[kernel-sec-discuss] r1993 - active retired

Moritz Muehlenhoff jmm at alioth.debian.org
Fri Oct 8 14:05:42 UTC 2010 

Author: jmm
Date: 2010-10-08 14:05:33 +0000 (Fri, 08 Oct 2010)
New Revision: 1993

Added:
   retired/CVE-2010-3079
Removed:
   active/CVE-2010-3079
Log:
retire issue


Deleted: active/CVE-2010-3079
===================================================================
--- active/CVE-2010-3079	2010-10-08 14:03:15 UTC (rev 1992)
+++ active/CVE-2010-3079	2010-10-08 14:05:33 UTC (rev 1993)
@@ -1,15 +0,0 @@
-Candidate: CVE-2010-3079
-Description:
- kernel/trace/ftrace.c in the Linux kernel before 2.6.35.5, when debugfs is enabled,
- does not properly handle interaction between mutex possession and llseek operations,
- which allows local users to cause a denial of service (outage of all function tracing
- files) via an lseek call on a file descriptor associated with the set_ftrace_filter file. 
-References:
- 9c55cb12c1c172e2d51e85fbb5a4796ca86b77e7
-Notes:
-Bugs:
-upstream: released (2.6.35.5)
-2.6.32-upstream-stable: released (2.6.32.22)
-linux-2.6: released (2.6.32-24)
-2.6.26-lenny-security: N/A (Introduced in 2.6.30 (8fc0c701), ftrace not present anyway)
-2.6.32-squeeze-security: released (2.6.32-24)

Copied: retired/CVE-2010-3079 (from rev 1992, active/CVE-2010-3079)
===================================================================
--- retired/CVE-2010-3079	                        (rev 0)
+++ retired/CVE-2010-3079	2010-10-08 14:05:33 UTC (rev 1993)
@@ -0,0 +1,15 @@
+Candidate: CVE-2010-3079
+Description:
+ kernel/trace/ftrace.c in the Linux kernel before 2.6.35.5, when debugfs is enabled,
+ does not properly handle interaction between mutex possession and llseek operations,
+ which allows local users to cause a denial of service (outage of all function tracing
+ files) via an lseek call on a file descriptor associated with the set_ftrace_filter file. 
+References:
+ 9c55cb12c1c172e2d51e85fbb5a4796ca86b77e7
+Notes:
+Bugs:
+upstream: released (2.6.35.5)
+2.6.32-upstream-stable: released (2.6.32.22)
+linux-2.6: released (2.6.32-24)
+2.6.26-lenny-security: N/A (Introduced in 2.6.30 (8fc0c701), ftrace not present anyway)
+2.6.32-squeeze-security: released (2.6.32-24)


Property changes on: retired/CVE-2010-3079
___________________________________________________________________
Added: svn:mergeinfo
   +

More information about the kernel-sec-discuss mailing list