[kernel-sec-discuss] r1537 - active retired
Moritz Muehlenhoff
jmm at alioth.debian.org
Wed Oct 21 17:15:59 UTC 2009
Author: jmm
Date: 2009-10-21 17:15:58 +0000 (Wed, 21 Oct 2009)
New Revision: 1537
Added:
retired/CVE-2009-1360
retired/CVE-2009-1385
retired/CVE-2009-1388
retired/CVE-2009-1389
retired/CVE-2009-1439
retired/CVE-2009-1527
retired/CVE-2009-1630
retired/CVE-2009-1633
retired/CVE-2009-1895
retired/CVE-2009-1897
retired/CVE-2009-1914
retired/CVE-2009-1961
retired/CVE-2009-2406
retired/CVE-2009-2407
retired/CVE-2009-2692
retired/CVE-2009-2698
retired/CVE-2009-2767
retired/CVE-2009-2768
retired/CVE-2009-2844
Removed:
active/CVE-2009-1360
active/CVE-2009-1385
active/CVE-2009-1388
active/CVE-2009-1389
active/CVE-2009-1439
active/CVE-2009-1527
active/CVE-2009-1630
active/CVE-2009-1633
active/CVE-2009-1895
active/CVE-2009-1897
active/CVE-2009-1914
active/CVE-2009-1961
active/CVE-2009-2406
active/CVE-2009-2407
active/CVE-2009-2692
active/CVE-2009-2698
active/CVE-2009-2767
active/CVE-2009-2768
active/CVE-2009-2844
Log:
retire more issues
Deleted: active/CVE-2009-1360
===================================================================
--- active/CVE-2009-1360 2009-10-21 13:41:58 UTC (rev 1536)
+++ active/CVE-2009-1360 2009-10-21 17:15:58 UTC (rev 1537)
@@ -1,17 +0,0 @@
-Candidate: CVE-2009-1360
-Description:
- ipv6: null pointer dereference in __inet6_check_established()
-References:
-Ubuntu-Description:
-Notes:
- jmm> Introduced in 2.6.27
-Bugs:
-upstream: released (2.6.29-rc7) [0c9a3aa]
-linux-2.6: released (2.6.29-1)
-2.6.18-etch-security: N/A "Introduced in 2.6.27"
-2.6.24-etch-security: N/A "Introduced in 2.6.27"
-2.6.26-lenny-security: N/A "Introduced in 2.6.27"
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-1385
===================================================================
--- active/CVE-2009-1385 2009-10-21 13:41:58 UTC (rev 1536)
+++ active/CVE-2009-1385 2009-10-21 17:15:58 UTC (rev 1537)
@@ -1,15 +0,0 @@
-Candidate: CVE-2009-1385
-Description:
-References:
-Ubuntu-Description:
-Notes:
-Bugs: 532721
-upstream: released (2.6.30-rc8) [ea30e11970a96cfe5e32c03a29332554573b4a10]
-linux-2.6: released (2.6.30-1)
-2.6.18-etch-security: released (2.6.18.dfsg.1-24etch3) [bugfix/all/e1000-add-missing-length-check-to-e1000-receive-routine.patch]
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch2) [bugfix/all/e1000-add-missing-length-check-to-e1000-receive-routine.patch]
-2.6.26-lenny-security: released (2.6.26-16) [bugfix/all/e1000-add-missing-length-check-to-e1000-receive-routine.patch]
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-1388
===================================================================
--- active/CVE-2009-1388 2009-10-21 13:41:58 UTC (rev 1536)
+++ active/CVE-2009-1388 2009-10-21 17:15:58 UTC (rev 1537)
@@ -1,31 +0,0 @@
-Candidate: CVE-2009-1388
-Description:
- The OpenVZ Linux kernel team has found deadlock between ptrace and
- coredump code. It affects 2.6.18 but does not affect the upstream kernel.
- .
- "ptrace_start() spins waiting for child->state ==
- TASK_TRACED/TASK_STOPPED. If we race with the coredumping, we have to
- wait until it completes.
- .
- If the tracer participates in coredumping too, we deadlock.
- do_coredump() waits for tracer to exit and report
- complete(mm->core_startup_done), the tracer spins in an endless loop.
- .
- Change ptrace_start() to abort if child->mm->core_waiters != 0."
-References:
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1388
- https://bugzilla.redhat.com/attachment.cgi?id=346742
-Ubuntu-Description:
-Notes:
- I can't find the ptrace_start() code in any of the debian kernels, so i
- believe this to be a redhat-specific issue
-Bugs:
-upstream: N/A
-linux-2.6: N/A
-2.6.18-etch-security: N/A
-2.6.24-etch-security: N/A
-2.6.26-lenny-security: N/A
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-1389
===================================================================
--- active/CVE-2009-1389 2009-10-21 13:41:58 UTC (rev 1536)
+++ active/CVE-2009-1389 2009-10-21 17:15:58 UTC (rev 1537)
@@ -1,16 +0,0 @@
-Candidate: CVE-2009-1389
-Description:
-References:
-Ubuntu-Description:
-Notes:
- jmm> fdd7b4c3302c93f6833e338903ea77245eb510b4
-Bugs: 532376
-upstream: released (2.6.30)
-linux-2.6: released (2.6.30-1)
-2.6.18-etch-security: released (2.6.18.dfsg.1-24etch3) [bugfix/all/r8169-fix-crash-when-large-packets-are-received.patch]
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch2) [bugfix/all/r8169-fix-crash-when-large-packets-are-received.patch]
-2.6.26-lenny-security: released (2.6.26-16) [bugfix/all/r8169-fix-crash-when-large-packets-are-received.patch]
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-1439
===================================================================
--- active/CVE-2009-1439 2009-10-21 13:41:58 UTC (rev 1536)
+++ active/CVE-2009-1439 2009-10-21 17:15:58 UTC (rev 1537)
@@ -1,18 +0,0 @@
-Candidate: CVE-2009-1439
-Description:
-References:
- b363b3304bcf68c4541683b2eff70b29f0446a5b
- f083def68f84b04fe3f97312498911afce79609e
- 22c9d52bc03b880045ab1081890a38f11b272ae7
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.30)
-linux-2.6: released (2.6.30-1)
-2.6.18-etch-security: released (2.6.18.dfsg.1-24etch1) [bugfix/all/cifs-fix-memory-overwrite-when-saving-nativeFileSystem-field-during-mount.patch, bugfix/all/cifs-fix-buffer-size-for-tcon-nativeFileSystem-field.patch, bugfix/all/cifs-remove-unneeded-bcc_ptr-update-in-CIFSTCon.patch]
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/all/cifs-fix-memory-overwrite-when-saving-nativeFileSystem-field-during-mount.patch, bugfix/all/cifs-fix-buffer-size-for-tcon-nativeFileSystem-field.patch, bugfix/all/cifs-remove-unneeded-bcc_ptr-update-in-CIFSTCon.patch]
-2.6.26-lenny-security: released (2.6.26-15lenny1) [bugfix/all/cifs-fix-memory-overwrite-when-saving-nativeFileSystem-field-during-mount.patch, bugfix/all/cifs-fix-buffer-size-for-tcon-nativeFileSystem-field.patch, bugfix/all/cifs-remove-unneeded-bcc_ptr-update-in-CIFSTCon.patch]
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-1527
===================================================================
--- active/CVE-2009-1527 2009-10-21 13:41:58 UTC (rev 1536)
+++ active/CVE-2009-1527 2009-10-21 17:15:58 UTC (rev 1537)
@@ -1,15 +0,0 @@
-Candidate: CVE-2009-1527
-Description:
-References:
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.30-rc4) [cad81bc]
-linux-2.6: released (2.6.29-5) [bugfix/all/stable/2.6.29.3.patch]
-2.6.18-etch-security: N/A "vulnerable code not present"
-2.6.24-etch-security: N/A "vulnerable code not present"
-2.6.26-lenny-security: N/A "vulnerable code not present"
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-1630
===================================================================
--- active/CVE-2009-1630 2009-10-21 13:41:58 UTC (rev 1536)
+++ active/CVE-2009-1630 2009-10-21 17:15:58 UTC (rev 1537)
@@ -1,22 +0,0 @@
-Candidate: CVE-2009-1630
-Description:
-References:
- http://article.gmane.org/gmane.linux.nfs/26592
- http://linux-nfs.org/pipermail/nfsv4/2006-November/005313.html
- http://linux-nfs.org/pipermail/nfsv4/2006-November/005323.html
- http://www.openwall.com/lists/oss-security/2009/05/13/2
- http://bugzilla.linux-nfs.org/show_bug.cgi?id=131
- https://bugzilla.redhat.com/show_bug.cgi?id=500297
- http://www.securityfocus.com/bid/34934
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.30-rc7) [7ee2cb7f32b299c2b06a31fde155457203e4b7dd]
-linux-2.6: released (2.6.30-1)
-2.6.18-etch-security: released (2.6.18.dfsg.1-24etch3) [bugfix/all/nfs-v4-client-fix-MAY_EXEC-handling.patch]
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch2) [bugfix/all/nfs-v4-client-fix-MAY_EXEC-handling.patch]
-2.6.26-lenny-security: released (2.6.26-15lenny3) [bugfix/all/nfs-v4-client-fix-MAY_EXEC-handling.patch]
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-1633
===================================================================
--- active/CVE-2009-1633 2009-10-21 13:41:58 UTC (rev 1536)
+++ active/CVE-2009-1633 2009-10-21 17:15:58 UTC (rev 1537)
@@ -1,18 +0,0 @@
-Candidate: CVE-2009-1633
-Description:
-References:
- http://git.kernel.org/linus/27b87fe52baba0a55e9723030e76fce94fabcea4
- http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git;a=commit;h=7b0c8fcff47a885743125dd843db64af41af5a61
- http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git;a=commit;h=968460ebd8006d55661dec0fb86712b40d71c413
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.30-rc5) [27b87fe52baba0a55e9723030e76fce94fabcea4, 7b0c8fcff47a885743125dd843db64af41af5a61, 968460ebd8006d55661dec0fb86712b40d71c413]
-linux-2.6: released (2.6.30-1)
-2.6.18-etch-security: released (2.6.18.dfsg.1-24etch3) [bugfix/all/cifs-fix-oops-when-windows-server-sent-bad-domain-name-null-terminator.patch, bugfix/all/cifs-fix-unicode-string-area-word-alignment-in-session-setup.patch, bugfix/all/cifs-increase-size-of-tmp_buf-in-cifs_readdir-to-avoid-potential-overflows.patch] "bugfix/all/cifs-rename-cifs_strncpy_to_host-and-fix-buffer-size.patch not applied - affected code not present"
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch2) [bugfix/all/cifs-fix-unicode-string-area-word-alignment-in-session-setup.patch, bugfix/all/cifs-increase-size-of-tmp_buf-in-cifs_readdir-to-avoid-potential-overflows.patch] "bugfix/all/cifs-rename-cifs_strncpy_to_host-and-fix-buffer-size.patch not applied - affected code not present"
-2.6.26-lenny-security: released (2.6.26-15lenny3) [bugfix/all/cifs-fix-unicode-string-area-word-alignment-in-session-setup.patch, bugfix/all/cifs-increase-size-of-tmp_buf-in-cifs_readdir-to-avoid-potential-overflows.patch, bugfix/all/cifs-rename-cifs_strncpy_to_host-and-fix-buffer-size.patch]
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-1895
===================================================================
--- active/CVE-2009-1895 2009-10-21 13:41:58 UTC (rev 1536)
+++ active/CVE-2009-1895 2009-10-21 17:15:58 UTC (rev 1537)
@@ -1,15 +0,0 @@
-Candidate: CVE-2009-1895
-Description:
-References:
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.31-rc3) [f9fabcb58a6d26d6efde842d1703ac7cfa9427b6]
-linux-2.6: released (2.6.30-3) [bugfix/all/personality-fix-PER_CLEAR_ON_SETID.patch]
-2.6.18-etch-security: N/A "mmap_min_addr first published in 2.6.23"
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch2) [bugfix/all/personality-fix-PER_CLEAR_ON_SETID.patch]
-2.6.26-lenny-security: released (2.6.26-17lenny1) [bugfix/all/personality-fix-PER_CLEAR_ON_SETID.patch]
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-1897
===================================================================
--- active/CVE-2009-1897 2009-10-21 13:41:58 UTC (rev 1536)
+++ active/CVE-2009-1897 2009-10-21 17:15:58 UTC (rev 1537)
@@ -1,19 +0,0 @@
-Candidate: CVE-2009-1897
-Description:
- Null pointer dereference bypass in tun/tap
-References:
- http://seclists.org/fulldisclosure/2009/Jul/0241.html
- http://grsecurity.net/~spender/cheddar_bay.tgz
-Ubuntu-Description:
-Notes:
- According to description, vulnerability introduced in commit 33dccbb050bbe35b88ca8cf1228dcf3e4d4b3554, so only 2.6.30 affected.
-Bugs: 537409
-upstream: released (2.6.31-rc3) [3c8a9c63d5fd738c261bd0ceece04d9c8357ca13]
-linux-2.6: released (2.6.30-3) [bugfix/all/tun-tap-fix-crash-on-open-and-poll.patch]
-2.6.18-etch-security: N/A "introduced after 2.6.29"
-2.6.24-etch-security: N/A "introduced after 2.6.29"
-2.6.26-lenny-security: N/A "introduced after 2.6.29"
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-1914
===================================================================
--- active/CVE-2009-1914 2009-10-21 13:41:58 UTC (rev 1536)
+++ active/CVE-2009-1914 2009-10-21 17:15:58 UTC (rev 1537)
@@ -1,23 +0,0 @@
-Candidate: CVE-2009-1914
-Description:
- The pci_register_iommu_region function in
- arch/sparc/kernel/pci_common.c in the Linux kernel before 2.6.29 on
- the sparc64 platform allows local users to cause a denial of service
- (system crash) by reading the /proc/iomem file, related to
- uninitialized pointers and the request_resource function.
-References:
- http://www.openwall.com/lists/oss-security/2009/06/03/3
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=192d7a4667c6d11d1a174ec4cad9a3c5d5f9043c
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29
-Ubuntu-Description:
-Notes:
-Bugs: #532722
-upstream: released (2.6.29)
-linux-2.6: released (2.6.29-1)
-2.6.18-etch-security: N/A "code not present"
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch2) [bugfix/sparc/sparc64-Fix-crash-with-proc-iomem.patch]
-2.6.26-lenny-security: released (2.6.26-16) [bugfix/sparc/sparc64-Fix-crash-with-proc-iomem.patch]
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-1961
===================================================================
--- active/CVE-2009-1961 2009-10-21 13:41:58 UTC (rev 1536)
+++ active/CVE-2009-1961 2009-10-21 17:15:58 UTC (rev 1537)
@@ -1,29 +0,0 @@
-Candidate: CVE-2009-1961
-Description:
- The inode double locking code in fs/ocfs2/file.c in the Linux kernel
- 2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before 2.6.29.4,
- and possibly other versions down to 2.6.19 allows local users to cause a
- denial of service (prevention of file creation and removal) via a series
- of splice system calls that trigger a deadlock between the
- generic_file_splice_write, splice_from_pipe, and ocfs2_file_splice_write
- functions.
-References:
- http://www.openwall.com/lists/oss-security/2009/05/29/2
- http://www.openwall.com/lists/oss-security/2009/05/30/1
- http://www.openwall.com/lists/oss-security/2009/06/02/2
- http://www.openwall.com/lists/oss-security/2009/06/03/1
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=7bfac9ecf0585962fe13584f5cf526d8c8e76f17
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.30-rc1) [7bfac9ecf0585962fe13584f5cf526d8c8e76f17]
-linux-2.6: released (2.6.30-1)
-2.6.18-etch-security: N/A "affected code note present"
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch2) [bugfix/all/ocfs2-splice-deadlock.patch]
-2.6.26-lenny-security: released (2.6.26-16) [bugfix/all/ocfs2-splice-deadlock.patch]
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
-
-
Deleted: active/CVE-2009-2406
===================================================================
--- active/CVE-2009-2406 2009-10-21 13:41:58 UTC (rev 1536)
+++ active/CVE-2009-2406 2009-10-21 17:15:58 UTC (rev 1537)
@@ -1,19 +0,0 @@
-Candidate: CVE-2009-2406
-Description:
- Ramon de Carvalho Valle discovered that eCryptfs did not correctly
- validate certain buffer sizes. A local attacker could create specially
- crafted eCryptfs files to crash the system or gain elevated privileges.
-References:
- http://www.ubuntu.com/usn/usn-807-1
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.31-rc5) [6352a29305373ae6196491e6d4669f301e26492e]
-linux-2.6: released (2.6.30-5) [bugfix/all/ecryptfs-check-tag-11-literal-data-buffer-size.patch]
-2.6.18-etch-security: N/A "no ecryptfs"
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch2) [bugfix/all/ecryptfs-check-tag-11-literal-data-buffer-size.patch]
-2.6.26-lenny-security: released (2.6.26-17lenny1) [bugfix/all/ecryptfs-check-tag-11-literal-data-buffer-size.patch]
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-2407
===================================================================
--- active/CVE-2009-2407 2009-10-21 13:41:58 UTC (rev 1536)
+++ active/CVE-2009-2407 2009-10-21 17:15:58 UTC (rev 1537)
@@ -1,19 +0,0 @@
-Candidate: CVE-2009-2407
-Description:
- Ramon de Carvalho Valle discovered that eCryptfs did not correctly
- validate certain buffer sizes. A local attacker could create specially
- crafted eCryptfs files to crash the system or gain elevated privileges.
-References:
- http://www.ubuntu.com/usn/usn-807-1
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.31-rc5) [f151cd2c54ddc7714e2f740681350476cda03a28]
-linux-2.6: released (2.6.30-5) [bugfix/all/ecryptfs-parse_tag_3_packet-check-tag-3-package-encrypted-key-size.patch]
-2.6.18-etch-security: N/A "no ecryptfs"
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch2) [bugfix/all/ecryptfs-parse_tag_3_packet-check-tag-3-package-encrypted-key-size.patch]
-2.6.26-lenny-security: released (2.6.26-17lenny1) [bugfix/all/ecryptfs-parse_tag_3_packet-check-tag-3-package-encrypted-key-size.patch]
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-2692
===================================================================
--- active/CVE-2009-2692 2009-10-21 13:41:58 UTC (rev 1536)
+++ active/CVE-2009-2692 2009-10-21 17:15:58 UTC (rev 1537)
@@ -1,15 +0,0 @@
-Candidate: CVE-2009-2692
-Description:
-References:
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.30.5, 2.6.31-rc6) [e694958]
-linux-2.6: released (2.6.30-6) [bugfix/all/make-sock_sendpage-use-kernel_sendpage.patch]
-2.6.18-etch-security: released (2.6.18.dfsg.1-24etch3) [bugfix/all/net-fix-possible-NULL-dereference-in-sock_sendpage.patch]
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch3) [bugfix/all/make-sock_sendpage-use-kernel_sendpage.patch]
-2.6.26-lenny-security: released (2.6.26-17lenny2) [bugfix/all/make-sock_sendpage-use-kernel_sendpage.patch]
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-2698
===================================================================
--- active/CVE-2009-2698 2009-10-21 13:41:58 UTC (rev 1536)
+++ active/CVE-2009-2698 2009-10-21 17:15:58 UTC (rev 1537)
@@ -1,17 +0,0 @@
-Candidate: CVE-2009-2698
-Description:
-References:
-Ubuntu-Description:
-Notes:
- Additional hardening against issues related to CVE-2009-2698 was commited upstream.
- See: http://www.openwall.com/lists/oss-security/2009/08/30/1
-Bugs:
-upstream: released (2.6.19)
-linux-2.6: released (2.6.19-1)
-2.6.18-etch-security: released (2.6.18.dfsg.1-24etch4) [bugfix/all/udp-fix-MSG_PROBE-crash.patch]
-2.6.24-etch-security: released (2.6.19-1)
-2.6.26-lenny-security: released (2.6.19-1)
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-2767
===================================================================
--- active/CVE-2009-2767 2009-10-21 13:41:58 UTC (rev 1536)
+++ active/CVE-2009-2767 2009-10-21 17:15:58 UTC (rev 1537)
@@ -1,23 +0,0 @@
-Candidate: CVE-2009-2767
-Description:
- Calling do_nanosleep() with clockid CLOCK_MONOTONIC_RAW can cause a NULL
-pointer dereference. Appears to be introduced after commit 2d42244a
-(v2.6.28-rc1).
-References:
- http://git.kernel.org/linus/70d715fd0597f18528f389b5ac59102263067744
- http://lkml.org/lkml/2009/8/4/40
- http://lkml.org/lkml/2009/8/4/28
- http://lkml.org/lkml/2009/8/2/331
- https://bugzilla.redhat.com/show_bug.cgi?id=515867
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.31-rc6) [70d715f]
-linux-2.6: released (2.6.30-6) [bugfix/all/posix-timers-fix-oops-in-clock-nanosleep-with-CLOCK_MONOTONIC_RAW.patch]
-2.6.18-etch-security: N/A "Appears to be introduced after commit 2d42244a (v2.6.28-rc1)"
-2.6.24-etch-security: N/A "Appears to be introduced after commit 2d42244a (v2.6.28-rc1)"
-2.6.26-lenny-security: N/A "Appears to be introduced after commit 2d42244a (v2.6.28-rc1)"
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-2768
===================================================================
--- active/CVE-2009-2768 2009-10-21 13:41:58 UTC (rev 1536)
+++ active/CVE-2009-2768 2009-10-21 17:15:58 UTC (rev 1537)
@@ -1,19 +0,0 @@
-Candidate: CVE-2009-2768
-Description:
- The new credentials code broke load_flat_shared_library() as it now uses an
- uninitialized cred pointer, leading to a NULL pointer dereference.
-References:
- http://lkml.org/lkml/2009/6/22/91
- http://thread.gmane.org/gmane.linux.hardware.blackfin.kernel.devel/1905
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.31-rc6) [3440625d78711bee41a84cf29c3d8c579b522666]
-linux-2.6: released (2.6.30-6) [bugfix/all/flat-fix-uninitialized-ptr-with-shared-libs.patch]
-2.6.18-etch-security: N/A "kernel/cred.c introduced in 2.6.29"
-2.6.24-etch-security: N/A "kernel/cred.c introduced in 2.6.29"
-2.6.26-lenny-security: N/A "kernel/cred.c introduced in 2.6.29"
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Deleted: active/CVE-2009-2844
===================================================================
--- active/CVE-2009-2844 2009-10-21 13:41:58 UTC (rev 1536)
+++ active/CVE-2009-2844 2009-10-21 17:15:58 UTC (rev 1537)
@@ -1,16 +0,0 @@
-Candidate: CVE-2009-2844
-Description:
- cfg80211: missing NULL pointer checks
-References:
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.31-rc6)
-linux-2.6: released (2.6.30-7)
-2.6.18-etch-security: N/A "Affects >= 2.6.30-rc1"
-2.6.24-etch-security: N/A "Affects >= 2.6.30-rc1"
-2.6.26-lenny-security: N/A "Affects >= 2.6.30-rc1"
-2.6.15-dapper-security:
-2.6.22-gutsy-security:
-2.6.24-hardy-security:
-2.6.27-intrepid-security:
Copied: retired/CVE-2009-1360 (from rev 1534, active/CVE-2009-1360)
===================================================================
--- retired/CVE-2009-1360 (rev 0)
+++ retired/CVE-2009-1360 2009-10-21 17:15:58 UTC (rev 1537)
@@ -0,0 +1,17 @@
+Candidate: CVE-2009-1360
+Description:
+ ipv6: null pointer dereference in __inet6_check_established()
+References:
+Ubuntu-Description:
+Notes:
+ jmm> Introduced in 2.6.27
+Bugs:
+upstream: released (2.6.29-rc7) [0c9a3aa]
+linux-2.6: released (2.6.29-1)
+2.6.18-etch-security: N/A "Introduced in 2.6.27"
+2.6.24-etch-security: N/A "Introduced in 2.6.27"
+2.6.26-lenny-security: N/A "Introduced in 2.6.27"
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2009-1385 (from rev 1534, active/CVE-2009-1385)
===================================================================
--- retired/CVE-2009-1385 (rev 0)
+++ retired/CVE-2009-1385 2009-10-21 17:15:58 UTC (rev 1537)
@@ -0,0 +1,15 @@
+Candidate: CVE-2009-1385
+Description:
+References:
+Ubuntu-Description:
+Notes:
+Bugs: 532721
+upstream: released (2.6.30-rc8) [ea30e11970a96cfe5e32c03a29332554573b4a10]
+linux-2.6: released (2.6.30-1)
+2.6.18-etch-security: released (2.6.18.dfsg.1-24etch3) [bugfix/all/e1000-add-missing-length-check-to-e1000-receive-routine.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch2) [bugfix/all/e1000-add-missing-length-check-to-e1000-receive-routine.patch]
+2.6.26-lenny-security: released (2.6.26-16) [bugfix/all/e1000-add-missing-length-check-to-e1000-receive-routine.patch]
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2009-1388 (from rev 1534, active/CVE-2009-1388)
===================================================================
--- retired/CVE-2009-1388 (rev 0)
+++ retired/CVE-2009-1388 2009-10-21 17:15:58 UTC (rev 1537)
@@ -0,0 +1,31 @@
+Candidate: CVE-2009-1388
+Description:
+ The OpenVZ Linux kernel team has found deadlock between ptrace and
+ coredump code. It affects 2.6.18 but does not affect the upstream kernel.
+ .
+ "ptrace_start() spins waiting for child->state ==
+ TASK_TRACED/TASK_STOPPED. If we race with the coredumping, we have to
+ wait until it completes.
+ .
+ If the tracer participates in coredumping too, we deadlock.
+ do_coredump() waits for tracer to exit and report
+ complete(mm->core_startup_done), the tracer spins in an endless loop.
+ .
+ Change ptrace_start() to abort if child->mm->core_waiters != 0."
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1388
+ https://bugzilla.redhat.com/attachment.cgi?id=346742
+Ubuntu-Description:
+Notes:
+ I can't find the ptrace_start() code in any of the debian kernels, so i
+ believe this to be a redhat-specific issue
+Bugs:
+upstream: N/A
+linux-2.6: N/A
+2.6.18-etch-security: N/A
+2.6.24-etch-security: N/A
+2.6.26-lenny-security: N/A
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2009-1389 (from rev 1534, active/CVE-2009-1389)
===================================================================
--- retired/CVE-2009-1389 (rev 0)
+++ retired/CVE-2009-1389 2009-10-21 17:15:58 UTC (rev 1537)
@@ -0,0 +1,16 @@
+Candidate: CVE-2009-1389
+Description:
+References:
+Ubuntu-Description:
+Notes:
+ jmm> fdd7b4c3302c93f6833e338903ea77245eb510b4
+Bugs: 532376
+upstream: released (2.6.30)
+linux-2.6: released (2.6.30-1)
+2.6.18-etch-security: released (2.6.18.dfsg.1-24etch3) [bugfix/all/r8169-fix-crash-when-large-packets-are-received.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch2) [bugfix/all/r8169-fix-crash-when-large-packets-are-received.patch]
+2.6.26-lenny-security: released (2.6.26-16) [bugfix/all/r8169-fix-crash-when-large-packets-are-received.patch]
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2009-1439 (from rev 1534, active/CVE-2009-1439)
===================================================================
--- retired/CVE-2009-1439 (rev 0)
+++ retired/CVE-2009-1439 2009-10-21 17:15:58 UTC (rev 1537)
@@ -0,0 +1,18 @@
+Candidate: CVE-2009-1439
+Description:
+References:
+ b363b3304bcf68c4541683b2eff70b29f0446a5b
+ f083def68f84b04fe3f97312498911afce79609e
+ 22c9d52bc03b880045ab1081890a38f11b272ae7
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.30)
+linux-2.6: released (2.6.30-1)
+2.6.18-etch-security: released (2.6.18.dfsg.1-24etch1) [bugfix/all/cifs-fix-memory-overwrite-when-saving-nativeFileSystem-field-during-mount.patch, bugfix/all/cifs-fix-buffer-size-for-tcon-nativeFileSystem-field.patch, bugfix/all/cifs-remove-unneeded-bcc_ptr-update-in-CIFSTCon.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/all/cifs-fix-memory-overwrite-when-saving-nativeFileSystem-field-during-mount.patch, bugfix/all/cifs-fix-buffer-size-for-tcon-nativeFileSystem-field.patch, bugfix/all/cifs-remove-unneeded-bcc_ptr-update-in-CIFSTCon.patch]
+2.6.26-lenny-security: released (2.6.26-15lenny1) [bugfix/all/cifs-fix-memory-overwrite-when-saving-nativeFileSystem-field-during-mount.patch, bugfix/all/cifs-fix-buffer-size-for-tcon-nativeFileSystem-field.patch, bugfix/all/cifs-remove-unneeded-bcc_ptr-update-in-CIFSTCon.patch]
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2009-1527 (from rev 1534, active/CVE-2009-1527)
===================================================================
--- retired/CVE-2009-1527 (rev 0)
+++ retired/CVE-2009-1527 2009-10-21 17:15:58 UTC (rev 1537)
@@ -0,0 +1,15 @@
+Candidate: CVE-2009-1527
+Description:
+References:
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.30-rc4) [cad81bc]
+linux-2.6: released (2.6.29-5) [bugfix/all/stable/2.6.29.3.patch]
+2.6.18-etch-security: N/A "vulnerable code not present"
+2.6.24-etch-security: N/A "vulnerable code not present"
+2.6.26-lenny-security: N/A "vulnerable code not present"
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2009-1630 (from rev 1534, active/CVE-2009-1630)
===================================================================
--- retired/CVE-2009-1630 (rev 0)
+++ retired/CVE-2009-1630 2009-10-21 17:15:58 UTC (rev 1537)
@@ -0,0 +1,22 @@
+Candidate: CVE-2009-1630
+Description:
+References:
+ http://article.gmane.org/gmane.linux.nfs/26592
+ http://linux-nfs.org/pipermail/nfsv4/2006-November/005313.html
+ http://linux-nfs.org/pipermail/nfsv4/2006-November/005323.html
+ http://www.openwall.com/lists/oss-security/2009/05/13/2
+ http://bugzilla.linux-nfs.org/show_bug.cgi?id=131
+ https://bugzilla.redhat.com/show_bug.cgi?id=500297
+ http://www.securityfocus.com/bid/34934
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.30-rc7) [7ee2cb7f32b299c2b06a31fde155457203e4b7dd]
+linux-2.6: released (2.6.30-1)
+2.6.18-etch-security: released (2.6.18.dfsg.1-24etch3) [bugfix/all/nfs-v4-client-fix-MAY_EXEC-handling.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch2) [bugfix/all/nfs-v4-client-fix-MAY_EXEC-handling.patch]
+2.6.26-lenny-security: released (2.6.26-15lenny3) [bugfix/all/nfs-v4-client-fix-MAY_EXEC-handling.patch]
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2009-1633 (from rev 1534, active/CVE-2009-1633)
===================================================================
--- retired/CVE-2009-1633 (rev 0)
+++ retired/CVE-2009-1633 2009-10-21 17:15:58 UTC (rev 1537)
@@ -0,0 +1,18 @@
+Candidate: CVE-2009-1633
+Description:
+References:
+ http://git.kernel.org/linus/27b87fe52baba0a55e9723030e76fce94fabcea4
+ http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git;a=commit;h=7b0c8fcff47a885743125dd843db64af41af5a61
+ http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git;a=commit;h=968460ebd8006d55661dec0fb86712b40d71c413
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.30-rc5) [27b87fe52baba0a55e9723030e76fce94fabcea4, 7b0c8fcff47a885743125dd843db64af41af5a61, 968460ebd8006d55661dec0fb86712b40d71c413]
+linux-2.6: released (2.6.30-1)
+2.6.18-etch-security: released (2.6.18.dfsg.1-24etch3) [bugfix/all/cifs-fix-oops-when-windows-server-sent-bad-domain-name-null-terminator.patch, bugfix/all/cifs-fix-unicode-string-area-word-alignment-in-session-setup.patch, bugfix/all/cifs-increase-size-of-tmp_buf-in-cifs_readdir-to-avoid-potential-overflows.patch] "bugfix/all/cifs-rename-cifs_strncpy_to_host-and-fix-buffer-size.patch not applied - affected code not present"
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch2) [bugfix/all/cifs-fix-unicode-string-area-word-alignment-in-session-setup.patch, bugfix/all/cifs-increase-size-of-tmp_buf-in-cifs_readdir-to-avoid-potential-overflows.patch] "bugfix/all/cifs-rename-cifs_strncpy_to_host-and-fix-buffer-size.patch not applied - affected code not present"
+2.6.26-lenny-security: released (2.6.26-15lenny3) [bugfix/all/cifs-fix-unicode-string-area-word-alignment-in-session-setup.patch, bugfix/all/cifs-increase-size-of-tmp_buf-in-cifs_readdir-to-avoid-potential-overflows.patch, bugfix/all/cifs-rename-cifs_strncpy_to_host-and-fix-buffer-size.patch]
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2009-1895 (from rev 1534, active/CVE-2009-1895)
===================================================================
--- retired/CVE-2009-1895 (rev 0)
+++ retired/CVE-2009-1895 2009-10-21 17:15:58 UTC (rev 1537)
@@ -0,0 +1,15 @@
+Candidate: CVE-2009-1895
+Description:
+References:
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.31-rc3) [f9fabcb58a6d26d6efde842d1703ac7cfa9427b6]
+linux-2.6: released (2.6.30-3) [bugfix/all/personality-fix-PER_CLEAR_ON_SETID.patch]
+2.6.18-etch-security: N/A "mmap_min_addr first published in 2.6.23"
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch2) [bugfix/all/personality-fix-PER_CLEAR_ON_SETID.patch]
+2.6.26-lenny-security: released (2.6.26-17lenny1) [bugfix/all/personality-fix-PER_CLEAR_ON_SETID.patch]
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2009-1897 (from rev 1534, active/CVE-2009-1897)
===================================================================
--- retired/CVE-2009-1897 (rev 0)
+++ retired/CVE-2009-1897 2009-10-21 17:15:58 UTC (rev 1537)
@@ -0,0 +1,19 @@
+Candidate: CVE-2009-1897
+Description:
+ Null pointer dereference bypass in tun/tap
+References:
+ http://seclists.org/fulldisclosure/2009/Jul/0241.html
+ http://grsecurity.net/~spender/cheddar_bay.tgz
+Ubuntu-Description:
+Notes:
+ According to description, vulnerability introduced in commit 33dccbb050bbe35b88ca8cf1228dcf3e4d4b3554, so only 2.6.30 affected.
+Bugs: 537409
+upstream: released (2.6.31-rc3) [3c8a9c63d5fd738c261bd0ceece04d9c8357ca13]
+linux-2.6: released (2.6.30-3) [bugfix/all/tun-tap-fix-crash-on-open-and-poll.patch]
+2.6.18-etch-security: N/A "introduced after 2.6.29"
+2.6.24-etch-security: N/A "introduced after 2.6.29"
+2.6.26-lenny-security: N/A "introduced after 2.6.29"
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2009-1914 (from rev 1534, active/CVE-2009-1914)
===================================================================
--- retired/CVE-2009-1914 (rev 0)
+++ retired/CVE-2009-1914 2009-10-21 17:15:58 UTC (rev 1537)
@@ -0,0 +1,23 @@
+Candidate: CVE-2009-1914
+Description:
+ The pci_register_iommu_region function in
+ arch/sparc/kernel/pci_common.c in the Linux kernel before 2.6.29 on
+ the sparc64 platform allows local users to cause a denial of service
+ (system crash) by reading the /proc/iomem file, related to
+ uninitialized pointers and the request_resource function.
+References:
+ http://www.openwall.com/lists/oss-security/2009/06/03/3
+ http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=192d7a4667c6d11d1a174ec4cad9a3c5d5f9043c
+ http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29
+Ubuntu-Description:
+Notes:
+Bugs: #532722
+upstream: released (2.6.29)
+linux-2.6: released (2.6.29-1)
+2.6.18-etch-security: N/A "code not present"
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch2) [bugfix/sparc/sparc64-Fix-crash-with-proc-iomem.patch]
+2.6.26-lenny-security: released (2.6.26-16) [bugfix/sparc/sparc64-Fix-crash-with-proc-iomem.patch]
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2009-1961 (from rev 1534, active/CVE-2009-1961)
===================================================================
--- retired/CVE-2009-1961 (rev 0)
+++ retired/CVE-2009-1961 2009-10-21 17:15:58 UTC (rev 1537)
@@ -0,0 +1,29 @@
+Candidate: CVE-2009-1961
+Description:
+ The inode double locking code in fs/ocfs2/file.c in the Linux kernel
+ 2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before 2.6.29.4,
+ and possibly other versions down to 2.6.19 allows local users to cause a
+ denial of service (prevention of file creation and removal) via a series
+ of splice system calls that trigger a deadlock between the
+ generic_file_splice_write, splice_from_pipe, and ocfs2_file_splice_write
+ functions.
+References:
+ http://www.openwall.com/lists/oss-security/2009/05/29/2
+ http://www.openwall.com/lists/oss-security/2009/05/30/1
+ http://www.openwall.com/lists/oss-security/2009/06/02/2
+ http://www.openwall.com/lists/oss-security/2009/06/03/1
+ http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=7bfac9ecf0585962fe13584f5cf526d8c8e76f17
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.30-rc1) [7bfac9ecf0585962fe13584f5cf526d8c8e76f17]
+linux-2.6: released (2.6.30-1)
+2.6.18-etch-security: N/A "affected code note present"
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch2) [bugfix/all/ocfs2-splice-deadlock.patch]
+2.6.26-lenny-security: released (2.6.26-16) [bugfix/all/ocfs2-splice-deadlock.patch]
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
+
+
Copied: retired/CVE-2009-2406 (from rev 1534, active/CVE-2009-2406)
===================================================================
--- retired/CVE-2009-2406 (rev 0)
+++ retired/CVE-2009-2406 2009-10-21 17:15:58 UTC (rev 1537)
@@ -0,0 +1,19 @@
+Candidate: CVE-2009-2406
+Description:
+ Ramon de Carvalho Valle discovered that eCryptfs did not correctly
+ validate certain buffer sizes. A local attacker could create specially
+ crafted eCryptfs files to crash the system or gain elevated privileges.
+References:
+ http://www.ubuntu.com/usn/usn-807-1
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.31-rc5) [6352a29305373ae6196491e6d4669f301e26492e]
+linux-2.6: released (2.6.30-5) [bugfix/all/ecryptfs-check-tag-11-literal-data-buffer-size.patch]
+2.6.18-etch-security: N/A "no ecryptfs"
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch2) [bugfix/all/ecryptfs-check-tag-11-literal-data-buffer-size.patch]
+2.6.26-lenny-security: released (2.6.26-17lenny1) [bugfix/all/ecryptfs-check-tag-11-literal-data-buffer-size.patch]
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2009-2407 (from rev 1534, active/CVE-2009-2407)
===================================================================
--- retired/CVE-2009-2407 (rev 0)
+++ retired/CVE-2009-2407 2009-10-21 17:15:58 UTC (rev 1537)
@@ -0,0 +1,19 @@
+Candidate: CVE-2009-2407
+Description:
+ Ramon de Carvalho Valle discovered that eCryptfs did not correctly
+ validate certain buffer sizes. A local attacker could create specially
+ crafted eCryptfs files to crash the system or gain elevated privileges.
+References:
+ http://www.ubuntu.com/usn/usn-807-1
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.31-rc5) [f151cd2c54ddc7714e2f740681350476cda03a28]
+linux-2.6: released (2.6.30-5) [bugfix/all/ecryptfs-parse_tag_3_packet-check-tag-3-package-encrypted-key-size.patch]
+2.6.18-etch-security: N/A "no ecryptfs"
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch2) [bugfix/all/ecryptfs-parse_tag_3_packet-check-tag-3-package-encrypted-key-size.patch]
+2.6.26-lenny-security: released (2.6.26-17lenny1) [bugfix/all/ecryptfs-parse_tag_3_packet-check-tag-3-package-encrypted-key-size.patch]
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2009-2692 (from rev 1534, active/CVE-2009-2692)
===================================================================
--- retired/CVE-2009-2692 (rev 0)
+++ retired/CVE-2009-2692 2009-10-21 17:15:58 UTC (rev 1537)
@@ -0,0 +1,15 @@
+Candidate: CVE-2009-2692
+Description:
+References:
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.30.5, 2.6.31-rc6) [e694958]
+linux-2.6: released (2.6.30-6) [bugfix/all/make-sock_sendpage-use-kernel_sendpage.patch]
+2.6.18-etch-security: released (2.6.18.dfsg.1-24etch3) [bugfix/all/net-fix-possible-NULL-dereference-in-sock_sendpage.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch3) [bugfix/all/make-sock_sendpage-use-kernel_sendpage.patch]
+2.6.26-lenny-security: released (2.6.26-17lenny2) [bugfix/all/make-sock_sendpage-use-kernel_sendpage.patch]
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2009-2698 (from rev 1534, active/CVE-2009-2698)
===================================================================
--- retired/CVE-2009-2698 (rev 0)
+++ retired/CVE-2009-2698 2009-10-21 17:15:58 UTC (rev 1537)
@@ -0,0 +1,17 @@
+Candidate: CVE-2009-2698
+Description:
+References:
+Ubuntu-Description:
+Notes:
+ Additional hardening against issues related to CVE-2009-2698 was commited upstream.
+ See: http://www.openwall.com/lists/oss-security/2009/08/30/1
+Bugs:
+upstream: released (2.6.19)
+linux-2.6: released (2.6.19-1)
+2.6.18-etch-security: released (2.6.18.dfsg.1-24etch4) [bugfix/all/udp-fix-MSG_PROBE-crash.patch]
+2.6.24-etch-security: released (2.6.19-1)
+2.6.26-lenny-security: released (2.6.19-1)
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2009-2767 (from rev 1534, active/CVE-2009-2767)
===================================================================
--- retired/CVE-2009-2767 (rev 0)
+++ retired/CVE-2009-2767 2009-10-21 17:15:58 UTC (rev 1537)
@@ -0,0 +1,23 @@
+Candidate: CVE-2009-2767
+Description:
+ Calling do_nanosleep() with clockid CLOCK_MONOTONIC_RAW can cause a NULL
+pointer dereference. Appears to be introduced after commit 2d42244a
+(v2.6.28-rc1).
+References:
+ http://git.kernel.org/linus/70d715fd0597f18528f389b5ac59102263067744
+ http://lkml.org/lkml/2009/8/4/40
+ http://lkml.org/lkml/2009/8/4/28
+ http://lkml.org/lkml/2009/8/2/331
+ https://bugzilla.redhat.com/show_bug.cgi?id=515867
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.31-rc6) [70d715f]
+linux-2.6: released (2.6.30-6) [bugfix/all/posix-timers-fix-oops-in-clock-nanosleep-with-CLOCK_MONOTONIC_RAW.patch]
+2.6.18-etch-security: N/A "Appears to be introduced after commit 2d42244a (v2.6.28-rc1)"
+2.6.24-etch-security: N/A "Appears to be introduced after commit 2d42244a (v2.6.28-rc1)"
+2.6.26-lenny-security: N/A "Appears to be introduced after commit 2d42244a (v2.6.28-rc1)"
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2009-2768 (from rev 1534, active/CVE-2009-2768)
===================================================================
--- retired/CVE-2009-2768 (rev 0)
+++ retired/CVE-2009-2768 2009-10-21 17:15:58 UTC (rev 1537)
@@ -0,0 +1,19 @@
+Candidate: CVE-2009-2768
+Description:
+ The new credentials code broke load_flat_shared_library() as it now uses an
+ uninitialized cred pointer, leading to a NULL pointer dereference.
+References:
+ http://lkml.org/lkml/2009/6/22/91
+ http://thread.gmane.org/gmane.linux.hardware.blackfin.kernel.devel/1905
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.31-rc6) [3440625d78711bee41a84cf29c3d8c579b522666]
+linux-2.6: released (2.6.30-6) [bugfix/all/flat-fix-uninitialized-ptr-with-shared-libs.patch]
+2.6.18-etch-security: N/A "kernel/cred.c introduced in 2.6.29"
+2.6.24-etch-security: N/A "kernel/cred.c introduced in 2.6.29"
+2.6.26-lenny-security: N/A "kernel/cred.c introduced in 2.6.29"
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Copied: retired/CVE-2009-2844 (from rev 1534, active/CVE-2009-2844)
===================================================================
--- retired/CVE-2009-2844 (rev 0)
+++ retired/CVE-2009-2844 2009-10-21 17:15:58 UTC (rev 1537)
@@ -0,0 +1,16 @@
+Candidate: CVE-2009-2844
+Description:
+ cfg80211: missing NULL pointer checks
+References:
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.31-rc6)
+linux-2.6: released (2.6.30-7)
+2.6.18-etch-security: N/A "Affects >= 2.6.30-rc1"
+2.6.24-etch-security: N/A "Affects >= 2.6.30-rc1"
+2.6.26-lenny-security: N/A "Affects >= 2.6.30-rc1"
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
More information about the kernel-sec-discuss
mailing list