/
+ http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.6
+ http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.31/ChangeLog-2.6.31-rc9
+ https://bugzilla.redhat.com/show_bug.cgi?id=520990
+Notes:
+Bugs:
+upstream: released (2.6.31)
+linux-2.6: pending (2.6.31-1)
+2.6.18-etch-security:
+2.6.24-etch-security:
+2.6.26-lenny-security:

Deleted: active/CVE-2009-tc-leak
===================================================================
--- active/CVE-2009-tc-leak	2009-10-20 21:47:12 UTC (rev 1531)
+++ active/CVE-2009-tc-leak	2009-10-20 21:54:36 UTC (rev 1532)
@@ -1,16 +0,0 @@
-Candidate:
-Description:
-References:
- http://www.openwall.com/lists/oss-security/2009/09/03/1
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream:
-linux-2.6:
-2.6.18-etch-security:
-2.6.24-etch-security:
-2.6.26-lenny-security:
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:

More information about the kernel-sec-discuss mailing list