[kernel-sec-discuss] r2854 - active

Moritz Muehlenhoff jmm at alioth.debian.org
Fri Mar 15 13:44:51 UTC 2013 

Author: jmm
Date: 2013-03-15 13:44:29 +0000 (Fri, 15 Mar 2013)
New Revision: 2854

Added:
   active/CVE-2013-2546
   active/CVE-2013-2547
   active/CVE-2013-2548
Removed:
   active/CVE-2013-1825
Log:
CVE ID was split by CVE beaurecrats...


Deleted: active/CVE-2013-1825
===================================================================
--- active/CVE-2013-1825	2013-03-14 15:36:17 UTC (rev 2853)
+++ active/CVE-2013-1825	2013-03-15 13:44:29 UTC (rev 2854)
@@ -1,10 +0,0 @@
-References:
- http://seclists.org/oss-sec/2013/q1/598
-Description: information leak in crypto API
-Notes:
-Bugs:
-upstream: released (3.9-rc1) [9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6]
-2.6.32-upstream-stable: 
-sid: needed
-2.6.32-squeeze-security:
-3.2-upstream-stable: needed

Added: active/CVE-2013-2546
===================================================================
--- active/CVE-2013-2546	                        (rev 0)
+++ active/CVE-2013-2546	2013-03-15 13:44:29 UTC (rev 2854)
@@ -0,0 +1,12 @@
+References:
+ http://seclists.org/oss-sec/2013/q1/598
+Description: information leak in crypto API
+Notes:
+ jmm> This ID is about
+ jmm> The structures used for the netlink based crypto algorithm report API are located on the stack. As snprintf() does not fill the remainder of the buffer with null bytes, those stack bytes will be disclosed to users of the API. Switch to strncpy() to fix this.
+Bugs:
+upstream: released (3.9-rc1) [9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6]
+2.6.32-upstream-stable: 
+sid: needed
+2.6.32-squeeze-security:
+3.2-upstream-stable: needed

Added: active/CVE-2013-2547
===================================================================
--- active/CVE-2013-2547	                        (rev 0)
+++ active/CVE-2013-2547	2013-03-15 13:44:29 UTC (rev 2854)
@@ -0,0 +1,12 @@
+References:
+ http://seclists.org/oss-sec/2013/q1/598
+Description: information leak in crypto API
+Notes:
+ jmm> This ID is about
+ jmm> crypto_report_one() does not initialize all field of struct crypto_user_alg. Fix this to fix the heap info leak. 
+Bugs:
+upstream: released (3.9-rc1) [9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6]
+2.6.32-upstream-stable: 
+sid: needed
+2.6.32-squeeze-security:
+3.2-upstream-stable: needed

Added: active/CVE-2013-2548
===================================================================
--- active/CVE-2013-2548	                        (rev 0)
+++ active/CVE-2013-2548	2013-03-15 13:44:29 UTC (rev 2854)
@@ -0,0 +1,12 @@
+References:
+ http://seclists.org/oss-sec/2013/q1/598
+Description: information leak in crypto API
+Notes:
+ jmm> This ID is about
+ jmm> For the module name we should copy only as many bytes as module_name() returns -- not as much as the destination buffer could hold. But the current code does not and therefore copies random data from behind the end of the module name, as the module name is always shorter than CRYPTO_MAX_ALG_NAME.
+Bugs:
+upstream: released (3.9-rc1) [9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6]
+2.6.32-upstream-stable: 
+sid: needed
+2.6.32-squeeze-security:
+3.2-upstream-stable: needed

More information about the kernel-sec-discuss mailing list