[kernel] r5085 - patch-tracking
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Sun Dec 25 10:31:09 UTC 2005
Author: jmm-guest
Date: Sun Dec 25 10:31:08 2005
New Revision: 5085
Added:
patch-tracking/CVE-2004-0181
patch-tracking/CVE-2004-0228
patch-tracking/CVE-2004-0229
patch-tracking/CVE-2004-2013
patch-tracking/CVE-2005-3623
Modified:
patch-tracking/CVE-2003-0501
Log:
Four olders issues (some need checking)
One new NFS issue (seems as if Sarge and Woody aren't affected, though)
Modified: patch-tracking/CVE-2003-0501
==============================================================================
--- patch-tracking/CVE-2003-0501 (original)
+++ patch-tracking/CVE-2003-0501 Sun Dec 25 10:31:08 2005
@@ -20,7 +20,7 @@
fail to change the ownership and permissions of those entries.
Notes:
Bugs:
-upstream:
+upstream: released (2.4.22-pre10)
2.6.14: N/A
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
Added: patch-tracking/CVE-2004-0181
==============================================================================
--- (empty file)
+++ patch-tracking/CVE-2004-0181 Sun Dec 25 10:31:08 2005
@@ -0,0 +1,26 @@
+Candidate: CVE-2005-0181
+References:
+ http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html
+ http://security.gentoo.org/glsa/glsa-200407-02.xml
+ http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:029
+ http://marc.theaimsgroup.com/?l=bugtraq&m=108213675028441&w=2
+ http://www.turbolinux.com/security/2004/TLSA-2004-14.txt
+ http://www.securityfocus.com/bid/10143
+ http://xforce.iss.net/xforce/xfdb/15902
+Description:
+ The JFS file system code in Linux 2.4.x has an information leak in which
+ in-memory data is written to the device for the JFS file system, which allows
+ local users to obtain sensitive information by reading the raw device.
+Notes:
+Bugs:
+upstream: released (2.4.26-pre5)
+linux-2.6:
+2.6.8-sarge-security:
+2.4.27-sarge-security: N/A
+2.6.8:
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Added: patch-tracking/CVE-2004-0228
==============================================================================
--- (empty file)
+++ patch-tracking/CVE-2004-0228 Sun Dec 25 10:31:08 2005
@@ -0,0 +1,30 @@
+Candidate: CVE-2004-0228
+References:
+ http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000852
+ http://www.redhat.com/archives/fedora-announce-list/2004-April/msg00010.html
+ http://security.gentoo.org/glsa/glsa-200407-02.xml
+ http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:050
+ http://www.novell.com/linux/security/advisories/2004_10_kernel.html
+ http://secunia.com/advisories/11429
+ http://secunia.com/advisories/11464
+ http://secunia.com/advisories/11486
+ http://secunia.com/advisories/11491
+ http://secunia.com/advisories/11683
+ http://xforce.iss.net/xforce/xfdb/15951
+Description:
+ Integer signedness error in the cpufreq proc handler (cpufreq_procctl) in
+ Linux kernel 2.6 allows local users to gain privileges.
+Notes:
+ jmm> 2.4 does not have cpufreq
+Bugs:
+upstream:
+linux-2.6:
+2.6.8-sarge-security:
+2.4.27-sarge-security: N/A
+2.6.8:
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Added: patch-tracking/CVE-2004-0229
==============================================================================
--- (empty file)
+++ patch-tracking/CVE-2004-0229 Sun Dec 25 10:31:08 2005
@@ -0,0 +1,16 @@
+Candidate: CVE-2004-0229
+References:
+Description:
+Notes:
+Bugs:
+upstream:
+linux-2.6:
+2.6.8-sarge-security:
+2.4.27-sarge-security: N/A
+2.6.8:
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Added: patch-tracking/CVE-2004-2013
==============================================================================
--- (empty file)
+++ patch-tracking/CVE-2004-2013 Sun Dec 25 10:31:08 2005
@@ -0,0 +1,25 @@
+Candidate: CVE-2004-2013
+References:
+ http://archives.neohapsis.com/archives/bugtraq/2004-05/0091.html
+ http://lists.netsys.com/pipermail/full-disclosure/2004-May/021223.html
+ http://marc.theaimsgroup.com/?l=bugtraq&m=108456230815842&w=2
+ http://www.securityfocus.com/bid/10326
+ http://xforce.iss.net/xforce/xfdb/16117
+Description:
+ Integer overflow in the SCTP_SOCKOPT_DEBUG_NAME SCTP socket option in socket.c
+ in the Linux kernel 2.4.25 and earlier allows local users to execute arbitrary
+ code via an optlen value of -1, which causes kmalloc to allocate 0 bytes of
+ memory.
+Notes:
+Bugs:
+upstream:
+linux-2.6:
+2.6.8-sarge-security:
+2.4.27-sarge-security:
+2.6.8:
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Added: patch-tracking/CVE-2005-3623
==============================================================================
--- (empty file)
+++ patch-tracking/CVE-2005-3623 Sun Dec 25 10:31:08 2005
@@ -0,0 +1,20 @@
+Candidate: CVE-2005-3623
+References:
+ http://permalink.gmane.org/gmane.linux.kernel/360868
+Description:
+ We must check for MAY_SATTR before setting acls, which includes
+ checking for read-only exports: the lower-level setxattr operation
+ that eventually sets the acl cannot check export-level restrictions.
+Notes:
+Bugs:
+upstream:
+linux-2.6: pending (2.6.14.5)
+2.6.8-sarge-security:
+2.4.27-sarge-security:
+2.6.8:
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
More information about the Kernel-svn-changes
mailing list