[kernel-sec-discuss] r1759 - active retired
Moritz Muehlenhoff
jmm at alioth.debian.org
Thu Mar 4 23:30:10 UTC 2010
Author: jmm
Date: 2010-03-04 23:30:06 +0000 (Thu, 04 Mar 2010)
New Revision: 1759
Added:
retired/CVE-2009-2691
retired/CVE-2009-2695
retired/CVE-2009-3080
retired/CVE-2009-3613
retired/CVE-2009-3726
retired/CVE-2009-3889
retired/CVE-2009-4005
retired/CVE-2009-4020
retired/CVE-2009-4021
retired/CVE-2009-4138
retired/CVE-2009-4141
retired/CVE-2009-4308
retired/CVE-2009-4536
retired/CVE-2009-4538
retired/CVE-2010-0003
retired/CVE-2010-0006
retired/CVE-2010-0007
Removed:
active/CVE-2009-2691
active/CVE-2009-2695
active/CVE-2009-3080
active/CVE-2009-3613
active/CVE-2009-3726
active/CVE-2009-3889
active/CVE-2009-4005
active/CVE-2009-4020
active/CVE-2009-4021
active/CVE-2009-4138
active/CVE-2009-4141
active/CVE-2009-4308
active/CVE-2009-4536
active/CVE-2009-4538
active/CVE-2010-0003
active/CVE-2010-0006
active/CVE-2010-0007
Log:
retire issues
Deleted: active/CVE-2009-2691
===================================================================
--- active/CVE-2009-2691 2010-03-04 23:25:24 UTC (rev 1758)
+++ active/CVE-2009-2691 2010-03-04 23:30:06 UTC (rev 1759)
@@ -1,14 +0,0 @@
-Candidate: CVE-2009-2691
-Description:
- The mm_for_maps function in fs/proc/base.c in the Linux kernel 2.6.30.4 and earlier
- allows local users to read (1) maps and (2) smaps files under proc/ via vectors
- related to ELF loading, a setuid process, and a race condition.
-References:
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.31-rc6) [13f0fea, 00f89d2, 704b836], released (2.6.30.5) [95d7e670e3158b6a52a8279290a0d6f7047250b4, 17dc3e97d6d51df33cb6e35fabb62b91ef14cf2c, c6d59cb0341e2c3aed3eb65cbf166a686c3443aa]
-linux-2.6: released (2.6.30-7)
-2.6.18-etch-security: ignored (end of life)
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/maps-visible-during-initial-setuid-ELF-loading.patch]
-2.6.26-lenny-security: released (2.6.26-21) [bugfix/all/maps-visible-during-initial-setuid-ELF-loading.patch]
Deleted: active/CVE-2009-2695
===================================================================
--- active/CVE-2009-2695 2010-03-04 23:25:24 UTC (rev 1758)
+++ active/CVE-2009-2695 2010-03-04 23:30:06 UTC (rev 1759)
@@ -1,21 +0,0 @@
-Candidate: CVE-2009-2695
-Description:
- The Linux kernel before 2.6.31-rc7 does not properly prevent mmap operations that
- target page zero and other low memory addresses, which allows local users to gain
- privileges by exploiting NULL pointer dereference vulnerabilities, related to (1)
- the default configuration of the allow_unconfined_mmap_low boolean in SELinux on
- Red Hat Enterprise Linux (RHEL) 5, (2) an error that causes
- allow_unconfined_mmap_low to be ignored in the unconfined_t domain, (3) lack of a
- requirement for the CAP_SYS_RAWIO capability for these mmap operations, and (4)
- interaction between the mmap_min_addr protection mechanism and certain application
- programs.
-References:
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2695
-Ubuntu-Description:
-Notes:
-Bugs:
-upstream: released (2.6.31-rc7)
-linux-2.6: released (2.6.31-1)
-2.6.18-etch-security: N/A "no mmap_min_addr"
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/security-use-mmap_min_addr-independently-of-security-models.patch, bugfix/all/selinux-call-cap_file_mmap-in-selinux_file_mmap.patch, bugfix/all/capabilities-move-cap_file_mmap-to-commoncap.c.patch, bugfix/all/security-seperate-lsm-specific-mmap_min_addr.patch, bugfix/all/security-define-round_hint_to_min-when-CONFIG_SECURITY-is-off.patch]
-2.6.26-lenny-security: released (2.6.26-19lenny1) [bugfix/all/security-use-mmap_min_addr-independently-of-security-models.patch, bugfix/all/selinux-call-cap_file_mmap-in-selinux_file_mmap.patch, bugfix/all/capabilities-move-cap_file_mmap-to-commoncap.c.patch, bugfix/all/security-seperate-lsm-specific-mmap_min_addr.patch, bugfix/all/security-define-round_hint_to_min-when-CONFIG_SECURITY-is-off.patch]
Deleted: active/CVE-2009-3080
===================================================================
--- active/CVE-2009-3080 2010-03-04 23:25:24 UTC (rev 1758)
+++ active/CVE-2009-3080 2010-03-04 23:30:06 UTC (rev 1759)
@@ -1,13 +0,0 @@
-Candidate: CVE-2009-3080
-Description:
- index error in gdth_read_event
-References:
- http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3080
-Notes:
-Bugs:
-upstream: released (2.6.32-rc8) [690e7448]
-2.6.31-upstream-stable: released (2.6.31.7) [17438898]
-linux-2.6: released (2.6.32-1)
-2.6.18-etch-security: released (2.6.18.dfsg.1-26etch2) [bugfix/all/gdth-prevent-negative-offsets-in-ioctl.patch]
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/gdth-prevent-negative-offsets-in-ioctl.patch]
-2.6.26-lenny-security: released (2.6.26-21) [bugfix/all/gdth-prevent-negative-offsets-in-ioctl.patch]
Deleted: active/CVE-2009-3613
===================================================================
--- active/CVE-2009-3613 2010-03-04 23:25:24 UTC (rev 1758)
+++ active/CVE-2009-3613 2010-03-04 23:30:06 UTC (rev 1759)
@@ -1,14 +0,0 @@
-Candidate: CVE-2009-3613
-Description:
-References:
- http://git.kernel.org/linus/a866bbf6aacf95f849810079442a20be118ce905
- http://git.kernel.org/linus/97d477a914b146e7e6722ded21afa79886ae8ccd
- http://bugzilla.kernel.org/show_bug.cgi?id=9468
- https://bugzilla.redhat.com/show_bug.cgi?id=529137
-Notes:
-Bugs:
-upstream: released (2.6.29) [a866bbf, 97d477a]
-linux-2.6: released (2.6.29-1)
-2.6.18-etch-security: ignored (EOL)
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch1) [bugfix/all/r8169-balance-pci_map-pci_unmap-pair.patch, bugfix/all/r8169-use-hardware-auto-padding.patch]
-2.6.26-lenny-security: released (2.6.26-19lenny1) [bugfix/all/r8169-use-hardware-auto-padding.patch]
Deleted: active/CVE-2009-3726
===================================================================
--- active/CVE-2009-3726 2010-03-04 23:25:24 UTC (rev 1758)
+++ active/CVE-2009-3726 2010-03-04 23:30:06 UTC (rev 1759)
@@ -1,13 +0,0 @@
-Candidate: CVE-2009-3726
-Description:
- null ptr dereference in nfs4_proc_lock
-References:
- http://www.openwall.com/lists/oss-security/2009/11/05/1
- http://xorl.wordpress.com/2009/11/07/cve-2009-3726-linux-kernel-nfsv4-null-pointer-dereference/
-Notes:
-Bugs:
-upstream: released (2.6.31) [d953126a28f97ec965d23c69fd5795854c048f30]
-linux-2.6: released (2.6.31-1)
-2.6.18-etch-security: released (2.6.18.dfsg.1-26etch2) [bugfix/all/nfsv4-buggy-server-oops.patch]
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/nfsv4-buggy-server-oops.patch]
-2.6.26-lenny-security: released (2.6.26-21) [bugfix/all/nfsv4-buggy-server-oops.patch]
Deleted: active/CVE-2009-3889
===================================================================
--- active/CVE-2009-3889 2010-03-04 23:25:24 UTC (rev 1758)
+++ active/CVE-2009-3889 2010-03-04 23:30:06 UTC (rev 1759)
@@ -1,18 +0,0 @@
-Candidate: CVE-2009-3889
-Description:
- The dbg_lvl file for the megaraid_sas driver in the Linux kernel before
- 2.6.27 has world-writable permissions, which allows local users to change
- the (1) behavior and (2) logging level of the driver by modifying this file.
-References:
- http://www.openwall.com/lists/oss-security/2009/11/13/1
- https://bugzilla.redhat.com/show_bug.cgi?id=526068
-Notes:
- poll_mode_io aspect of this issue got its own id, CVE-2009-3939
-Bugs:
-upstream: released (2.6.27) [66dca9b8]
-linux-2.6: released (2.6.27-1)
-2.6.18-etch-security: N/A (Vulnerable code not present)
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/megaraid_sas-fix-sysfs-dbg_lvl-permissions.patch]
-2.6.26-lenny-security: released (2.6.26-21) [bugfix/all/megaraid_sas-fix-sysfs-dbg_lvl-permissions.patch]
-
-
Deleted: active/CVE-2009-4005
===================================================================
--- active/CVE-2009-4005 2010-03-04 23:25:24 UTC (rev 1758)
+++ active/CVE-2009-4005 2010-03-04 23:30:06 UTC (rev 1759)
@@ -1,14 +0,0 @@
-Candidate: CVE-2009-4005
-Description:
- buffer overflow in hfc_usb
-References:
- http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4005
-Notes:
-Bugs:
-upstream: released (2.6.32-rc7) [286e633e]
-2.6.31-upstream-stable: N/A
-linux-2.6: released (2.6.32-1)
-2.6.18-etch-security: released (2.6.18.dfsg.1-26etch2) [bugfix/all/isdn-hfc_usb-fix-read-buffer-overflow.patch]
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/isdn-hfc_usb-fix-read-buffer-overflow.patch]
-2.6.26-lenny-security: released (2.6.26-21) [bugfix/all/isdn-hfc_usb-fix-read-buffer-overflow.patch]
-2.6.32-squeeze-security: released (2.6.32-1)
Deleted: active/CVE-2009-4020
===================================================================
--- active/CVE-2009-4020 2010-03-04 23:25:24 UTC (rev 1758)
+++ active/CVE-2009-4020 2010-03-04 23:30:06 UTC (rev 1759)
@@ -1,14 +0,0 @@
-Candidate: CVE-2009-4020
-Description:
- hfs buffer overflow
-References:
- http://www.openwall.com/lists/oss-security/2009/12/04/1
-Notes:
-Bugs:
-upstream: released (2.6.33-rc1) [ec81aecb]
-2.6.32-upstream-stable: released (2.6.32.2) [037b7867]
-linux-2.6: released (2.6.32-3)
-2.6.18-etch-security: released (2.6.18.dfsg.1-26etch2) [bugfix/all/hfs-fix-a-potential-buffer-overflow.patch]
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/hfs-fix-a-potential-buffer-overflow.patch]
-2.6.26-lenny-security: released (2.6.26-21) [bugfix/all/hfs-fix-a-potential-buffer-overflow.patch]
-2.6.32-squeeze-security: released (2.6.32-3)
Deleted: active/CVE-2009-4021
===================================================================
--- active/CVE-2009-4021 2010-03-04 23:25:24 UTC (rev 1758)
+++ active/CVE-2009-4021 2010-03-04 23:30:06 UTC (rev 1759)
@@ -1,14 +0,0 @@
-Candidate: CVE-2009-4021
-Description:
- fuse null ptr dereference
-References:
- http://www.openwall.com/lists/oss-security/2009/11/19/1
-Notes:
- introduced in 2.6.14
-Bugs:
-upstream: released (2.6.32-rc7) [f60311d5]
-linux-2.6: released (2.6.32-1)
-2.6.18-etch-security: released (2.6.18.dfsg.1-26etch2) [bugfix/all/fuse-prevent-fuse_put_request-on-invalid-pointer.patch]
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/fuse-prevent-fuse_put_request-on-invalid-pointer.patch]
-2.6.26-lenny-security: released (2.6.26-21) [bugfix/all/fuse-prevent-fuse_put_request-on-invalid-pointer.patch]
-2.6.32-squeeze-security: released (2.6.32-1)
Deleted: active/CVE-2009-4138
===================================================================
--- active/CVE-2009-4138 2010-03-04 23:25:24 UTC (rev 1758)
+++ active/CVE-2009-4138 2010-03-04 23:30:06 UTC (rev 1759)
@@ -1,14 +0,0 @@
-Candidate: CVE-2009-4138
-Description:
- firewire: ohci: handle receive packets with a data length of zero
-References:
- http://www.openwall.com/lists/oss-security/2009/12/15/1
-Notes:
-Bugs:
-upstream: released (2.6.33-rc1) [8c0c0cc2]
-2.6.32-upstream-stable: released (2.6.32.2) [e39b7b49]
-linux-2.6: released (2.6.32-3)
-2.6.18-etch-security: N/A "ohci introduced in 2.6.22"
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/firewire-ohci-handle-receive-packets-with-a-data-length-of-zero.patch]
-2.6.26-lenny-security: released (2.6.26-21) [bugfix/all/firewire-ohci-handle-receive-packets-with-a-data-length-of-zero.patch]
-2.6.32-squeeze-security: released (2.6.32-3)
Deleted: active/CVE-2009-4141
===================================================================
--- active/CVE-2009-4141 2010-03-04 23:25:24 UTC (rev 1758)
+++ active/CVE-2009-4141 2010-03-04 23:30:06 UTC (rev 1759)
@@ -1,19 +0,0 @@
-Candidate: CVE-2009-4141
-Description:
- fasync issue
-References:
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4141
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=53281b6d3
-Notes:
- Believed to have been introduced in 233e70f in 2.6.28-rc3.
- Might make sense to backport to stable as a precaution.
-Bugs:
-jmm> Commit 53281b6d
-upstream: released (2.6.32.4)
-2.6.32-upstream-stable: released (2.6.32.4)
-linux-2.6: released (2.6.32-6) [bugfix/all/fasync-split-fasync_helper.patch]
-2.6.18-etch-security: N/A
-2.6.24-etch-security: N/A
-2.6.26-lenny-security: N/A
-2.6.32-squeeze-security: released (2.6.32-6) [bugfix/all/fasync-split-fasync_helper.patch]
-
Deleted: active/CVE-2009-4308
===================================================================
--- active/CVE-2009-4308 2010-03-04 23:25:24 UTC (rev 1758)
+++ active/CVE-2009-4308 2010-03-04 23:30:06 UTC (rev 1759)
@@ -1,13 +0,0 @@
-Candidate: CVE-2009-4308
-Description:
-References:
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4308
-Notes:
-Bugs:
-upstream: released (2.6.32) [78f1ddbb]
-2.6.31-upstream-stable: released (2.6.31.8) [4ef61f0a]
-linux-2.6: released (2.6.32-1)
-2.6.18-etch-security: N/A "ext4 introduced in 2.6.19"
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/ext4-avoid-null-pointer-deref-when-decoding-EROFS-wo-a-journal.patch]
-2.6.26-lenny-security: released (2.6.26-21) [bugfix/all/ext4-avoid-null-pointer-deref-when-decoding-EROFS-wo-a-journal.patch]
-2.6.32-squeeze-security: released (2.6.32-1)
Deleted: active/CVE-2009-4536
===================================================================
--- active/CVE-2009-4536 2010-03-04 23:25:24 UTC (rev 1758)
+++ active/CVE-2009-4536 2010-03-04 23:30:06 UTC (rev 1759)
@@ -1,16 +0,0 @@
-Candidate: CVE-2009-4536
-Description:
- regression in e1000 driver
-References:
- http://www.openwall.com/lists/oss-security/2009/12/31/1
-Notes:
- jmm> Commit 40a14deaf411592b57cb0720f0e8004293ab9865
- jmm> Submitted for 2.6.32 stable
-Bugs:
-upstream: released (2.6.33-rc6) [40a14dea]
-2.6.32-upstream-stable:
-linux-2.6: released (2.6.32-6) [bugfix/all/e1000-enhance-frame-fragment-detection.patch]
-2.6.18-etch-security: released (2.6.18.dfsg.1-26etch2) [bugfix/all/e1000-enhance-frame-fragment-detection.patch]
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/e1000-enhance-frame-fragment-detection.patch]
-2.6.26-lenny-security: released (2.6.26-21lenny1) [bugfix/all/e1000-enhance-frame-fragment-detection.patch]
-2.6.32-squeeze-security: released (2.6.32-6) [bugfix/all/e1000-enhance-frame-fragment-detection.patch]
Deleted: active/CVE-2009-4538
===================================================================
--- active/CVE-2009-4538 2010-03-04 23:25:24 UTC (rev 1758)
+++ active/CVE-2009-4538 2010-03-04 23:30:06 UTC (rev 1759)
@@ -1,16 +0,0 @@
-Candidate:CVE-2009-4538
-Description:
- regression in e1000e driver
-References:
- http://www.openwall.com/lists/oss-security/2009/12/31/1
-Notes:
- jmm> commit b94b50289622e816adc9f94111cfc2679c80177c
- jmm> Submitted for 2.6.32 stable
-Bugs:
-upstream: released (2.6.33-rc6) [b94b5028]
-2.6.32-upstream-stable:
-linux-2.6: released (2.6.32-6) [bugfix/all/e1000e-enhance-fragment-detection.patch]
-2.6.18-etch-security: N/A "no e1000e"
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/e1000e-enhance-frame-fragment-detection.patch]
-2.6.26-lenny-security: released (2.6.26-21lenny1) [bugfix/all/e1000e-enhance-frame-fragment-detection.patch]
-2.6.32-squeeze-security: released (2.6.32-6) [bugfix/all/e1000e-enhance-fragment-detection.patch]
Deleted: active/CVE-2010-0003
===================================================================
--- active/CVE-2010-0003 2010-03-04 23:25:24 UTC (rev 1758)
+++ active/CVE-2010-0003 2010-03-04 23:30:06 UTC (rev 1759)
@@ -1,14 +0,0 @@
-Candidate: CVE-2010-0003
-Description:
- kernel info leak if print-fatal-signals=1
-References:
- http://www.openwall.com/lists/oss-security/2010/01/12/1
-Notes:
-Bugs:
-upstream: released (2.6.33-rc4) [b45c6e76bc]
-2.6.32-upstream-stable: released (2.6.32.4)
-linux-2.6: released (2.6.32-6) [bugfix/all/stable/2.6.32.4.patch]
-2.6.18-etch-security: N/A "print-fatal-signals didn't exist yet"
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/signal-fix-information-leak-with-print-fatal-signals.patch]
-2.6.26-lenny-security: released (2.6.26-21lenny1) [bugfix/all/signal-fix-information-leak-with-print-fatal-signals.patch]
-2.6.32-squeeze-security: released (2.6.32-6) [bugfix/all/stable/2.6.32.4.patch]
Deleted: active/CVE-2010-0006
===================================================================
--- active/CVE-2010-0006 2010-03-04 23:25:24 UTC (rev 1758)
+++ active/CVE-2010-0006 2010-03-04 23:30:06 UTC (rev 1759)
@@ -1,17 +0,0 @@
-Candidate: CVE-2010-0006
-Description:
- ipv6: skb_dst() null ptr dereference
-References:
- http://www.openwall.com/lists/oss-security/2010/01/14/2
-Notes:
- oss-sec posting says that this codebase is not turned
- on in most cases in oss-sec posting, so likely not a
- very high urgency issue
-Bugs:
-upstream: released (2.6.33) (2570a4f5428bcdb1077622342181755741e7fa60)
-2.6.32-upstream-stable: released (2.6.32.4)
-linux-2.6: released (2.6.32-6)
-2.6.18-etch-security: N/A "introduced in 2.6.28 commit 483a47d2"
-2.6.24-etch-security: N/A "introduced in 2.6.28 commit 483a47d2"
-2.6.26-lenny-security: N/A "introduced in 2.6.28 commit 483a47d2"
-2.6.32-squeeze-security: released (2.6.32-6)
Deleted: active/CVE-2010-0007
===================================================================
--- active/CVE-2010-0007 2010-03-04 23:25:24 UTC (rev 1758)
+++ active/CVE-2010-0007 2010-03-04 23:30:06 UTC (rev 1759)
@@ -1,13 +0,0 @@
-Candidate: CVE-2010-0007
-Description:
- normal users can modify etables rules
-References:
-Notes:
-Bugs:
-upstream: released (2.6.33-rc4) [dce766a]
-2.6.32-upstream-stable: released (2.6.32.4)
-linux-2.6: released (2.6.32-6) [bugfix/all/stable/2.6.32.4.patch]
-2.6.18-etch-security: released (2.6.18.dfsg.1-26etch2) [bugfix/all/netfilter-ebtables-enforce-CAP_NET_ADMIN.patch]
-2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/netfilter-ebtables-enforce-CAP_NET_ADMIN.patch]
-2.6.26-lenny-security: released (2.6.26-21lenny1) [bugfix/all/netfilter-ebtables-enforce-CAP_NET_ADMIN.patch]
-2.6.32-squeeze-security: released (2.6.32-6) [bugfix/all/stable/2.6.32.4.patch]
Copied: retired/CVE-2009-2691 (from rev 1758, active/CVE-2009-2691)
===================================================================
--- retired/CVE-2009-2691 (rev 0)
+++ retired/CVE-2009-2691 2010-03-04 23:30:06 UTC (rev 1759)
@@ -0,0 +1,14 @@
+Candidate: CVE-2009-2691
+Description:
+ The mm_for_maps function in fs/proc/base.c in the Linux kernel 2.6.30.4 and earlier
+ allows local users to read (1) maps and (2) smaps files under proc/ via vectors
+ related to ELF loading, a setuid process, and a race condition.
+References:
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.31-rc6) [13f0fea, 00f89d2, 704b836], released (2.6.30.5) [95d7e670e3158b6a52a8279290a0d6f7047250b4, 17dc3e97d6d51df33cb6e35fabb62b91ef14cf2c, c6d59cb0341e2c3aed3eb65cbf166a686c3443aa]
+linux-2.6: released (2.6.30-7)
+2.6.18-etch-security: ignored (end of life)
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/maps-visible-during-initial-setuid-ELF-loading.patch]
+2.6.26-lenny-security: released (2.6.26-21) [bugfix/all/maps-visible-during-initial-setuid-ELF-loading.patch]
Copied: retired/CVE-2009-2695 (from rev 1756, active/CVE-2009-2695)
===================================================================
--- retired/CVE-2009-2695 (rev 0)
+++ retired/CVE-2009-2695 2010-03-04 23:30:06 UTC (rev 1759)
@@ -0,0 +1,21 @@
+Candidate: CVE-2009-2695
+Description:
+ The Linux kernel before 2.6.31-rc7 does not properly prevent mmap operations that
+ target page zero and other low memory addresses, which allows local users to gain
+ privileges by exploiting NULL pointer dereference vulnerabilities, related to (1)
+ the default configuration of the allow_unconfined_mmap_low boolean in SELinux on
+ Red Hat Enterprise Linux (RHEL) 5, (2) an error that causes
+ allow_unconfined_mmap_low to be ignored in the unconfined_t domain, (3) lack of a
+ requirement for the CAP_SYS_RAWIO capability for these mmap operations, and (4)
+ interaction between the mmap_min_addr protection mechanism and certain application
+ programs.
+References:
+ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2695
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.31-rc7)
+linux-2.6: released (2.6.31-1)
+2.6.18-etch-security: N/A "no mmap_min_addr"
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/security-use-mmap_min_addr-independently-of-security-models.patch, bugfix/all/selinux-call-cap_file_mmap-in-selinux_file_mmap.patch, bugfix/all/capabilities-move-cap_file_mmap-to-commoncap.c.patch, bugfix/all/security-seperate-lsm-specific-mmap_min_addr.patch, bugfix/all/security-define-round_hint_to_min-when-CONFIG_SECURITY-is-off.patch]
+2.6.26-lenny-security: released (2.6.26-19lenny1) [bugfix/all/security-use-mmap_min_addr-independently-of-security-models.patch, bugfix/all/selinux-call-cap_file_mmap-in-selinux_file_mmap.patch, bugfix/all/capabilities-move-cap_file_mmap-to-commoncap.c.patch, bugfix/all/security-seperate-lsm-specific-mmap_min_addr.patch, bugfix/all/security-define-round_hint_to_min-when-CONFIG_SECURITY-is-off.patch]
Copied: retired/CVE-2009-3080 (from rev 1757, active/CVE-2009-3080)
===================================================================
--- retired/CVE-2009-3080 (rev 0)
+++ retired/CVE-2009-3080 2010-03-04 23:30:06 UTC (rev 1759)
@@ -0,0 +1,13 @@
+Candidate: CVE-2009-3080
+Description:
+ index error in gdth_read_event
+References:
+ http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3080
+Notes:
+Bugs:
+upstream: released (2.6.32-rc8) [690e7448]
+2.6.31-upstream-stable: released (2.6.31.7) [17438898]
+linux-2.6: released (2.6.32-1)
+2.6.18-etch-security: released (2.6.18.dfsg.1-26etch2) [bugfix/all/gdth-prevent-negative-offsets-in-ioctl.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/gdth-prevent-negative-offsets-in-ioctl.patch]
+2.6.26-lenny-security: released (2.6.26-21) [bugfix/all/gdth-prevent-negative-offsets-in-ioctl.patch]
Copied: retired/CVE-2009-3613 (from rev 1754, active/CVE-2009-3613)
===================================================================
--- retired/CVE-2009-3613 (rev 0)
+++ retired/CVE-2009-3613 2010-03-04 23:30:06 UTC (rev 1759)
@@ -0,0 +1,14 @@
+Candidate: CVE-2009-3613
+Description:
+References:
+ http://git.kernel.org/linus/a866bbf6aacf95f849810079442a20be118ce905
+ http://git.kernel.org/linus/97d477a914b146e7e6722ded21afa79886ae8ccd
+ http://bugzilla.kernel.org/show_bug.cgi?id=9468
+ https://bugzilla.redhat.com/show_bug.cgi?id=529137
+Notes:
+Bugs:
+upstream: released (2.6.29) [a866bbf, 97d477a]
+linux-2.6: released (2.6.29-1)
+2.6.18-etch-security: ignored (EOL)
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch1) [bugfix/all/r8169-balance-pci_map-pci_unmap-pair.patch, bugfix/all/r8169-use-hardware-auto-padding.patch]
+2.6.26-lenny-security: released (2.6.26-19lenny1) [bugfix/all/r8169-use-hardware-auto-padding.patch]
Copied: retired/CVE-2009-3726 (from rev 1757, active/CVE-2009-3726)
===================================================================
--- retired/CVE-2009-3726 (rev 0)
+++ retired/CVE-2009-3726 2010-03-04 23:30:06 UTC (rev 1759)
@@ -0,0 +1,13 @@
+Candidate: CVE-2009-3726
+Description:
+ null ptr dereference in nfs4_proc_lock
+References:
+ http://www.openwall.com/lists/oss-security/2009/11/05/1
+ http://xorl.wordpress.com/2009/11/07/cve-2009-3726-linux-kernel-nfsv4-null-pointer-dereference/
+Notes:
+Bugs:
+upstream: released (2.6.31) [d953126a28f97ec965d23c69fd5795854c048f30]
+linux-2.6: released (2.6.31-1)
+2.6.18-etch-security: released (2.6.18.dfsg.1-26etch2) [bugfix/all/nfsv4-buggy-server-oops.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/nfsv4-buggy-server-oops.patch]
+2.6.26-lenny-security: released (2.6.26-21) [bugfix/all/nfsv4-buggy-server-oops.patch]
Copied: retired/CVE-2009-3889 (from rev 1756, active/CVE-2009-3889)
===================================================================
--- retired/CVE-2009-3889 (rev 0)
+++ retired/CVE-2009-3889 2010-03-04 23:30:06 UTC (rev 1759)
@@ -0,0 +1,18 @@
+Candidate: CVE-2009-3889
+Description:
+ The dbg_lvl file for the megaraid_sas driver in the Linux kernel before
+ 2.6.27 has world-writable permissions, which allows local users to change
+ the (1) behavior and (2) logging level of the driver by modifying this file.
+References:
+ http://www.openwall.com/lists/oss-security/2009/11/13/1
+ https://bugzilla.redhat.com/show_bug.cgi?id=526068
+Notes:
+ poll_mode_io aspect of this issue got its own id, CVE-2009-3939
+Bugs:
+upstream: released (2.6.27) [66dca9b8]
+linux-2.6: released (2.6.27-1)
+2.6.18-etch-security: N/A (Vulnerable code not present)
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/megaraid_sas-fix-sysfs-dbg_lvl-permissions.patch]
+2.6.26-lenny-security: released (2.6.26-21) [bugfix/all/megaraid_sas-fix-sysfs-dbg_lvl-permissions.patch]
+
+
Copied: retired/CVE-2009-4005 (from rev 1757, active/CVE-2009-4005)
===================================================================
--- retired/CVE-2009-4005 (rev 0)
+++ retired/CVE-2009-4005 2010-03-04 23:30:06 UTC (rev 1759)
@@ -0,0 +1,14 @@
+Candidate: CVE-2009-4005
+Description:
+ buffer overflow in hfc_usb
+References:
+ http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4005
+Notes:
+Bugs:
+upstream: released (2.6.32-rc7) [286e633e]
+2.6.31-upstream-stable: N/A
+linux-2.6: released (2.6.32-1)
+2.6.18-etch-security: released (2.6.18.dfsg.1-26etch2) [bugfix/all/isdn-hfc_usb-fix-read-buffer-overflow.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/isdn-hfc_usb-fix-read-buffer-overflow.patch]
+2.6.26-lenny-security: released (2.6.26-21) [bugfix/all/isdn-hfc_usb-fix-read-buffer-overflow.patch]
+2.6.32-squeeze-security: released (2.6.32-1)
Copied: retired/CVE-2009-4020 (from rev 1757, active/CVE-2009-4020)
===================================================================
--- retired/CVE-2009-4020 (rev 0)
+++ retired/CVE-2009-4020 2010-03-04 23:30:06 UTC (rev 1759)
@@ -0,0 +1,14 @@
+Candidate: CVE-2009-4020
+Description:
+ hfs buffer overflow
+References:
+ http://www.openwall.com/lists/oss-security/2009/12/04/1
+Notes:
+Bugs:
+upstream: released (2.6.33-rc1) [ec81aecb]
+2.6.32-upstream-stable: released (2.6.32.2) [037b7867]
+linux-2.6: released (2.6.32-3)
+2.6.18-etch-security: released (2.6.18.dfsg.1-26etch2) [bugfix/all/hfs-fix-a-potential-buffer-overflow.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/hfs-fix-a-potential-buffer-overflow.patch]
+2.6.26-lenny-security: released (2.6.26-21) [bugfix/all/hfs-fix-a-potential-buffer-overflow.patch]
+2.6.32-squeeze-security: released (2.6.32-3)
Copied: retired/CVE-2009-4021 (from rev 1757, active/CVE-2009-4021)
===================================================================
--- retired/CVE-2009-4021 (rev 0)
+++ retired/CVE-2009-4021 2010-03-04 23:30:06 UTC (rev 1759)
@@ -0,0 +1,14 @@
+Candidate: CVE-2009-4021
+Description:
+ fuse null ptr dereference
+References:
+ http://www.openwall.com/lists/oss-security/2009/11/19/1
+Notes:
+ introduced in 2.6.14
+Bugs:
+upstream: released (2.6.32-rc7) [f60311d5]
+linux-2.6: released (2.6.32-1)
+2.6.18-etch-security: released (2.6.18.dfsg.1-26etch2) [bugfix/all/fuse-prevent-fuse_put_request-on-invalid-pointer.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/fuse-prevent-fuse_put_request-on-invalid-pointer.patch]
+2.6.26-lenny-security: released (2.6.26-21) [bugfix/all/fuse-prevent-fuse_put_request-on-invalid-pointer.patch]
+2.6.32-squeeze-security: released (2.6.32-1)
Copied: retired/CVE-2009-4138 (from rev 1756, active/CVE-2009-4138)
===================================================================
--- retired/CVE-2009-4138 (rev 0)
+++ retired/CVE-2009-4138 2010-03-04 23:30:06 UTC (rev 1759)
@@ -0,0 +1,14 @@
+Candidate: CVE-2009-4138
+Description:
+ firewire: ohci: handle receive packets with a data length of zero
+References:
+ http://www.openwall.com/lists/oss-security/2009/12/15/1
+Notes:
+Bugs:
+upstream: released (2.6.33-rc1) [8c0c0cc2]
+2.6.32-upstream-stable: released (2.6.32.2) [e39b7b49]
+linux-2.6: released (2.6.32-3)
+2.6.18-etch-security: N/A "ohci introduced in 2.6.22"
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/firewire-ohci-handle-receive-packets-with-a-data-length-of-zero.patch]
+2.6.26-lenny-security: released (2.6.26-21) [bugfix/all/firewire-ohci-handle-receive-packets-with-a-data-length-of-zero.patch]
+2.6.32-squeeze-security: released (2.6.32-3)
Copied: retired/CVE-2009-4141 (from rev 1754, active/CVE-2009-4141)
===================================================================
--- retired/CVE-2009-4141 (rev 0)
+++ retired/CVE-2009-4141 2010-03-04 23:30:06 UTC (rev 1759)
@@ -0,0 +1,19 @@
+Candidate: CVE-2009-4141
+Description:
+ fasync issue
+References:
+ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4141
+ http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=53281b6d3
+Notes:
+ Believed to have been introduced in 233e70f in 2.6.28-rc3.
+ Might make sense to backport to stable as a precaution.
+Bugs:
+jmm> Commit 53281b6d
+upstream: released (2.6.32.4)
+2.6.32-upstream-stable: released (2.6.32.4)
+linux-2.6: released (2.6.32-6) [bugfix/all/fasync-split-fasync_helper.patch]
+2.6.18-etch-security: N/A
+2.6.24-etch-security: N/A
+2.6.26-lenny-security: N/A
+2.6.32-squeeze-security: released (2.6.32-6) [bugfix/all/fasync-split-fasync_helper.patch]
+
Copied: retired/CVE-2009-4308 (from rev 1756, active/CVE-2009-4308)
===================================================================
--- retired/CVE-2009-4308 (rev 0)
+++ retired/CVE-2009-4308 2010-03-04 23:30:06 UTC (rev 1759)
@@ -0,0 +1,13 @@
+Candidate: CVE-2009-4308
+Description:
+References:
+ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4308
+Notes:
+Bugs:
+upstream: released (2.6.32) [78f1ddbb]
+2.6.31-upstream-stable: released (2.6.31.8) [4ef61f0a]
+linux-2.6: released (2.6.32-1)
+2.6.18-etch-security: N/A "ext4 introduced in 2.6.19"
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/ext4-avoid-null-pointer-deref-when-decoding-EROFS-wo-a-journal.patch]
+2.6.26-lenny-security: released (2.6.26-21) [bugfix/all/ext4-avoid-null-pointer-deref-when-decoding-EROFS-wo-a-journal.patch]
+2.6.32-squeeze-security: released (2.6.32-1)
Copied: retired/CVE-2009-4536 (from rev 1757, active/CVE-2009-4536)
===================================================================
--- retired/CVE-2009-4536 (rev 0)
+++ retired/CVE-2009-4536 2010-03-04 23:30:06 UTC (rev 1759)
@@ -0,0 +1,16 @@
+Candidate: CVE-2009-4536
+Description:
+ regression in e1000 driver
+References:
+ http://www.openwall.com/lists/oss-security/2009/12/31/1
+Notes:
+ jmm> Commit 40a14deaf411592b57cb0720f0e8004293ab9865
+ jmm> Submitted for 2.6.32 stable
+Bugs:
+upstream: released (2.6.33-rc6) [40a14dea]
+2.6.32-upstream-stable:
+linux-2.6: released (2.6.32-6) [bugfix/all/e1000-enhance-frame-fragment-detection.patch]
+2.6.18-etch-security: released (2.6.18.dfsg.1-26etch2) [bugfix/all/e1000-enhance-frame-fragment-detection.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/e1000-enhance-frame-fragment-detection.patch]
+2.6.26-lenny-security: released (2.6.26-21lenny1) [bugfix/all/e1000-enhance-frame-fragment-detection.patch]
+2.6.32-squeeze-security: released (2.6.32-6) [bugfix/all/e1000-enhance-frame-fragment-detection.patch]
Copied: retired/CVE-2009-4538 (from rev 1756, active/CVE-2009-4538)
===================================================================
--- retired/CVE-2009-4538 (rev 0)
+++ retired/CVE-2009-4538 2010-03-04 23:30:06 UTC (rev 1759)
@@ -0,0 +1,16 @@
+Candidate:CVE-2009-4538
+Description:
+ regression in e1000e driver
+References:
+ http://www.openwall.com/lists/oss-security/2009/12/31/1
+Notes:
+ jmm> commit b94b50289622e816adc9f94111cfc2679c80177c
+ jmm> Submitted for 2.6.32 stable
+Bugs:
+upstream: released (2.6.33-rc6) [b94b5028]
+2.6.32-upstream-stable:
+linux-2.6: released (2.6.32-6) [bugfix/all/e1000e-enhance-fragment-detection.patch]
+2.6.18-etch-security: N/A "no e1000e"
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/e1000e-enhance-frame-fragment-detection.patch]
+2.6.26-lenny-security: released (2.6.26-21lenny1) [bugfix/all/e1000e-enhance-frame-fragment-detection.patch]
+2.6.32-squeeze-security: released (2.6.32-6) [bugfix/all/e1000e-enhance-fragment-detection.patch]
Copied: retired/CVE-2010-0003 (from rev 1756, active/CVE-2010-0003)
===================================================================
--- retired/CVE-2010-0003 (rev 0)
+++ retired/CVE-2010-0003 2010-03-04 23:30:06 UTC (rev 1759)
@@ -0,0 +1,14 @@
+Candidate: CVE-2010-0003
+Description:
+ kernel info leak if print-fatal-signals=1
+References:
+ http://www.openwall.com/lists/oss-security/2010/01/12/1
+Notes:
+Bugs:
+upstream: released (2.6.33-rc4) [b45c6e76bc]
+2.6.32-upstream-stable: released (2.6.32.4)
+linux-2.6: released (2.6.32-6) [bugfix/all/stable/2.6.32.4.patch]
+2.6.18-etch-security: N/A "print-fatal-signals didn't exist yet"
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/signal-fix-information-leak-with-print-fatal-signals.patch]
+2.6.26-lenny-security: released (2.6.26-21lenny1) [bugfix/all/signal-fix-information-leak-with-print-fatal-signals.patch]
+2.6.32-squeeze-security: released (2.6.32-6) [bugfix/all/stable/2.6.32.4.patch]
Copied: retired/CVE-2010-0006 (from rev 1754, active/CVE-2010-0006)
===================================================================
--- retired/CVE-2010-0006 (rev 0)
+++ retired/CVE-2010-0006 2010-03-04 23:30:06 UTC (rev 1759)
@@ -0,0 +1,17 @@
+Candidate: CVE-2010-0006
+Description:
+ ipv6: skb_dst() null ptr dereference
+References:
+ http://www.openwall.com/lists/oss-security/2010/01/14/2
+Notes:
+ oss-sec posting says that this codebase is not turned
+ on in most cases in oss-sec posting, so likely not a
+ very high urgency issue
+Bugs:
+upstream: released (2.6.33) (2570a4f5428bcdb1077622342181755741e7fa60)
+2.6.32-upstream-stable: released (2.6.32.4)
+linux-2.6: released (2.6.32-6)
+2.6.18-etch-security: N/A "introduced in 2.6.28 commit 483a47d2"
+2.6.24-etch-security: N/A "introduced in 2.6.28 commit 483a47d2"
+2.6.26-lenny-security: N/A "introduced in 2.6.28 commit 483a47d2"
+2.6.32-squeeze-security: released (2.6.32-6)
Copied: retired/CVE-2010-0007 (from rev 1757, active/CVE-2010-0007)
===================================================================
--- retired/CVE-2010-0007 (rev 0)
+++ retired/CVE-2010-0007 2010-03-04 23:30:06 UTC (rev 1759)
@@ -0,0 +1,13 @@
+Candidate: CVE-2010-0007
+Description:
+ normal users can modify etables rules
+References:
+Notes:
+Bugs:
+upstream: released (2.6.33-rc4) [dce766a]
+2.6.32-upstream-stable: released (2.6.32.4)
+linux-2.6: released (2.6.32-6) [bugfix/all/stable/2.6.32.4.patch]
+2.6.18-etch-security: released (2.6.18.dfsg.1-26etch2) [bugfix/all/netfilter-ebtables-enforce-CAP_NET_ADMIN.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/netfilter-ebtables-enforce-CAP_NET_ADMIN.patch]
+2.6.26-lenny-security: released (2.6.26-21lenny1) [bugfix/all/netfilter-ebtables-enforce-CAP_NET_ADMIN.patch]
+2.6.32-squeeze-security: released (2.6.32-6) [bugfix/all/stable/2.6.32.4.patch]
More information about the kernel-sec-discuss
mailing list