[kernel-sec-discuss] r2455 - active

Moritz Muehlenhoff jmm at alioth.debian.org
Sat Aug 20 21:04:48 UTC 2011 

Author: jmm
Date: 2011-08-20 21:04:47 +0000 (Sat, 20 Aug 2011)
New Revision: 2455

Modified:
   active/CVE-2010-2943
   active/CVE-2011-1019
   active/CVE-2011-1577
Log:
two issues will be ignored for lenny


Modified: active/CVE-2010-2943
===================================================================
--- active/CVE-2010-2943	2011-08-17 14:02:05 UTC (rev 2454)
+++ active/CVE-2010-2943	2011-08-20 21:04:47 UTC (rev 2455)
@@ -10,5 +10,5 @@
 upstream: release (2.6.35) [7dce11db,7124fe0a,1920779e,7b6259e7]
 2.6.32-upstream-stable: released (2.6.32.30)
 sid: released (2.6.37-1) [bugfix/all/xfs-always-use-iget-in-bulkstat.patch, bugfix/all/xfs-validate-untrusted-inode-numbers-during-lookup.patch, bugfix/all/xfs-rename-XFS_IGET_BULKSTAT-to-XFS_IGET_UNTRUSTED.patch, bugfix/all/xfs-remove-block-number-from-inode-lookup-code.patch, bugfix/all/xfs-fix-untrusted-inode-number-lookup.patch]
-2.6.26-lenny-security: needed "test case fails on 2.6.26"
+2.6.26-lenny-security: ignored "backport too complex/risky for little risk"
 2.6.32-squeeze-security: released (2.6.32-31) [bugfix/all/xfs-always-use-iget-in-bulkstat.patch, bugfix/all/xfs-validate-untrusted-inode-numbers-during-lookup.patch, bugfix/all/xfs-rename-XFS_IGET_BULKSTAT-to-XFS_IGET_UNTRUSTED.patch, bugfix/all/xfs-remove-block-number-from-inode-lookup-code.patch, bugfix/all/xfs-fix-untrusted-inode-number-lookup.patch]

Modified: active/CVE-2011-1019
===================================================================
--- active/CVE-2011-1019	2011-08-17 14:02:05 UTC (rev 2454)
+++ active/CVE-2011-1019	2011-08-20 21:04:47 UTC (rev 2455)
@@ -3,9 +3,12 @@
  https://lkml.org/lkml/2011/2/24/203
 References:
 Notes:
+ jmm> We won't fix this for Squeeze. This only applies to non-standard setups with fine
+ jmm> grained security capability models, and an attacker can only load modules from
+ jmm> /lib/modules, which is only writable with root privs
 Bugs:
 upstream: released (2.6.38) [8909c9ad8ff03611c9c96c9a92656213e4bb495b, 6dfbd87a20a737641ef228230c77f4262434fa24]
 2.6.32-upstream-stable: released (2.6.32.33)
 sid: released (2.6.38-1)
 2.6.26-lenny-security: N/A "Introduced in 2.6.32 with commit a8f80e8ff94ecba629542d9b4b5f5a8ee3eb565c"
-2.6.32-squeeze-security: needed "was deferred when 2.6.32.33 was applied"
+2.6.32-squeeze-security: ignored 

Modified: active/CVE-2011-1577
===================================================================
--- active/CVE-2011-1577	2011-08-17 14:02:05 UTC (rev 2454)
+++ active/CVE-2011-1577	2011-08-20 21:04:47 UTC (rev 2455)
@@ -4,6 +4,7 @@
  http://www.pre-cert.de/advisories/PRE-SA-2011-03.txt
  http://www.spinics.net/lists/mm-commits/msg83274.html
 Notes:
+ jmm> Submitted for 2.6.32.46
 Bugs:
 upstream: released (3.0-rc1) [3eb8e74ec72736b9b9d728bad30484ec89c91dde]
 2.6.32-upstream-stable: needed

More information about the kernel-sec-discuss mailing list