[kernel-sec-discuss] r2708 - active
Moritz Muehlenhoff
jmm at alioth.debian.org
Thu Jul 5 11:39:50 UTC 2012
Author: jmm
Date: 2012-07-05 11:39:49 +0000 (Thu, 05 Jul 2012)
New Revision: 2708
Added:
active/CVE-2012-3375
Modified:
active/CVE-2011-1083
Log:
new epoll issue
Modified: active/CVE-2011-1083
===================================================================
--- active/CVE-2011-1083 2012-06-28 07:00:08 UTC (rev 2707)
+++ active/CVE-2011-1083 2012-07-05 11:39:49 UTC (rev 2708)
@@ -4,6 +4,7 @@
http://thread.gmane.org/gmane.linux.kernel/1105744
http://thread.gmane.org/gmane.linux.kernel/1105744/focus=1105888
Notes:
+ jmm> for the 2.6.32 backport CVE-2012-3375 needs to be considered
Bugs:
upstream: released (3.3-rc1) [28d82dc1c4edbc352129f97f4ca22624d1fe61de]
2.6.32-upstream-stable: needed
Added: active/CVE-2012-3375
===================================================================
--- active/CVE-2012-3375 (rev 0)
+++ active/CVE-2012-3375 2012-07-05 11:39:49 UTC (rev 2708)
@@ -0,0 +1,10 @@
+Description: epoll: can leak file descriptors when returning -ELOOP
+References:
+Notes:
+ jmm> Introduced in 3.3, but change was backported to 3.2.9
+Bugs:
+upstream: released (3.4) [13d518074a952d33d47c428419693f63389547e9]
+2.6.32-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+2.6.32-squeeze-security: N/A "Vulnerable code not present"
+3.2-upstream-stable: needed
More information about the kernel-sec-discuss
mailing list