[kernel-sec-discuss] r2085 - active retired

Michael Gilbert gilbert-guest at alioth.debian.org
Sun Dec 12 23:54:50 UTC 2010 

Author: gilbert-guest
Date: 2010-12-12 23:54:50 +0000 (Sun, 12 Dec 2010)
New Revision: 2085

Added:
   active/CVE-2010-4256
   retired/CVE-2010-3859
   retired/CVE-2010-4157
Removed:
   active/CVE-2010-3859
   active/CVE-2010-4157
Log:
retire a couple issues and a new one

Deleted: active/CVE-2010-3859
===================================================================
--- active/CVE-2010-3859	2010-12-12 11:56:40 UTC (rev 2084)
+++ active/CVE-2010-3859	2010-12-12 23:54:50 UTC (rev 2085)
@@ -1,13 +0,0 @@
-Candidate: CVE-2010-3859
-Description:
-References:
-Notes:
- jmm> http://marc.info/?l=linux-netdev&m=128770476511716&w=2
- jmm> http://article.gmane.org/gmane.comp.security.oss.general/3775
- bwh> http://article.gmane.org/gmane.linux.kernel/1056407
-Bugs:
-upstream: released (2.6.37-rc1) [253eacc070b114c2ec1f81b067d2fed7305467b0 8acfe468b0384e834a303f08ebc4953d72fb690a]
-2.6.32-upstream-stable:
-linux-2.6: released (2.6.32-27)
-2.6.26-lenny-security: released (2.6.26-26lenny1) [bugfix/all/net-truncate-recvfrom-and-sendto-length-to-INT_MAX.patch, bugfix/all/net-limit-socket-io-iovec-total-length-to-INT_MAX.patch]
-2.6.32-squeeze-security: released (2.6.32-27)

Deleted: active/CVE-2010-4157
===================================================================
--- active/CVE-2010-4157	2010-12-12 11:56:40 UTC (rev 2084)
+++ active/CVE-2010-4157	2010-12-12 23:54:50 UTC (rev 2085)
@@ -1,12 +0,0 @@
-Candidate: CVE-2010-4157
-Description: gdth: integer overflow in ioc_general()
-References:
-Notes:
- dannf> Not a security issue (discussed on oss-security, iirc)
- jmm> It was clarified later on oss-sec, that this is in fact exploitable
-Bugs:
-upstream: released (2.6.37-rc1) [f63ae56e4e97fb12053590e41a4fa59e7daa74a4]
-2.6.32-upstream-stable: released (2.6.32.26)
-linux-2.6: released (2.6.32-28) [bugfix/all/stable/2.6.32.26.patch]
-2.6.26-lenny-security: released (2.6.26-26lenny1) [bugfix/all/gdth-integer-overflow-in-ioctl.patch]
-2.6.32-squeeze-security: released (2.6.32-28) [bugfix/all/stable/2.6.32.26.patch]

Added: active/CVE-2010-4256
===================================================================
--- active/CVE-2010-4256	                        (rev 0)
+++ active/CVE-2010-4256	2010-12-12 23:54:50 UTC (rev 2085)
@@ -0,0 +1,12 @@
+Candidate: cve-2010-4256
+Description:
+ pipe_fcntl local DoS
+References:
+ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4256
+Notes:
+Bugs:
+upstream:
+2.6.32-upstream-stable:
+linux-2.6:
+2.6.26-lenny-security:
+2.6.32-squeeze-security:

Copied: retired/CVE-2010-3859 (from rev 2084, active/CVE-2010-3859)
===================================================================
--- retired/CVE-2010-3859	                        (rev 0)
+++ retired/CVE-2010-3859	2010-12-12 23:54:50 UTC (rev 2085)
@@ -0,0 +1,13 @@
+Candidate: CVE-2010-3859
+Description:
+References:
+Notes:
+ jmm> http://marc.info/?l=linux-netdev&m=128770476511716&w=2
+ jmm> http://article.gmane.org/gmane.comp.security.oss.general/3775
+ bwh> http://article.gmane.org/gmane.linux.kernel/1056407
+Bugs:
+upstream: released (2.6.37-rc1) [253eacc070b114c2ec1f81b067d2fed7305467b0 8acfe468b0384e834a303f08ebc4953d72fb690a]
+2.6.32-upstream-stable: released (2.6.32.27) [3543e68e, f342cb14f]
+linux-2.6: released (2.6.32-27)
+2.6.26-lenny-security: released (2.6.26-26lenny1) [bugfix/all/net-truncate-recvfrom-and-sendto-length-to-INT_MAX.patch, bugfix/all/net-limit-socket-io-iovec-total-length-to-INT_MAX.patch]
+2.6.32-squeeze-security: released (2.6.32-27)

Copied: retired/CVE-2010-4157 (from rev 2084, active/CVE-2010-4157)
===================================================================
--- retired/CVE-2010-4157	                        (rev 0)
+++ retired/CVE-2010-4157	2010-12-12 23:54:50 UTC (rev 2085)
@@ -0,0 +1,12 @@
+Candidate: CVE-2010-4157
+Description: gdth: integer overflow in ioc_general()
+References:
+Notes:
+ dannf> Not a security issue (discussed on oss-security, iirc)
+ jmm> It was clarified later on oss-sec, that this is in fact exploitable
+Bugs:
+upstream: released (2.6.37-rc1) [f63ae56e4e97fb12053590e41a4fa59e7daa74a4]
+2.6.32-upstream-stable: released (2.6.32.26)
+linux-2.6: released (2.6.32-28) [bugfix/all/stable/2.6.32.26.patch]
+2.6.26-lenny-security: released (2.6.26-26lenny1) [bugfix/all/gdth-integer-overflow-in-ioctl.patch]
+2.6.32-squeeze-security: released (2.6.32-28) [bugfix/all/stable/2.6.32.26.patch]

More information about the kernel-sec-discuss mailing list