[kernel-sec-discuss] r1713 - active
Michael Gilbert
gilbert-guest at alioth.debian.org
Fri Feb 5 04:10:53 UTC 2010
Author: gilbert-guest
Date: 2010-02-05 04:10:52 +0000 (Fri, 05 Feb 2010)
New Revision: 1713
Added:
active/CVE-2010-0297
active/CVE-2010-ecryptfs-use-after-free
active/CVE-2010-futex-dos
active/CVE-2010-futex-null-ptr-dereference
active/CVE-2010-futex-refcount-leak
active/CVE-2010-kvm-null-ptr-dereference
active/CVE-2010-tty-race
Modified:
active/CVE-2009-4536
active/CVE-2009-4538
active/CVE-2010-0291
Log:
various new issues and info
Modified: active/CVE-2009-4536
===================================================================
--- active/CVE-2009-4536 2010-02-05 04:10:46 UTC (rev 1712)
+++ active/CVE-2009-4536 2010-02-05 04:10:52 UTC (rev 1713)
@@ -7,10 +7,10 @@
jmm> Commit 40a14deaf411592b57cb0720f0e8004293ab9865
jmm> Submitted for 2.6.32 stable
Bugs:
-upstream:
+upstream: released (2.6.33-rc6) [40a14dea]
2.6.32-upstream-stable:
-linux-2.6:
+linux-2.6: released (2.6.32-6) [bugfix/all/e1000-enhance-frame-fragment-detection.patch]
2.6.18-etch-security:
2.6.24-etch-security: pending (2.6.24-6~etchnhalf.9etch2) [bugfix/all/e1000-enhance-frame-fragment-detection.patch]
2.6.26-lenny-security: pending (2.6.26-21lenny1) [bugfix/all/e1000-enhance-frame-fragment-detection.patch]
-2.6.32-squeeze-security:
+2.6.32-squeeze-security: released (2.6.32-6) [bugfix/all/e1000-enhance-frame-fragment-detection.patch]
Modified: active/CVE-2009-4538
===================================================================
--- active/CVE-2009-4538 2010-02-05 04:10:46 UTC (rev 1712)
+++ active/CVE-2009-4538 2010-02-05 04:10:52 UTC (rev 1713)
@@ -7,10 +7,10 @@
jmm> commit b94b50289622e816adc9f94111cfc2679c80177c
jmm> Submitted for 2.6.32 stable
Bugs:
-upstream:
+upstream: released (2.6.33-rc6) [b94b5028]
2.6.32-upstream-stable:
-linux-2.6:
+linux-2.6: released (2.6.32-6) [bugfix/all/e1000e-enhance-fragment-detection.patch]
2.6.18-etch-security:
2.6.24-etch-security: pending (2.6.24-6~etchnhalf.9etch2) [bugfix/all/e1000e-enhance-frame-fragment-detection.patch]
2.6.26-lenny-security: pending (2.6.26-21lenny1) [bugfix/all/e1000e-enhance-frame-fragment-detection.patch]
-2.6.32-squeeze-security:
+2.6.32-squeeze-security: released (2.6.32-6) [bugfix/all/e1000e-enhance-fragment-detection.patch]
Modified: active/CVE-2010-0291
===================================================================
--- active/CVE-2010-0291 2010-02-05 04:10:46 UTC (rev 1712)
+++ active/CVE-2010-0291 2010-02-05 04:10:52 UTC (rev 1713)
@@ -7,10 +7,10 @@
https://bugzilla.redhat.com/show_bug.cgi?id=556703
Notes:
Bugs:
-upstream: released (2.6.32.4)
+upstream: released (2.6.33-rc1) [54f5de70, ecc1a899, 1a0ef85f, f106af4e, 097eed10, 93587414, 0ec62d29, c4caa778, 2ea1d13f, 570dcf2c, 564b3bff, 0067bd8a, f8b72560, 8c7b49b3, 9206de95, 2c6a1016, 05d72faa, bb52d669, e77414e0, aa656073]
2.6.32-upstream-stable: released (2.6.32.4)
-linux-2.6: pending (2.6.32-6) [bugfix/all/stable/2.6.32.4.patch]
+linux-2.6: released (2.6.32-6) [bugfix/all/stable/2.6.32.4.patch]
2.6.18-etch-security:
2.6.24-etch-security:
2.6.26-lenny-security: pending (2.6.26-21lenny1) [bugfix/all/untangle-the-do_mremap-mess.patch]
-2.6.32-squeeze-security: pending (2.6.32-6) [bugfix/all/stable/2.6.32.4.patch]
+2.6.32-squeeze-security: released (2.6.32-6) [bugfix/all/stable/2.6.32.4.patch]
Added: active/CVE-2010-0297
===================================================================
--- active/CVE-2010-0297 (rev 0)
+++ active/CVE-2010-0297 2010-02-05 04:10:52 UTC (rev 1713)
@@ -0,0 +1,14 @@
+Candidate: CVE-2010-0297
+Description:
+ kvm usb-linux.c buffer overflow
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0297
+Notes:
+Bugs:
+upstream:
+2.6.32-upstream-stable:
+linux-2.6:
+2.6.18-etch-security:
+2.6.24-etch-security:
+2.6.26-lenny-security:
+2.6.32-squeeze-security:
Added: active/CVE-2010-ecryptfs-use-after-free
===================================================================
--- active/CVE-2010-ecryptfs-use-after-free (rev 0)
+++ active/CVE-2010-ecryptfs-use-after-free 2010-02-05 04:10:52 UTC (rev 1713)
@@ -0,0 +1,13 @@
+Candidate: needs to be requested
+Description:
+ ecryptfs use after free
+References:
+Notes:
+Bugs:
+upstream: released (2.6.33-rc5) [ece550f5]
+2.6.32-upstream-stable: released (2.6.32.6) [36212162]
+linux-2.6: released (2.6.32-6) [bugfix/all/stable/2.6.32.6]
+2.6.18-etch-security:
+2.6.24-etch-security:
+2.6.26-lenny-security:
+2.6.32-squeeze-security: released (2.6.32-6) [bugfix/all/stable/2.6.32.6]
Added: active/CVE-2010-futex-dos
===================================================================
--- active/CVE-2010-futex-dos (rev 0)
+++ active/CVE-2010-futex-dos 2010-02-05 04:10:52 UTC (rev 1713)
@@ -0,0 +1,13 @@
+Candidate: needs to be requested
+Description:
+ denial-of-service in kernel/futex.c
+References:
+Notes:
+Bugs:
+upstream: released (2.6.33-rc5) [7485d0d3]
+2.6.32-upstream-stable: released (2.6.32.5) [d4c893f2]
+linux-2.6: released (2.6.32-6) [bugfix/all/stable/2.6.32.5]
+2.6.18-etch-security:
+2.6.24-etch-security:
+2.6.26-lenny-security:
+2.6.32-squeeze-security: released (2.6.32-6) [bugfix/all/stable/2.6.32.5]
Added: active/CVE-2010-futex-null-ptr-dereference
===================================================================
--- active/CVE-2010-futex-null-ptr-dereference (rev 0)
+++ active/CVE-2010-futex-null-ptr-dereference 2010-02-05 04:10:52 UTC (rev 1713)
@@ -0,0 +1,14 @@
+Candidate: needs to be requested
+Description:
+ futex null ptr dereference
+References:
+ http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=51246bfd189064079c54421507236fd2723b18f3
+Notes:
+Bugs:
+upstream: pending [51246bfd1]
+2.6.32-upstream-stable:
+linux-2.6:
+2.6.18-etch-security:
+2.6.24-etch-security:
+2.6.26-lenny-security:
+2.6.32-squeeze-security:
Added: active/CVE-2010-futex-refcount-leak
===================================================================
--- active/CVE-2010-futex-refcount-leak (rev 0)
+++ active/CVE-2010-futex-refcount-leak 2010-02-05 04:10:52 UTC (rev 1713)
@@ -0,0 +1,13 @@
+Candidate: needs to be requested
+Description:
+ futex refcount leak
+References:
+Notes:
+Bugs:
+upstream: pending [5ecb01c]
+2.6.32-upstream-stable:
+linux-2.6:
+2.6.18-etch-security: N/A "introduced in 2.6.28 commit 38d47c1b"
+2.6.24-etch-security: N/A "introduced in 2.6.28 commit 38d47c1b"
+2.6.26-lenny-security: N/A "introduced in 2.6.28 commit 38d47c1b"
+2.6.32-squeeze-security:
Added: active/CVE-2010-kvm-null-ptr-dereference
===================================================================
--- active/CVE-2010-kvm-null-ptr-dereference (rev 0)
+++ active/CVE-2010-kvm-null-ptr-dereference 2010-02-05 04:10:52 UTC (rev 1713)
@@ -0,0 +1,14 @@
+Candidate: needs to be requested
+Description:
+ kvm null ptr dereference
+References:
+ http://patchwork.kernel.org/patch/61310/
+Notes:
+Bugs:
+upstream: released (2.6.33-rc1) [e50212bb]
+2.6.32-upstream-stable:
+linux-2.6:
+2.6.18-etch-security: N/A "kvm introduced in 2.6.25"
+2.6.24-etch-security: N/A "kvm introduced in 2.6.25"
+2.6.26-lenny-security:
+2.6.32-squeeze-security:
Added: active/CVE-2010-tty-race
===================================================================
--- active/CVE-2010-tty-race (rev 0)
+++ active/CVE-2010-tty-race 2010-02-05 04:10:52 UTC (rev 1713)
@@ -0,0 +1,14 @@
+Candidate: needs to be requested
+Description:
+ race in tty_fasync
+References:
+ http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=703625118069f9f8960d356676662d3db5a9d116
+Notes:
+Bugs:
+upstream: released (2.6.33-rc5) [70362511]
+2.6.32-upstream-stable: released (2.6.32.7) [0a1c275a]
+linux-2.6: released (2.6.32-6) [bugfix/all/stable/2.6.32.7]
+2.6.18-etch-security:
+2.6.24-etch-security:
+2.6.26-lenny-security:
+2.6.32-squeeze-security: released (2.6.32-6) [bugfix/all/stable/2.6.32.7]
More information about the kernel-sec-discuss
mailing list