[kernel-sec-discuss] r1830 - active retired
Michael Gilbert
gilbert-guest at alioth.debian.org
Thu May 13 02:29:31 UTC 2010
Author: gilbert-guest
Date: 2010-05-13 02:29:31 +0000 (Thu, 13 May 2010)
New Revision: 1830
Added:
active/CVE-2010-LIST_POISON-dereference
active/CVE-2010-inode-dereference
active/CVE-2010-memcontrol-null-ptr-dereference
retired/CVE-2010-1146
Removed:
active/CVE-2010-1146
Log:
retire issue and new ones fixed in 2.6.32.13
Deleted: active/CVE-2010-1146
===================================================================
--- active/CVE-2010-1146 2010-05-13 01:52:13 UTC (rev 1829)
+++ active/CVE-2010-1146 2010-05-13 02:29:31 UTC (rev 1830)
@@ -1,14 +0,0 @@
-Candidate: CVE-2010-1146
-Description:
- reiserfs privilege escalation
-References:
- http://www.openwall.com/lists/oss-security/2010/04/09/1
-Notes:
- exploit in the wild -> this is a high urgency issue:
- http://jon.oberheide.org/files/team-edward.py
-Bugs:
-upstream: needed
-2.6.32-upstream-stable: needed
-linux-2.6: released (2.6.32-12) [bugfix/all/reiserfs-fix-permissions-on-reiserfs_priv.patch]
-2.6.26-lenny-security: N/A "introduced in 2.6.30 commit 677c9b2e"
-2.6.32-squeeze-security: released (2.6.32-12) [bugfix/all/reiserfs-fix-permissions-on-reiserfs_priv.patch]
Added: active/CVE-2010-LIST_POISON-dereference
===================================================================
--- active/CVE-2010-LIST_POISON-dereference (rev 0)
+++ active/CVE-2010-LIST_POISON-dereference 2010-05-13 02:29:31 UTC (rev 1830)
@@ -0,0 +1,11 @@
+Candidate:
+Description:
+ dereferences in LIST_POINTER macros
+References:
+Notes:
+Bugs:
+upstream: released (2.6.33-rc4) [a29815a3]
+2.6.32-upstream-stable: released (2.6.32.13) [5d5890b7c]
+linux-2.6: pending (2.6.32-13) [bugfix/all/stable/2.6.32.13.patch]
+2.6.26-lenny-security:
+2.6.32-squeeze-security: pending (2.6.32-13) [bugfix/all/stable/2.6.32.13.patch]
Added: active/CVE-2010-inode-dereference
===================================================================
--- active/CVE-2010-inode-dereference (rev 0)
+++ active/CVE-2010-inode-dereference 2010-05-13 02:29:31 UTC (rev 1830)
@@ -0,0 +1,12 @@
+Candidate:
+Description:
+ inode dereference
+References:
+Notes:
+ coding error (not sure if it would be exploitable)
+Bugs:
+upstream: released (2.6.34-rc6) [b338cc82]
+2.6.32-upstream-stable: released (2.6.32.13) [e3a126e62]
+linux-2.6: pending (2.6.32-13) [bugfix/all/stable/2.6.32.13.patch]
+2.6.26-lenny-security:
+2.6.32-squeeze-security: pending (2.6.32-13) [bugfix/all/stable/2.6.32.13.patch]
Added: active/CVE-2010-memcontrol-null-ptr-dereference
===================================================================
--- active/CVE-2010-memcontrol-null-ptr-dereference (rev 0)
+++ active/CVE-2010-memcontrol-null-ptr-dereference 2010-05-13 02:29:31 UTC (rev 1830)
@@ -0,0 +1,11 @@
+Candidate:
+Description:
+ memcontrol null ptr dereference
+References:
+Notes:
+Bugs:
+upstream: released (2.6.34-rc6) [93d5c9be]
+2.6.32-upstream-stable: released (2.6.32.13) [2d554beb]
+linux-2.6: pending (2.6.32-13) [bugfix/all/stable/2.6.32.13.patch]
+2.6.26-lenny-security:
+2.6.32-squeeze-security: pending (2.6.32-13) [bugfix/all/stable/2.6.32.13.patch]
Copied: retired/CVE-2010-1146 (from rev 1829, active/CVE-2010-1146)
===================================================================
--- retired/CVE-2010-1146 (rev 0)
+++ retired/CVE-2010-1146 2010-05-13 02:29:31 UTC (rev 1830)
@@ -0,0 +1,14 @@
+Candidate: CVE-2010-1146
+Description:
+ reiserfs privilege escalation
+References:
+ http://www.openwall.com/lists/oss-security/2010/04/09/1
+Notes:
+ exploit in the wild -> this is a high urgency issue:
+ http://jon.oberheide.org/files/team-edward.py
+Bugs:
+upstream: released (2.6.34-rc6) [cac36f70]
+2.6.32-upstream-stable: released (2.6.32.13) [aab06bd2]
+linux-2.6: released (2.6.32-12) [bugfix/all/reiserfs-fix-permissions-on-reiserfs_priv.patch]
+2.6.26-lenny-security: N/A "introduced in 2.6.30 commit 677c9b2e"
+2.6.32-squeeze-security: released (2.6.32-12) [bugfix/all/reiserfs-fix-permissions-on-reiserfs_priv.patch]
More information about the kernel-sec-discuss
mailing list