[kernel-sec-discuss] r2541 - active retired
Moritz Muehlenhoff
jmm at alioth.debian.org
Tue Nov 8 09:10:52 UTC 2011
Author: jmm
Date: 2011-11-08 09:10:51 +0000 (Tue, 08 Nov 2011)
New Revision: 2541
Added:
retired/CVE-2010-4249
retired/CVE-2011-2491
retired/CVE-2011-2492
retired/CVE-2011-2496
retired/CVE-2011-2517
retired/CVE-2011-2525
retired/CVE-2011-3191
Removed:
active/CVE-2010-4249
active/CVE-2011-2491
active/CVE-2011-2492
active/CVE-2011-2496
active/CVE-2011-2517
active/CVE-2011-2525
active/CVE-2011-3191
Log:
retire
Deleted: active/CVE-2010-4249
===================================================================
--- active/CVE-2010-4249 2011-11-08 09:10:00 UTC (rev 2540)
+++ active/CVE-2010-4249 2011-11-08 09:10:51 UTC (rev 2541)
@@ -1,42 +0,0 @@
-Candidate: CVE-2010-4249
-Description:
-References:
- http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commit;h=9915672d41273f5b77f1b3c29b391ffb7732b84b
- http://thread.gmane.org/gmane.linux.network/179049/focus=179051
- http://www.spinics.net/lists/netdev/msg147946.html
- > From Eugene Teo:
- > Reproducer: http://lkml.org/lkml/2010/11/23/395
- > Partial fix: http://lkml.org/lkml/2010/11/23/450
- > Reference: https://bugzilla.redhat.com/show_bug.cgi?id=656756
-Notes:
- Note from Neil Horman in the RH bugtracker:
- Note that9915672d41273f5b77f1b3c29b391ffb7732b84b is only part of the solution.
- We also need bba14de98753cb6599a2dae0e520714b2153522d from net-next.
- .
- jmm> Looks like the following commits are needed from Linus git?
- jmm> 25888e30319f8896fc656fc68643e6a078263060
- jmm> 9915672d41273f5b77f1b3c29b391ffb7732b84b
- jmm> bba14de98753cb6599a2dae0e520714b2153522d (from net-next)
- dannf> fyi, i have the last two queued up in my tree; it has an
- dannf> abi change which i need to address properly before commit.
- dannf> tests show this was sufficient to avoid OOM'ing w/ the reproducer in
- dannf> http://lkml.org/lkml/2010/11/23/395.
- dannf> The reproducer associated with 25888e303
- dannf> (https://lkml.org/lkml/2010/11/25/8) is different; and has
- dannf> different symptoms (unkillable process vs. OOM) - perhaps it should
- dannf> have a different CVE?
- dannf>
- dannf> I've added CVE-2010-af_unix-recursion to track that issue.
- jmm> 2.6.32.40 is missing bba14, it was added in 2.6.32.47
-Bugs:
-upstream: released (2.6.38) [25888e30319f8896fc656fc68643e6a078263060, 9915672d41273f5b77f1b3c29b391ffb7732b84b, bba14de98753cb6599a2dae0e520714b2153522d]
-2.6.32-upstream-stable: released (2.6.32.47)
-sid: released (2.6.32-30) [bugfix/all/af_unix-limit-unix_tot_inflight.patch, bugfix/all/scm-lower-SCM_MAX_FD.patch]
-2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/af_unix-limit-unix_tot_inflight.patch, bugfix/all/scm-lower-SCM_MAX_FD.patch]
-2.6.32-squeeze-security: released (2.6.32-30) [bugfix/all/af_unix-limit-unix_tot_inflight.patch, bugfix/all/scm-lower-SCM_MAX_FD.patch, bugfix/all/af_unix-limit-recursion-level.patch]
-
-
-
-
-
-
Deleted: active/CVE-2011-2491
===================================================================
--- active/CVE-2011-2491 2011-11-08 09:10:00 UTC (rev 2540)
+++ active/CVE-2011-2491 2011-11-08 09:10:51 UTC (rev 2541)
@@ -1,9 +0,0 @@
-Description: NLM: Don't hang forever on NLM unlock requests
-References:
-Notes:
-Bugs:
-upstream: released (3.0-rc5) [0b760113a3a155269a3fba93a409c640031dd68f]
-2.6.32-upstream-stable: released (2.6.32.47)
-sid: released (3.0.0-1)
-2.6.26-lenny-security: released (2.6.26-24lenny4) [bugfix/all/nlm-dont-hang-forever-on-nlm-unlock-requests.patch]
-2.6.32-squeeze-security: released (2.6.32-35squeeze1) [bugfix/all/nlm-dont-hang-forever-on-nlm-unlock-requests.patch]
Deleted: active/CVE-2011-2492
===================================================================
--- active/CVE-2011-2492 2011-11-08 09:10:00 UTC (rev 2540)
+++ active/CVE-2011-2492 2011-11-08 09:10:51 UTC (rev 2541)
@@ -1,10 +0,0 @@
-Description: bluetooth leaks to userspace
-References:
- http://permalink.gmane.org/gmane.linux.bluez.kernel/12909
-Notes:
-Bugs:
-upstream: released (3.0-rc4) [8d03e971cf403305217b8e62db3a2e5ad2d6263f]
-2.6.32-upstream-stable: released (2.6.32.47)
-sid: released (3.0.0-1)
-2.6.26-lenny-security: released (2.6.26-26lenny4) [bugfix/all/CVE-2011-2492.patch]
-2.6.32-squeeze-security: released (2.6.32-35squeeze1) [bugfix/all/bluetooth-l2cap-and-rfcomm-fix-1-byte-infoleak-to-userspace.patch]
Deleted: active/CVE-2011-2496
===================================================================
--- active/CVE-2011-2496 2011-11-08 09:10:00 UTC (rev 2540)
+++ active/CVE-2011-2496 2011-11-08 09:10:51 UTC (rev 2541)
@@ -1,13 +0,0 @@
-Description: CVE-2011-2496
-References:
- http://www.spinics.net/lists/stable-commits/msg11385.html
- http://www.spinics.net/lists/linux-mm/msg17093.html
- http://groups.google.com/group/fa.linux.kernel/msg/9e43ab898c5e6d16
-Notes:
- jmm> Only 9821 was merged in 2.6.32.37, the other two only added in 2.6.32.47
-Bugs:
-upstream: released (2.6.39) [982134ba62618c2d69fbbbd166d0a11ee3b7e3d8, a626ca6a656450e9f4df91d0dda238fff23285f4, 42c36f63ac1366ab0ecc2d5717821362c259f517]
-2.6.32-upstream-stable: released (2.6.32.47)
-sid: released (2.6.39-1)
-2.6.26-lenny-security: released (2.6.26-26lenny4) [bugfix/all/mm-avoid-wrapping-vm_pgoff-in-mremap.patch, bugfix/all/vm-fix-vm_pgoff-wrap-in-stack-expansion.patch, bugfix/all/vm-fix-vm_pgoff-wrap-in-upward-expansion.patch]
-2.6.32-squeeze-security: released (2.6.32-35squeeze1) [bugfix/all/stable/2.6.32.37.patch, bugfix/all/vm-fix-vm_pgoff-wrap-in-stack-expansion.patch, bugfix/all/vm-fix-vm_pgoff-wrap-in-upward-expansion.patch]
Deleted: active/CVE-2011-2517
===================================================================
--- active/CVE-2011-2517 2011-11-08 09:10:00 UTC (rev 2540)
+++ active/CVE-2011-2517 2011-11-08 09:10:51 UTC (rev 2541)
@@ -1,10 +0,0 @@
-Description: nl80211: missing check for valid SSID size in scan operations
-References:
-Notes:
- jmm> Requires CAP_NET_ADMIN
-Bugs:
-upstream: released (3.0-rc3) [208c72f4fe44fe09577e7975ba0e7fa0278f3d03 , 57a27e1d6a3bb9ad4efeebd3a8c71156d6207536]
-2.6.32-upstream-stable: released (2.6.32.47)
-sid: released (2.6.39-3)
-2.6.26-lenny-security: N/A "Introduced in 2.6.29"
-2.6.32-squeeze-security: released (2.6.32-35squeeze1) [bugfix/all/nl80211-fix-check-for-valid-SSID-size-in-scan-operations.patch, bugfix/all/nl80211-fix-overflow-in-ssid_len.patch]
Deleted: active/CVE-2011-2525
===================================================================
--- active/CVE-2011-2525 2011-11-08 09:10:00 UTC (rev 2540)
+++ active/CVE-2011-2525 2011-11-08 09:10:51 UTC (rev 2541)
@@ -1,9 +0,0 @@
-Description: net_sched: fix qdisc_notify()
-References:
-Notes:
-Bugs:
-upstream: released (2.6.35) [53b0f08042f04813cd1a7473dacd3edfacb28eb3]
-2.6.32-upstream-stable: released (2.6.32.47)
-sid: released (2.6.35-1)
-2.6.26-lenny-security: released (2.6.26-26lenny4) [bugfix/all/net_sched-Fix-qdisc_notify.patch]
-2.6.32-squeeze-security: released (2.6.32-35squeeze1) [bugfix/all/net_sched-Fix-qdisc_notify.patch]
Deleted: active/CVE-2011-3191
===================================================================
--- active/CVE-2011-3191 2011-11-08 09:10:00 UTC (rev 2540)
+++ active/CVE-2011-3191 2011-11-08 09:10:51 UTC (rev 2541)
@@ -1,11 +0,0 @@
-Description: cifs: signedness issue in CIFSFindNext()
-References:
- http://www.spinics.net/lists/linux-cifs/msg03950.html
- https://bugzilla.redhat.com/show_bug.cgi?id=732869
-Notes:
-Bugs:
-upstream: released (3.1-rc7) [9438fabb73eb48055b58b89fc51e0bc4db22fabd]
-2.6.32-upstream-stable: released (2.6.32.47)
-sid: released (3.0.0-5) [bugfix/all/stable/3.0.5.patch]
-2.6.26-lenny-security: released (2.6.26-26lenny4) [bugfix/all/cifs-fix-possible-memory-corruption-in-CIFSFindNext.patch]
-2.6.32-squeeze-security: released (2.6.32-35squeeze1) [bugfix/all/cifs-fix-possible-memory-corruption-in-CIFSFindNext.patch]
Copied: retired/CVE-2010-4249 (from rev 2540, active/CVE-2010-4249)
===================================================================
--- retired/CVE-2010-4249 (rev 0)
+++ retired/CVE-2010-4249 2011-11-08 09:10:51 UTC (rev 2541)
@@ -0,0 +1,42 @@
+Candidate: CVE-2010-4249
+Description:
+References:
+ http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commit;h=9915672d41273f5b77f1b3c29b391ffb7732b84b
+ http://thread.gmane.org/gmane.linux.network/179049/focus=179051
+ http://www.spinics.net/lists/netdev/msg147946.html
+ > From Eugene Teo:
+ > Reproducer: http://lkml.org/lkml/2010/11/23/395
+ > Partial fix: http://lkml.org/lkml/2010/11/23/450
+ > Reference: https://bugzilla.redhat.com/show_bug.cgi?id=656756
+Notes:
+ Note from Neil Horman in the RH bugtracker:
+ Note that9915672d41273f5b77f1b3c29b391ffb7732b84b is only part of the solution.
+ We also need bba14de98753cb6599a2dae0e520714b2153522d from net-next.
+ .
+ jmm> Looks like the following commits are needed from Linus git?
+ jmm> 25888e30319f8896fc656fc68643e6a078263060
+ jmm> 9915672d41273f5b77f1b3c29b391ffb7732b84b
+ jmm> bba14de98753cb6599a2dae0e520714b2153522d (from net-next)
+ dannf> fyi, i have the last two queued up in my tree; it has an
+ dannf> abi change which i need to address properly before commit.
+ dannf> tests show this was sufficient to avoid OOM'ing w/ the reproducer in
+ dannf> http://lkml.org/lkml/2010/11/23/395.
+ dannf> The reproducer associated with 25888e303
+ dannf> (https://lkml.org/lkml/2010/11/25/8) is different; and has
+ dannf> different symptoms (unkillable process vs. OOM) - perhaps it should
+ dannf> have a different CVE?
+ dannf>
+ dannf> I've added CVE-2010-af_unix-recursion to track that issue.
+ jmm> 2.6.32.40 is missing bba14, it was added in 2.6.32.47
+Bugs:
+upstream: released (2.6.38) [25888e30319f8896fc656fc68643e6a078263060, 9915672d41273f5b77f1b3c29b391ffb7732b84b, bba14de98753cb6599a2dae0e520714b2153522d]
+2.6.32-upstream-stable: released (2.6.32.47)
+sid: released (2.6.32-30) [bugfix/all/af_unix-limit-unix_tot_inflight.patch, bugfix/all/scm-lower-SCM_MAX_FD.patch]
+2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/af_unix-limit-unix_tot_inflight.patch, bugfix/all/scm-lower-SCM_MAX_FD.patch]
+2.6.32-squeeze-security: released (2.6.32-30) [bugfix/all/af_unix-limit-unix_tot_inflight.patch, bugfix/all/scm-lower-SCM_MAX_FD.patch, bugfix/all/af_unix-limit-recursion-level.patch]
+
+
+
+
+
+
Property changes on: retired/CVE-2010-4249
___________________________________________________________________
Added: svn:mergeinfo
+
Copied: retired/CVE-2011-2491 (from rev 2540, active/CVE-2011-2491)
===================================================================
--- retired/CVE-2011-2491 (rev 0)
+++ retired/CVE-2011-2491 2011-11-08 09:10:51 UTC (rev 2541)
@@ -0,0 +1,9 @@
+Description: NLM: Don't hang forever on NLM unlock requests
+References:
+Notes:
+Bugs:
+upstream: released (3.0-rc5) [0b760113a3a155269a3fba93a409c640031dd68f]
+2.6.32-upstream-stable: released (2.6.32.47)
+sid: released (3.0.0-1)
+2.6.26-lenny-security: released (2.6.26-24lenny4) [bugfix/all/nlm-dont-hang-forever-on-nlm-unlock-requests.patch]
+2.6.32-squeeze-security: released (2.6.32-35squeeze1) [bugfix/all/nlm-dont-hang-forever-on-nlm-unlock-requests.patch]
Property changes on: retired/CVE-2011-2491
___________________________________________________________________
Added: svn:mergeinfo
+
Copied: retired/CVE-2011-2492 (from rev 2540, active/CVE-2011-2492)
===================================================================
--- retired/CVE-2011-2492 (rev 0)
+++ retired/CVE-2011-2492 2011-11-08 09:10:51 UTC (rev 2541)
@@ -0,0 +1,10 @@
+Description: bluetooth leaks to userspace
+References:
+ http://permalink.gmane.org/gmane.linux.bluez.kernel/12909
+Notes:
+Bugs:
+upstream: released (3.0-rc4) [8d03e971cf403305217b8e62db3a2e5ad2d6263f]
+2.6.32-upstream-stable: released (2.6.32.47)
+sid: released (3.0.0-1)
+2.6.26-lenny-security: released (2.6.26-26lenny4) [bugfix/all/CVE-2011-2492.patch]
+2.6.32-squeeze-security: released (2.6.32-35squeeze1) [bugfix/all/bluetooth-l2cap-and-rfcomm-fix-1-byte-infoleak-to-userspace.patch]
Property changes on: retired/CVE-2011-2492
___________________________________________________________________
Added: svn:mergeinfo
+
Copied: retired/CVE-2011-2496 (from rev 2540, active/CVE-2011-2496)
===================================================================
--- retired/CVE-2011-2496 (rev 0)
+++ retired/CVE-2011-2496 2011-11-08 09:10:51 UTC (rev 2541)
@@ -0,0 +1,13 @@
+Description: CVE-2011-2496
+References:
+ http://www.spinics.net/lists/stable-commits/msg11385.html
+ http://www.spinics.net/lists/linux-mm/msg17093.html
+ http://groups.google.com/group/fa.linux.kernel/msg/9e43ab898c5e6d16
+Notes:
+ jmm> Only 9821 was merged in 2.6.32.37, the other two only added in 2.6.32.47
+Bugs:
+upstream: released (2.6.39) [982134ba62618c2d69fbbbd166d0a11ee3b7e3d8, a626ca6a656450e9f4df91d0dda238fff23285f4, 42c36f63ac1366ab0ecc2d5717821362c259f517]
+2.6.32-upstream-stable: released (2.6.32.47)
+sid: released (2.6.39-1)
+2.6.26-lenny-security: released (2.6.26-26lenny4) [bugfix/all/mm-avoid-wrapping-vm_pgoff-in-mremap.patch, bugfix/all/vm-fix-vm_pgoff-wrap-in-stack-expansion.patch, bugfix/all/vm-fix-vm_pgoff-wrap-in-upward-expansion.patch]
+2.6.32-squeeze-security: released (2.6.32-35squeeze1) [bugfix/all/stable/2.6.32.37.patch, bugfix/all/vm-fix-vm_pgoff-wrap-in-stack-expansion.patch, bugfix/all/vm-fix-vm_pgoff-wrap-in-upward-expansion.patch]
Property changes on: retired/CVE-2011-2496
___________________________________________________________________
Added: svn:mergeinfo
+
Copied: retired/CVE-2011-2517 (from rev 2540, active/CVE-2011-2517)
===================================================================
--- retired/CVE-2011-2517 (rev 0)
+++ retired/CVE-2011-2517 2011-11-08 09:10:51 UTC (rev 2541)
@@ -0,0 +1,10 @@
+Description: nl80211: missing check for valid SSID size in scan operations
+References:
+Notes:
+ jmm> Requires CAP_NET_ADMIN
+Bugs:
+upstream: released (3.0-rc3) [208c72f4fe44fe09577e7975ba0e7fa0278f3d03 , 57a27e1d6a3bb9ad4efeebd3a8c71156d6207536]
+2.6.32-upstream-stable: released (2.6.32.47)
+sid: released (2.6.39-3)
+2.6.26-lenny-security: N/A "Introduced in 2.6.29"
+2.6.32-squeeze-security: released (2.6.32-35squeeze1) [bugfix/all/nl80211-fix-check-for-valid-SSID-size-in-scan-operations.patch, bugfix/all/nl80211-fix-overflow-in-ssid_len.patch]
Property changes on: retired/CVE-2011-2517
___________________________________________________________________
Added: svn:mergeinfo
+
Copied: retired/CVE-2011-2525 (from rev 2540, active/CVE-2011-2525)
===================================================================
--- retired/CVE-2011-2525 (rev 0)
+++ retired/CVE-2011-2525 2011-11-08 09:10:51 UTC (rev 2541)
@@ -0,0 +1,9 @@
+Description: net_sched: fix qdisc_notify()
+References:
+Notes:
+Bugs:
+upstream: released (2.6.35) [53b0f08042f04813cd1a7473dacd3edfacb28eb3]
+2.6.32-upstream-stable: released (2.6.32.47)
+sid: released (2.6.35-1)
+2.6.26-lenny-security: released (2.6.26-26lenny4) [bugfix/all/net_sched-Fix-qdisc_notify.patch]
+2.6.32-squeeze-security: released (2.6.32-35squeeze1) [bugfix/all/net_sched-Fix-qdisc_notify.patch]
Property changes on: retired/CVE-2011-2525
___________________________________________________________________
Added: svn:mergeinfo
+
Copied: retired/CVE-2011-3191 (from rev 2540, active/CVE-2011-3191)
===================================================================
--- retired/CVE-2011-3191 (rev 0)
+++ retired/CVE-2011-3191 2011-11-08 09:10:51 UTC (rev 2541)
@@ -0,0 +1,11 @@
+Description: cifs: signedness issue in CIFSFindNext()
+References:
+ http://www.spinics.net/lists/linux-cifs/msg03950.html
+ https://bugzilla.redhat.com/show_bug.cgi?id=732869
+Notes:
+Bugs:
+upstream: released (3.1-rc7) [9438fabb73eb48055b58b89fc51e0bc4db22fabd]
+2.6.32-upstream-stable: released (2.6.32.47)
+sid: released (3.0.0-5) [bugfix/all/stable/3.0.5.patch]
+2.6.26-lenny-security: released (2.6.26-26lenny4) [bugfix/all/cifs-fix-possible-memory-corruption-in-CIFSFindNext.patch]
+2.6.32-squeeze-security: released (2.6.32-35squeeze1) [bugfix/all/cifs-fix-possible-memory-corruption-in-CIFSFindNext.patch]
Property changes on: retired/CVE-2011-3191
___________________________________________________________________
Added: svn:mergeinfo
+
More information about the kernel-sec-discuss
mailing list