[kernel] r5095 - patch-tracking
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Mon Dec 26 13:41:04 UTC 2005
Author: jmm-guest
Date: Mon Dec 26 13:41:03 2005
New Revision: 5095
Added:
patch-tracking/CVE-2003-0187
patch-tracking/CVE-2003-0699
patch-tracking/CVE-2003-0700
Log:
three more issues from 2003
Added: patch-tracking/CVE-2003-0187
==============================================================================
--- (empty file)
+++ patch-tracking/CVE-2003-0187 Mon Dec 26 13:41:03 2005
@@ -0,0 +1,24 @@
+Candidate: CVE-2003-0187
+References:
+ http://marc.theaimsgroup.com/?l=bugtraq&m=105986028426824&w=2
+ http://oval.mitre.org/oval/definitions/data/oval260.html
+Description:
+ The connection tracking core of Netfilter for Linux 2.4.20, with
+ CONFIG_IP_NF_CONNTRACK enabled or the ip_conntrack module loaded, allows remote
+ attackers to cause a denial of service (resource consumption) due to an
+ inconsistency with Linux 2.4.20's support of linked lists, which causes
+ Netfilter to fail to identify connections with an UNCONFIRMED status and
+ use large timeouts.
+Notes:
+Bugs:
+upstream: released (2.4.21)
+linux-2.6:
+2.6.8-sarge-security:
+2.4.27-sarge-security: N/A
+2.6.8:
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
Added: patch-tracking/CVE-2003-0699
==============================================================================
--- (empty file)
+++ patch-tracking/CVE-2003-0699 Mon Dec 26 13:41:03 2005
@@ -0,0 +1,23 @@
+Candidate: CVE-2003-0699
+References:
+ http://www.redhat.com/support/errata/RHSA-2003-198.html
+ http://www.redhat.com/support/errata/RHSA-2003-238.html
+ http://oval.mitre.org/oval/definitions/data/oval387.html
+Description:
+ The C-Media PCI sound driver in Linux before 2.4.21 does not use the get_user
+ function to access userspace, which crosses security boundaries and may
+ facilitate the exploitation of vulnerabilities, a different vulnerability than
+ CVE-2003-0700.
+Notes:
+Bugs:
+upstream:
+linux-2.6:
+2.6.8-sarge-security:
+2.4.27-sarge-security:
+2.6.8:
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
Added: patch-tracking/CVE-2003-0700
==============================================================================
--- (empty file)
+++ patch-tracking/CVE-2003-0700 Mon Dec 26 13:41:03 2005
@@ -0,0 +1,23 @@
+Candidate: CVE-2003-0700
+References:
+ http://www.redhat.com/support/errata/RHSA-2003-238.html
+ http://www.redhat.com/support/errata/RHSA-2004-044.html
+ http://oval.mitre.org/oval/definitions/data/oval401.html
+Description:
+ The C-Media PCI sound driver in Linux before 2.4.22 does not use the get_user
+ function to access userspace in certain conditions, which crosses security
+ boundaries and may facilitate the exploitation of vulnerabilities, a different
+ vulnerability than CVE-2003-0699.
+Notes:
+Bugs:
+upstream:
+linux-2.6:
+2.6.8-sarge-security:
+2.4.27-sarge-security:
+2.6.8:
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
More information about the Kernel-svn-changes
mailing list