[kernel] r4740 - people/dannf/patchinfo
Dann Frazier
dannf at costa.debian.org
Tue Nov 8 07:55:45 UTC 2005
Author: dannf
Date: Tue Nov 8 07:55:43 2005
New Revision: 4740
Modified:
people/dannf/patchinfo/00boilerplate
people/dannf/patchinfo/168_fs_ext3_64bit_offset.diff
people/dannf/patchinfo/184_arch-x86_64-ia32-ptrace32-oops.diff
people/dannf/patchinfo/CAN-2005-1764
people/dannf/patchinfo/CAN-2005-1768
people/dannf/patchinfo/CAN-2005-1913
people/dannf/patchinfo/CAN-2005-2098
people/dannf/patchinfo/CAN-2005-2099
people/dannf/patchinfo/CAN-2005-2457
people/dannf/patchinfo/CAN-2005-2458
people/dannf/patchinfo/CAN-2005-2459
people/dannf/patchinfo/CAN-2005-2490
people/dannf/patchinfo/CAN-2005-2492
people/dannf/patchinfo/CAN-2005-2548
people/dannf/patchinfo/CAN-2005-2553
people/dannf/patchinfo/CAN-2005-2872
people/dannf/patchinfo/CAN-2005-2873
people/dannf/patchinfo/CAN-2005-3044
people/dannf/patchinfo/CAN-2005-3053
people/dannf/patchinfo/CAN-2005-3055
people/dannf/patchinfo/CAN-2005-3105
people/dannf/patchinfo/CAN-2005-3106
people/dannf/patchinfo/CAN-2005-3107
people/dannf/patchinfo/CAN-2005-3108
people/dannf/patchinfo/CAN-2005-3109
people/dannf/patchinfo/CAN-2005-3110
people/dannf/patchinfo/CAN-2005-3119
people/dannf/patchinfo/CAN-2005-3179
people/dannf/patchinfo/CAN-2005-3180
people/dannf/patchinfo/CAN-2005-3181
people/dannf/patchinfo/fix-dst-leak-in-icmp_push_reply
people/dannf/patchinfo/fs-exec-posix-timers-leak-1.dpatch
people/dannf/patchinfo/fs_ext2_ext3_xattr-sharing.dpatch
people/dannf/patchinfo/net-bridge-forwarding-poison-2.dpatch
people/dannf/patchinfo/net-ipv4-ipvs-conn_tab-race.dpatch
people/dannf/patchinfo/net-ipv6-udp_v6_get_port-loop.patch
people/dannf/patchinfo/net-rose-ndigis-verify.dpatch
people/dannf/patchinfo/netfilter-NAT-memory-corruption.dpatch
people/dannf/patchinfo/plug-names_cache-memleak.dpatch
people/dannf/patchinfo/setkeys-needs-root.patch
people/dannf/patchinfo/sys_get_thread_area-leak.dpatch
Log:
get all patches in the same format (which requires a few tweaks)
Modified: people/dannf/patchinfo/00boilerplate
==============================================================================
--- people/dannf/patchinfo/00boilerplate (original)
+++ people/dannf/patchinfo/00boilerplate Tue Nov 8 07:55:43 2005
@@ -1,25 +1,31 @@
-A boilerplate for tracking the status of patches across Debian Kernel trees.
-dannf> should anything go above this line?
-dannf> should we use debian-style rfc822 for this for machine readability?
-======================================================
-Candidate: ##NEEDED## | CAN-XXXX-XXXX | N/A
-Reference: CONFIRM:##URL##
-Reference: MISC:##URL##
+## A list of valid fields for patch description files, with examples
+Candidate: ##NEEDED## | CAN/CVE-XXXX-XXXX | N/A
+References:
+ CONFIRM:##URL##
+ MISC:##URL##
Description:
- ##NEEDED## dannf> can a single description work for the cve,
- dannf> the changelog, and the DSA?
- dannf> should this use debian/control style multiline?
- dannf> should we have a short description?
+ Summary of the issue
+ .
+ Might be used for requesting a CVE, or included in a DSA
+Notes:
+ Notes for internal use by the kernel team
+Bug: 123456, 123457
+## per-tree status.
+## pending: fix has been committed to svn
+## released: we've cut a version with this fix in it
+## needed: bug is applicable to this tree and needs a fix
+## An empty value means that someone needs to determine the relevancy for this tree
+##
+##
+## status maybe followed by a version string in ()'s, and/or a patchname in []'s
+## Prerequisite patches maybe listed in [] as well, even though they may not be
+## directly part of the fix.
+upstream: released (2.6.12, 2.4.29-rc3), pending (2.6.11.3)
+2.6.13: pending
+2.6.12: pending (2.6.12-9)
+2.6.8-sarge-security: released (2.6.8-16sarge1) [patchname.patch, prerequisite.dpatch, prerequisite2.dpatch]
+2.4.27-sarge-security: needed
+2.4.27: N/A
-Bug: [id, id, ...]
-fixed-upstream: [version(, version)*]
-2.6.13: (pending [(version)]|released [(version)]|N/A)[, backported][pre-requisite.dpatch(, pre-requisite.dpatch)*]
-2.6.12: (pending [(version)]|released [(version)]|N/A)[, backported][pre-requisite.dpatch(, pre-requisite.dpatch)*]
-2.6.8-sarge-security: (pending [(version)]|released [(version)]|N/A)[, backported][pre-requisite.dpatch(, pre-requisite.dpatch)*]
-2.4.27-sarge-security: (pending [(version)]|released [(version)]|N/A)[, backported][pre-requisite.dpatch(, pre-requisite.dpatch)*]
-woody kernels?
-... one line for each currently maintained tree
-dannf> what does backported mean? the patch didn't apply & needed munging,
-dannf> or just that we used a patch intended for a newer tree, that may have
-dannf> applied cleanly?
+## Should released tag be renamed to fixed?
Modified: people/dannf/patchinfo/168_fs_ext3_64bit_offset.diff
==============================================================================
--- people/dannf/patchinfo/168_fs_ext3_64bit_offset.diff (original)
+++ people/dannf/patchinfo/168_fs_ext3_64bit_offset.diff Tue Nov 8 07:55:43 2005
@@ -1,6 +1,2 @@
Candidate: ##NEEDED##
-Bug:
-URL:
-Description:
2.4.27-sarge-security: pending (2.4.27-10sarge1)
-fixed-upstream:
Modified: people/dannf/patchinfo/184_arch-x86_64-ia32-ptrace32-oops.diff
==============================================================================
--- people/dannf/patchinfo/184_arch-x86_64-ia32-ptrace32-oops.diff (original)
+++ people/dannf/patchinfo/184_arch-x86_64-ia32-ptrace32-oops.diff Tue Nov 8 07:55:43 2005
@@ -1,18 +1,17 @@
-======================================================
Candidate: CVE-2005-2553
-URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2553
-Reference: CONFIRM:http://lkml.org/lkml/2005/1/5/245
-Reference: CONFIRM:http://linux.bkbits.net:8080/linux-2.4/cset@41dd3455GwQPufrGvBJjcUOXQa3WXA
+References:
+ URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2553
+ CONFIRM:http://lkml.org/lkml/2005/1/5/245
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.4/cset@41dd3455GwQPufrGvBJjcUOXQa3WXA
Description:
The find_target function in ptrace32.c in the Linux kernel 2.4.x
before 2.4.29 does not properly handle a NULL return value from
another function, which allows local users to cause a denial of
service (kernel crash/oops) by running a 32-bit ltrace program with
the -i option on a 64-bit executable program.
-
-Bug: [id, id, ...]
-fixed-upstream: [2.4.29]
-2.6.13: (N/A)
-2.6.12: (N/A)
-2.6.8-sarge-security: (N/A)
+Bugs:
+upstream: (2.4.29)
+2.6.13: N/A
+2.6.12: N/A
+2.6.8-sarge-security: N/A
2.4.27-sarge-security: pending (2.4.27-10sarge1)
Modified: people/dannf/patchinfo/CAN-2005-1764
==============================================================================
--- people/dannf/patchinfo/CAN-2005-1764 (original)
+++ people/dannf/patchinfo/CAN-2005-1764 Tue Nov 8 07:55:43 2005
@@ -1,28 +1,25 @@
-======================================================
Candidate: CAN-2005-1764
-URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1764
-Final-Decision:
-Interim-Decision:
-Modified:
-Proposed:
-Assigned: 20050531
-Category: SF
-Reference:
-CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=637716a3825e186555361574aa1fa3c0ebf8018b
-Reference:
-CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=637716a3825e186555361574aa1fa3c0ebf8018bReference: SUSE:SUSE-SA:2005:029
-Reference: URL:http://freshmeat.net/articles/view/1678/
-
-Linux 2.6.11 on 64-bit x86 (x86_64) platforms does not use a guard
-page for the 47-bit address page to protect against an AMD K8 bug,
-which allows local users to cause a denial of service.
-
-Notes by Horms.
-I beleive that only 2.6.11 is vulnerable to this
-upstream: 2.6.11.11: x86_64-add-guard-page.patch
-2.6.13: not vulnerable
-2.6.12: not vulnerable
-2.6.8-sarge: not vulnerable
-2.6.8-sarge-security: not vulnerable
-2.4.27-sid/sarge: not vulnerable
-2.4.27-sarge-security: not vulnerable
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1764
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050531
+ Category: SF
+ CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=637716a3825e186555361574aa1fa3c0ebf8018b
+ CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=637716a3825e186555361574aa1fa3c0ebf8018bReference: SUSE:SUSE-SA:2005:029
+ URL:http://freshmeat.net/articles/view/1678/
+Description:
+ Linux 2.6.11 on 64-bit x86 (x86_64) platforms does not use a guard
+ page for the 47-bit address page to protect against an AMD K8 bug,
+ which allows local users to cause a denial of service.
+Notes:
+ horms> I believe that only 2.6.11 is vulnerable to this
+upstream: released (2.6.11.11)
+2.6.13: N/A
+2.6.12: N/A
+2.6.8-sarge: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sid/sarge: N/A
+2.4.27-sarge-security: N/A
Modified: people/dannf/patchinfo/CAN-2005-1768
==============================================================================
--- people/dannf/patchinfo/CAN-2005-1768 (original)
+++ people/dannf/patchinfo/CAN-2005-1768 Tue Nov 8 07:55:43 2005
@@ -1,33 +1,32 @@
-======================================================
Candidate: CAN-2005-1768
-URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1768
-Final-Decision:
-Interim-Decision:
-Modified:
-Proposed:
-Assigned: 20050531
-Category: SF
-Reference: BUGTRAQ:20050711 [ Suresec Advisories ] - Linux kernel ia32 compatibility (ia64/x86-64)
-Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=112110120216116&w=2
-Reference: MISC:http://www.suresec.org/advisories/adv4.pdf
-
-Race condition in the ia32 compatibility code for the execve system
-call in Linux kernel 2.4 before 2.4.31 and 2.6 before 2.6.6 allows
-local users to cause a denial of service (kernel panic) and possibly
-execute arbitrary code via a concurrent thread that increments a
-pointer count after the nargs function has counted the pointers, but
-before the count is copied from user space to kernel space, which
-leads to a buffer overflow.
-
-Notes by Horms:
-upstream: 2.4.31 / 2.6.6
-2.6.13: not vulnerable
-2.6.12: not vulnerable
-2.6.8-sarge: not vulnerable
-2.6.8-sarge-security: not vulnerable
-2.4.27-sid/sarge: fixed in 2.4.27-11: 167_arch-ia64-x86_64_execve.diff (note 2.4 is not supported for amd64)
-2.4.27-sarge-security: fixed in 2.4.27-10sarge1: 167_arch-ia64-x86_64_execve.diff (note 2.4 is not supported for amd64)
-
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1768
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050531
+ Category: SF
+ BUGTRAQ:20050711 [ Suresec Advisories ] - Linux kernel ia32 compatibility (ia64/x86-64)
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=112110120216116&w=2
+ MISC:http://www.suresec.org/advisories/adv4.pdf
+Description:
+ Race condition in the ia32 compatibility code for the execve system
+ call in Linux kernel 2.4 before 2.4.31 and 2.6 before 2.6.6 allows
+ local users to cause a denial of service (kernel panic) and possibly
+ execute arbitrary code via a concurrent thread that increments a
+ pointer count after the nargs function has counted the pointers, but
+ before the count is copied from user space to kernel space, which
+ leads to a buffer overflow.
+Notes:
+ 167_arch-ia64-x86_64_execve.diff (note 2.4 is not supported for amd64)
+upstream: released (2.4.31, 2.6.6)
+2.6.13: N/A
+2.6.12: N/A
+2.6.8-sarge: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sid/sarge: released (2.4.27-11)
+2.4.27-sarge-security: released (2.4.27-10sarge1)
Modified: people/dannf/patchinfo/CAN-2005-1913
==============================================================================
--- people/dannf/patchinfo/CAN-2005-1913 (original)
+++ people/dannf/patchinfo/CAN-2005-1913 Tue Nov 8 07:55:43 2005
@@ -1,33 +1,31 @@
-======================================================
Candidate: CAN-2005-1913
-URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1913
-Final-Decision:
-Interim-Decision:
-Modified:
-Proposed:
-Assigned: 20050608
-Category: SF
-Reference: CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.1
-Reference: UBUNTU:USN-178-1
-Reference: URL:http://www.ubuntu.com/usn/usn-178-1
-Reference: BID:14054
-Reference: URL:http://www.securityfocus.com/bid/14054
-Reference: SECUNIA:15786
-Reference: URL:http://secunia.com/advisories/15786/
-Reference: XF:kernel-subthread-dos(21138)
-Reference: URL:http://xforce.iss.net/xforce/xfdb/21138
-
-The Linux kernel 2.6 before 2.6.12.1 allows local users to cause a
-denial of service (kernel panic) via a non group-leader thread
-executing a different program than was pending in itimer, which causes
-the signal to be delivered to the old group-leader task, which does
-not exist.
-
-Notes Horms:
-upstream: 2.6.12.1
-2.6.12: fixed in 2.6.12-1: linux-2.6.12.1.patch
-2.6.8-sarge: not applicable
-2.6.8-sarge-security: not applicable
-2.4.27-sid/sarge: not applicable
-2.4.27-sarge-security: not applicable
-
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1913
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050608
+ Category: SF
+ CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.1
+ UBUNTU:USN-178-1
+ URL:http://www.ubuntu.com/usn/usn-178-1
+ BID:14054
+ URL:http://www.securityfocus.com/bid/14054
+ SECUNIA:15786
+ URL:http://secunia.com/advisories/15786/
+ XF:kernel-subthread-dos(21138)
+ URL:http://xforce.iss.net/xforce/xfdb/21138
+Description:
+ The Linux kernel 2.6 before 2.6.12.1 allows local users to cause a
+ denial of service (kernel panic) via a non group-leader thread
+ executing a different program than was pending in itimer, which causes
+ the signal to be delivered to the old group-leader task, which does
+ not exist.
+Notes:
+upstream: released (2.6.12.1)
+2.6.12: released (2.6.12-1) [linux-2.6.12.1.patch]
+2.6.8-sarge: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sid/sarge: N/A
+2.4.27-sarge-security: N/A
Modified: people/dannf/patchinfo/CAN-2005-2098
==============================================================================
--- people/dannf/patchinfo/CAN-2005-2098 (original)
+++ people/dannf/patchinfo/CAN-2005-2098 Tue Nov 8 07:55:43 2005
@@ -1,33 +1,30 @@
-======================================================
Candidate: CAN-2005-2098
-URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2098
-Final-Decision:
-Interim-Decision:
-Modified:
-Proposed:
-Assigned: 20050630
-Category: SF
-Reference: CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5
-Reference: UBUNTU:USN-169-1
-Reference: URL:http://www.ubuntulinux.org/support/documentation/usn/usn-169-1
-Reference: SECUNIA:16355
-Reference: URL:http://secunia.com/advisories/16355/
-
-The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before
-2.6.12.5 contains an error path that does not properly release the
-session management semaphore, which allows local users or remote
-attackers to cause a denial of service (semaphore hang) via a new
-session keyring (1) with an empty name string, (2) with a long name
-string, (3) with the key quota reached, or (4) ENOMEM.
-
-Notes by Horms:
-upstream: 2.6.12.5
-2.6.13: not vulnerable
-2.6.12: fixed in 2.6.12-3: linux-2.6.12.5.patch
-2.6.8-sarge: not vulnerable
-2.6.8-sarge-security: not vulnerable
-2.4.27-sid/sarge: not vulnerable
-2.4.27-sarge-security: not vulnerable
-
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2098
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050630
+ Category: SF
+ CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5
+ UBUNTU:USN-169-1
+ URL:http://www.ubuntulinux.org/support/documentation/usn/usn-169-1
+ SECUNIA:16355
+ URL:http://secunia.com/advisories/16355/
+Description:
+ The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before
+ 2.6.12.5 contains an error path that does not properly release the
+ session management semaphore, which allows local users or remote
+ attackers to cause a denial of service (semaphore hang) via a new
+ session keyring (1) with an empty name string, (2) with a long name
+ string, (3) with the key quota reached, or (4) ENOMEM.
+upstream: released (2.6.12.5)
+2.6.13: N/A
+2.6.12: released (2.6.12-3) [linux-2.6.12.5.patch]
+2.6.8-sarge: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sid/sarge: N/A
+2.4.27-sarge-security: N/A
Modified: people/dannf/patchinfo/CAN-2005-2099
==============================================================================
--- people/dannf/patchinfo/CAN-2005-2099 (original)
+++ people/dannf/patchinfo/CAN-2005-2099 Tue Nov 8 07:55:43 2005
@@ -1,31 +1,27 @@
-======================================================
Candidate: CAN-2005-2099
-URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2099
-Final-Decision:
-Interim-Decision:
-Modified:
-Proposed:
-Assigned: 20050630
-Category: SF
-Reference: CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5
-Reference: UBUNTU:USN-169-1
-Reference: URL:http://www.ubuntulinux.org/support/documentation/usn/usn-169-1
-Reference: SECUNIA:16355
-Reference: URL:http://secunia.com/advisories/16355/
-
-The Linux kernel before 2.6.12.5 does not properly destroy a keyring
-that is not instantiated properly, which allows local users or remote
-attackers to cause a denial of service (kernel oops) via a keyring
-with a payload that is not empty, which causes the creation to fail,
-leading toa null dereference in the keyring destructor.
-
-Notes by Horms:
-upstream: 2.6.12.5
-2.6.13: not vulnerable
-2.6.12: fixed in 2.6.12-3: linux-2.6.12.5.patch
-2.6.8-sarge: not vulnerable
-2.6.8-sarge-security: not vulnerable
-2.4.27-sid/sarge: not vulnerable
-2.4.27-sarge-security: not vulnerable
-
-
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2099
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050630
+ Category: SF
+ CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5
+ UBUNTU:USN-169-1
+ URL:http://www.ubuntulinux.org/support/documentation/usn/usn-169-1
+ SECUNIA:16355
+ URL:http://secunia.com/advisories/16355/
+Description:
+ The Linux kernel before 2.6.12.5 does not properly destroy a keyring
+ that is not instantiated properly, which allows local users or remote
+ attackers to cause a denial of service (kernel oops) via a keyring
+ with a payload that is not empty, which causes the creation to fail,
+ leading toa null dereference in the keyring destructor.
+upstream: released (2.6.12.5)
+2.6.13: N/A
+2.6.12: released (2.6.12-3) [linux-2.6.12.5.patch]
+2.6.8-sarge: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sid/sarge: N/A
+2.4.27-sarge-security: N/A
Modified: people/dannf/patchinfo/CAN-2005-2457
==============================================================================
--- people/dannf/patchinfo/CAN-2005-2457 (original)
+++ people/dannf/patchinfo/CAN-2005-2457 Tue Nov 8 07:55:43 2005
@@ -1,32 +1,29 @@
-======================================================
Candidate: CAN-2005-2457
-URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2457
-Final-Decision:
-Interim-Decision:
-Modified:
-Proposed:
-Assigned: 20050804
-Category: SF
-Reference: CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5
-Reference: UBUNTU:USN-169-1
-Reference: URL:http://www.ubuntulinux.org/support/documentation/usn/usn-169-1
-Reference: BID:14614
-Reference: URL:http://www.securityfocus.com/bid/14614
-Reference: SECUNIA:16355
-Reference: URL:http://secunia.com/advisories/16355/
-
-The driver for compressed ISO file systems (zisofs) in the Linux
-kernel before 2.6.12.5 allows local users and remote attackers to
-cause a denial of service (kernel crash) via a crafted compressed ISO
-file system.
-
-Notes by Horms:
-upstream: 2.6.12.5
-2.6.13: not vulnerable
-2.6.12: fixed in 2.6.12-3: linux-2.6.12.5.patch
-2.6.8-sarge: in svn: zisofs.dpatch
-2.6.8-sarge-security: in svn: zisofs.diff
-2.4.27-sid/sarge: in svn: 187_zisofs-2.diff
-2.4.27-sarge-security: in svn: 187_zisofs-2.diff
-
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2457
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050804
+ Category: SF
+ CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5
+ UBUNTU:USN-169-1
+ URL:http://www.ubuntulinux.org/support/documentation/usn/usn-169-1
+ BID:14614
+ URL:http://www.securityfocus.com/bid/14614
+ SECUNIA:16355
+ URL:http://secunia.com/advisories/16355/
+Description:
+ The driver for compressed ISO file systems (zisofs) in the Linux
+ kernel before 2.6.12.5 allows local users and remote attackers to
+ cause a denial of service (kernel crash) via a crafted compressed ISO
+ file system.
+upstream: released (2.6.12.5)
+2.6.13: N/A
+2.6.12: released (2.6.12-3) [linux-2.6.12.5.patch]
+2.6.8-sarge: pending [zisofs.dpatch]
+2.6.8-sarge-security: pending [zisofs.diff]
+2.4.27-sid/sarge: pending [187_zisofs-2.diff]
+2.4.27-sarge-security: pending [187_zisofs-2.diff]
Modified: people/dannf/patchinfo/CAN-2005-2458
==============================================================================
--- people/dannf/patchinfo/CAN-2005-2458 (original)
+++ people/dannf/patchinfo/CAN-2005-2458 Tue Nov 8 07:55:43 2005
@@ -1,33 +1,29 @@
-======================================================
Candidate: CAN-2005-2458
-URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2458
-Final-Decision:
-Interim-Decision:
-Modified:
-Proposed:
-Assigned: 20050805
-Category: SF
-Reference: MLIST:[bug-gnu-utils] 19990625 Re: bug in gzip: segfault when doing "gzip -t" on a broken file
-Reference: URL:http://sources.redhat.com/ml/bug-gnu-utils/1999-06/msg00183.html
-Reference: CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5
-Reference: UBUNTU:USN-169-1
-Reference: URL:http://www.ubuntulinux.org/support/documentation/usn/usn-169-1
-Reference: SECUNIA:16355
-Reference: URL:http://secunia.com/advisories/16355/
-
-inflate.c in the zlib routines in the Linux kernel before 2.6.12.5
-allows remote attackers to cause a denial of service (kernel crash)
-via a compressed file with "improper tables".
-y}
-
-Notes by Horms:
-upstream: 2.6.12.5
-2.6.13: not vulnerable
-2.6.12: fixed in 2.6.12-3: linux-2.6.12.5.patch
-2.6.8-sarge: in svn: linux-zlib-fixes.dpatch
-2.6.8-sarge-security: fixed in 2.6.8-16sarge1: linux-zlib-fixes.dpatch
-2.4.27-sid/sarge: fixed in 2.4.27-11: 182_linux-zlib-fixes.diff
-2.4.27-sarge-security: fixed in 2.4.27-10sarge1: 182_linux-zlib-fixes.diff
-
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2458
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050805
+ Category: SF
+ MLIST:[bug-gnu-utils] 19990625 Re: bug in gzip: segfault when doing "gzip -t" on a broken file
+ URL:http://sources.redhat.com/ml/bug-gnu-utils/1999-06/msg00183.html
+ CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5
+ UBUNTU:USN-169-1
+ URL:http://www.ubuntulinux.org/support/documentation/usn/usn-169-1
+ SECUNIA:16355
+ URL:http://secunia.com/advisories/16355/
+Description:
+ inflate.c in the zlib routines in the Linux kernel before 2.6.12.5
+ allows remote attackers to cause a denial of service (kernel crash)
+ via a compressed file with "improper tables".
+upstream: released (2.6.12.5)
+2.6.13: N/A
+2.6.12: released (2.6.12-3) [linux-2.6.12.5.patch]
+2.6.8-sarge: pending [linux-zlib-fixes.dpatch]
+2.6.8-sarge-security: released (2.6.8-16sarge1) [linux-zlib-fixes.dpatch]
+2.4.27-sid/sarge: released (2.4.27-11) [182_linux-zlib-fixes.diff]
+2.4.27-sarge-security: released (2.4.27-10sarge1) [182_linux-zlib-fixes.diff]
Modified: people/dannf/patchinfo/CAN-2005-2459
==============================================================================
--- people/dannf/patchinfo/CAN-2005-2459 (original)
+++ people/dannf/patchinfo/CAN-2005-2459 Tue Nov 8 07:55:43 2005
@@ -1,33 +1,33 @@
-======================================================
Candidate: CAN-2005-2459
-URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2459
-Final-Decision:
-Interim-Decision:
-Modified:
-Proposed:
-Assigned: 20050805
-Category: SF
-Reference: MISC:http://bugs.gentoo.org/show_bug.cgi?id=94584
-Reference: CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5
-Reference: UBUNTU:USN-169-1
-Reference: URL:http://www.ubuntulinux.org/support/documentation/usn/usn-169-1
-Reference: SECUNIA:16355
-Reference: URL:http://secunia.com/advisories/16355/
-
-The huft_build function in inflate.c in the zlib routines in the Linux
-kernel before 2.6.12.5 returns the wrong value, which allows remote
-attackers to cause a denial of service (kernel crash) via a certain
-compressed file that leads to a null pointer dereference, a different
-vulnerbility than CAN-2005-2458.
-
-Notes by Horms:
-upstream: not vulnerable (a bogus fix was applied in 2.6.12.5 and reverted in 2.6.12.6)
-http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.6
-2.6.13: not vulnerable
-2.6.12: not vulnerable
-2.6.8-sarge: not vulnerable
-2.6.8-sarge-security: not vulnerable
-2.4.27-sid/sarge: in svn: not vulnerable
-2.4.27-sarge-security: not vulnerable
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2459
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050805
+ Category: SF
+ MISC:http://bugs.gentoo.org/show_bug.cgi?id=94584
+ CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5
+ UBUNTU:USN-169-1
+ URL:http://www.ubuntulinux.org/support/documentation/usn/usn-169-1
+ SECUNIA:16355
+ URL:http://secunia.com/advisories/16355/
+Description:
+ The huft_build function in inflate.c in the zlib routines in the Linux
+ kernel before 2.6.12.5 returns the wrong value, which allows remote
+ attackers to cause a denial of service (kernel crash) via a certain
+ compressed file that leads to a null pointer dereference, a different
+ vulnerability than CAN-2005-2458.
+Notes:
+ This is a bogus fix that was applied in 2.6.12.5 and reverted in 2.6.12.6
+ http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.6
+upstream: released (2.6.12.6)
+2.6.13: N/A
+2.6.12: N/A
+2.6.8-sarge: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sid/sarge: N/A
+2.4.27-sarge-security: N/A
Modified: people/dannf/patchinfo/CAN-2005-2490
==============================================================================
--- people/dannf/patchinfo/CAN-2005-2490 (original)
+++ people/dannf/patchinfo/CAN-2005-2490 Tue Nov 8 07:55:43 2005
@@ -1,34 +1,32 @@
-======================================================
Candidate: CAN-2005-2490
-URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2490
-Final-Decision:
-Interim-Decision:
-Modified:
-Proposed:
-Assigned: 20050808
-Category: SF
-Reference: MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166248
-Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.13.1
-Reference: UBUNTU:USN-178-1
-Reference: URL:http://www.ubuntu.com/usn/usn-178-1
-Reference: BID:14785
-Reference: URL:http://www.securityfocus.com/bid/14785
-Reference: SECUNIA:16747
-Reference: URL:http://secunia.com/advisories/16747/
-Reference: XF:kernel-sendmsg-bo(22217)
-Reference: URL:http://xforce.iss.net/xforce/xfdb/22217
-
-Stack-based buffer overflow in the sendmsg function call in the Linux
-kernel 2.6 before 2.6.13.1 allows local users execute arbitrary code
-by calling sendmsg and modifying the message contents in another
-thread.
-
-Notes Horms:
-upstream: 2.6.13.1
-2.6.13: fixed in 2.6.13-1: linux-2.6.13.1.patch
-2.6.12: fixed in 2.6.12-7: sendmsg-stackoverflow.patch
-2.6.8-sarge: applied
-2.6.8-sarge-security: applied
-2.4.27-sid/sarge: not applicable
-2.4.27-sarge-security: not applicable
+References
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2490
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050808
+ Category: SF
+ MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166248
+ CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.13.1
+ UBUNTU:USN-178-1
+ URL:http://www.ubuntu.com/usn/usn-178-1
+ BID:14785
+ URL:http://www.securityfocus.com/bid/14785
+ SECUNIA:16747
+ URL:http://secunia.com/advisories/16747/
+ XF:kernel-sendmsg-bo(22217)
+ URL:http://xforce.iss.net/xforce/xfdb/22217
+Description:
+ Stack-based buffer overflow in the sendmsg function call in the Linux
+ kernel 2.6 before 2.6.13.1 allows local users execute arbitrary code
+ by calling sendmsg and modifying the message contents in another
+ thread.
+upstream: released (2.6.13.1)
+2.6.13: released (2.6.13-1) [linux-2.6.13.1.patch]
+2.6.12: released (2.6.12-7) [sendmsg-stackoverflow.patch]
+2.6.8-sarge: pending
+2.6.8-sarge-security: pending
+2.4.27-sid/sarge: N/A
+2.4.27-sarge-security: N/A
Modified: people/dannf/patchinfo/CAN-2005-2492
==============================================================================
--- people/dannf/patchinfo/CAN-2005-2492 (original)
+++ people/dannf/patchinfo/CAN-2005-2492 Tue Nov 8 07:55:43 2005
@@ -1,33 +1,30 @@
-======================================================
Candidate: CAN-2005-2492
-URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2492
-Final-Decision:
-Interim-Decision:
-Modified:
-Proposed:
-Assigned: 20050808
-Category: SF
-Reference: MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166830
-Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.13.1
-Reference: UBUNTU:USN-178-1
-Reference: URL:http://www.ubuntu.com/usn/usn-178-1
-Reference: BID:14787
-Reference: URL:http://www.securityfocus.com/bid/14787
-Reference: SECUNIA:16747
-Reference: URL:http://secunia.com/advisories/16747/
-Reference: XF:kernel-rawsendmsg-obtain-information(22218)
-Reference: URL:http://xforce.iss.net/xforce/xfdb/22218
-
-The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1
-allows local users to cause a denial of service (change hardware
-state) or read from arbitrary memory via crafted input.
-
-Notes Horms:
-upstream: 2.6.13.1
-2.6.13: fixed in 2.6.13-1: linux-2.6.13.1.patch
-2.6.12: fixed in 2.6.12-7: sendmsg-DoS.patch
-2.6.8-sarge: not applicable
-2.6.8-sarge-security: not applicable
-2.4.27-sid/sarge: not applicable
-2.4.27-sarge-security: not applicable
-
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2492
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050808
+ Category: SF
+ MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166830
+ CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.13.1
+ UBUNTU:USN-178-1
+ URL:http://www.ubuntu.com/usn/usn-178-1
+ BID:14787
+ URL:http://www.securityfocus.com/bid/14787
+ SECUNIA:16747
+ URL:http://secunia.com/advisories/16747/
+ XF:kernel-rawsendmsg-obtain-information(22218)
+ URL:http://xforce.iss.net/xforce/xfdb/22218
+Description:
+ The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1
+ allows local users to cause a denial of service (change hardware
+ state) or read from arbitrary memory via crafted input.
+upstream: released (2.6.13.1)
+2.6.13: released (2.6.13-1) [linux-2.6.13.1.patch]
+2.6.12: released (2.6.12-7): [sendmsg-DoS.patch]
+2.6.8-sarge: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sid/sarge: N/A
+2.4.27-sarge-security: N/A
Modified: people/dannf/patchinfo/CAN-2005-2548
==============================================================================
--- people/dannf/patchinfo/CAN-2005-2548 (original)
+++ people/dannf/patchinfo/CAN-2005-2548 Tue Nov 8 07:55:43 2005
@@ -1,27 +1,25 @@
-======================================================
Candidate: CAN-2005-2548
-URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2548
-Final-Decision:
-Interim-Decision:
-Modified:
-Proposed:
-Assigned: 20050812
-Category: SF
-Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=309308
-
-vlan_dev.c in Linux kernel 2.6.8 allows remote attackers to cause a
-denial of service (kernel oops from null dereference) via certain UDP
-packets that lead to a function call with the wrong argument, as
-demonstrated using snmpwalk on snmpd.
-
-Notes by Horms:
-upstream: 2.4.29
-2.6.13: not vulnerable
-2.6.12: not vulnerable
-2.6.8-sarge: in svn: vlan-mii-ioctl.dpatch
-2.6.8-sarge-security: fixed in 2.6.8-16sarge1: vlan-mii-ioctl.dpatch
-2.4.27-sid/sarge: not vulnerable
-2.4.27-sarge-security: not vulnerable
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2548
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050812
+ Category: SF
+ CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=309308
+Description:
+ vlan_dev.c in Linux kernel 2.6.8 allows remote attackers to cause a
+ denial of service (kernel oops from null dereference) via certain UDP
+ packets that lead to a function call with the wrong argument, as
+ demonstrated using snmpwalk on snmpd.
+upstream: released (2.4.29)
+2.6.13: N/A
+2.6.12: N/A
+2.6.8-sarge: pending [vlan-mii-ioctl.dpatch]
+2.6.8-sarge-security: released (2.6.8-16sarge1) [vlan-mii-ioctl.dpatch]
+2.4.27-sid/sarge: N/A
+2.4.27-sarge-security: N/A
Modified: people/dannf/patchinfo/CAN-2005-2553
==============================================================================
--- people/dannf/patchinfo/CAN-2005-2553 (original)
+++ people/dannf/patchinfo/CAN-2005-2553 Tue Nov 8 07:55:43 2005
@@ -1,29 +1,26 @@
-======================================================
Candidate: CAN-2005-2553
-URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2553
-Final-Decision:
-Interim-Decision:
-Modified:
-Proposed:
-Assigned: 20050812
-Category: SF
-Reference: CONFIRM:http://lkml.org/lkml/2005/1/5/245
-Reference: CONFIRM:http://linux.bkbits.net:8080/linux-2.4/cset@41dd3455GwQPufrGvBJjcUOXQa3WXA
-
-The find_target function in ptrace32.c in the Linux kernel 2.4.x
-before 2.4.29 does not properly handle a NULL return value from
-another function, which allows local users to cause a denial of
-service (kernel crash/oops) by running a 32-bit ltrace program with
-the -i option on a 64-bit executable program.
-
-Notes by Horms:
-upstream: 2.4.29
-2.6.13: not vulnerable
-2.6.12: not vulnerable
-2.6.8-sarge: not vulnerable
-2.6.8-sarge-security: not vulnerable
-2.4.27-sid/sarge: in svn: 184_arch-x86_64-ia32-ptrace32-oops.diff
-2.4.27-sarge-security: in svn: 184_arch-x86_64-ia32-ptrace32-oops.diff
-
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2553
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050812
+ Category: SF
+ CONFIRM:http://lkml.org/lkml/2005/1/5/245
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.4/cset@41dd3455GwQPufrGvBJjcUOXQa3WXA
+Description:
+ The find_target function in ptrace32.c in the Linux kernel 2.4.x
+ before 2.4.29 does not properly handle a NULL return value from
+ another function, which allows local users to cause a denial of
+ service (kernel crash/oops) by running a 32-bit ltrace program with
+ the -i option on a 64-bit executable program.
+upstream: released (2.4.29)
+2.6.13: N/A
+2.6.12: N/A
+2.6.8-sarge: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sid/sarge: pending [184_arch-x86_64-ia32-ptrace32-oops.diff]
+2.4.27-sarge-security: pending [184_arch-x86_64-ia32-ptrace32-oops.diff]
Modified: people/dannf/patchinfo/CAN-2005-2872
==============================================================================
--- people/dannf/patchinfo/CAN-2005-2872 (original)
+++ people/dannf/patchinfo/CAN-2005-2872 Tue Nov 8 07:55:43 2005
@@ -1,31 +1,29 @@
-======================================================
Candidate: CAN-2005-2872
-URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2872
-Final-Decision:
-Interim-Decision:
-Modified:
-Proposed:
-Assigned: 20050909
-Category: SF
-Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322237
-Reference:
-CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/chrisw/lsm-2.6.git;a=commit;h=bcfff0b471a60df350338bcd727fc9b8a6aa54b2
-
-The ipt_recent kernel module (ipt_recent.c) in Linux kernel before
-2.6.12, when running on 64-bit processors such as AMD64, allows remote
-attackers to cause a denial of service (kernel panic) via certain
-attacks such as SSH brute force, which leads to memset calls using a
-length based on the u_int32_t type, acting on an array of unsigned
-long elements, a different vulnerability than CAN-2005-2873.
-
-Notes by Horms:
-upstream: 2.6.12
-2.6.13: not vulnerable
-2.6.12: not vulnerable
-2.6.8-sarge: in svn: net-ipv4-netfilter-ip_recent-last_pkts.dpatch
-2.6.8-sarge-security: in svn: net-ipv4-netfilter-ip_recent-last_pkts.dpatch
-2.4.27-sid/sarge: fixed in 2.4.27-11:179_net-ipv4-netfilter-ip_recent-last_pkts.diff
-2.4.27-sarge-security: in svn: 179_net-ipv4-netfilter-ip_recent-last_pkts.diff
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2872
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050909
+ Category: SF
+ Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322237
+ Reference:
+ CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/chrisw/lsm-2.6.git;a=commit;h=bcfff0b471a60df350338bcd727fc9b8a6aa54b2
+Description:
+ The ipt_recent kernel module (ipt_recent.c) in Linux kernel before
+ 2.6.12, when running on 64-bit processors such as AMD64, allows remote
+ attackers to cause a denial of service (kernel panic) via certain
+ attacks such as SSH brute force, which leads to memset calls using a
+ length based on the u_int32_t type, acting on an array of unsigned
+ long elements, a different vulnerability than CAN-2005-2873.
+upstream: released (2.6.12)
+2.6.13: N/A
+2.6.12: N/A
+2.6.8-sarge: pending [net-ipv4-netfilter-ip_recent-last_pkts.dpatch]
+2.6.8-sarge-security: pending [net-ipv4-netfilter-ip_recent-last_pkts.dpatch]
+2.4.27-sid/sarge: released (2.4.27-11) [179_net-ipv4-netfilter-ip_recent-last_pkts.diff]
+2.4.27-sarge-security: pending [179_net-ipv4-netfilter-ip_recent-last_pkts.diff]
Modified: people/dannf/patchinfo/CAN-2005-2873
==============================================================================
--- people/dannf/patchinfo/CAN-2005-2873 (original)
+++ people/dannf/patchinfo/CAN-2005-2873 Tue Nov 8 07:55:43 2005
@@ -1,28 +1,27 @@
-======================================================
Candidate: CAN-2005-2873
-URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2873
-Final-Decision:
-Interim-Decision:
-Modified:
-Proposed:
-Assigned: 20050909
-Category: SF
-Reference: MISC:http://blog.blackdown.de/2005/05/09/fixing-the-ipt_recent-netfilter-module/
-
-The ipt_recent kernel module (ipt_recent.c) in Linux kernel 2.6.12 and
-earlier does not properly perform certain time tests when the jiffies
-value is greater than LONG_MAX, which can cause ipt_recent netfilter
-rules to block too early, a different vulnerability than
-CAN-2005-2872.
-
-Notes by horms:
-No patch that is acceptable upstream is available
-http://lists.debian.org/debian-kernel/2005/09/msg00257.html
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2873
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050909
+ Category: SF
+ MISC:http://blog.blackdown.de/2005/05/09/fixing-the-ipt_recent-netfilter-module/
+Description:
+ The ipt_recent kernel module (ipt_recent.c) in Linux kernel 2.6.12 and
+ earlier does not properly perform certain time tests when the jiffies
+ value is greater than LONG_MAX, which can cause ipt_recent netfilter
+ rules to block too early, a different vulnerability than
+ CAN-2005-2872.
+Notes:
+ horms> No patch that is acceptable upstream is available
+ http://lists.debian.org/debian-kernel/2005/09/msg00257.html
upstream: vulnerable
-2.6.13: vulnerable: #332381
-2.6.12: vulnerable: #332381
-2.6.8-sarge: vulnerable: #332231
-2.6.8-sarge-security: vulnerable: #332231
-2.4.27-sid/sarge: vulnerable: #332228
-2.4.27-sarge-security: vulnerable: #332228
-
+Bugs: 332381, 332231, 332228
+2.6.13: needed
+2.6.12: needed
+2.6.8-sarge: needed
+2.6.8-sarge-security: needed
+2.4.27-sid/sarge: needed
+2.4.27-sarge-security: needed
Modified: people/dannf/patchinfo/CAN-2005-3044
==============================================================================
--- people/dannf/patchinfo/CAN-2005-3044 (original)
+++ people/dannf/patchinfo/CAN-2005-3044 Tue Nov 8 07:55:43 2005
@@ -1,27 +1,28 @@
-======================================================
Candidate: CAN-2005-3044
-URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3044
-Final-Decision:
-Interim-Decision:
-Modified:
-Proposed:
-Assigned: 20050922
-Category: SF
-Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.13.2
-
-Multiple vulnerabilities in Linux kernel before 2.6.13.2 allow loal
-users to cause a denial of service (kernel OOPS from null dereference)
-via (1) fput in a 32-bit ioctl on 64-bit x86 systems or (2) sockfd_put
-in the 32-bit routing_ioctl function on 64-bit systems.
-
-Notes Horms:
-http://lkml.org/lkml/2005/9/30/218
-upstream: 2.6.13.2
-2.6.13: fixed in 2.6.13-1: linux-2.6.13.2.patch
-2.6.12: fixed in 2.6.12-7: lost-fput-in-32bit-ioctl-on-x86-64.patch
-2.6.8-sarge: in svn: lost-fput-in-32bit-ioctl-on-x86-64.dpatch
-2.6.8-sarge-security: in svn: lost-fput-in-32bit-ioctl-on-x86-64.dpatch
-2.4.27-sid/sarge: code is vulnerable but there is no amd64 for 2.4 in Sarge
-2.4.27-sarge-security: vulnerable but there is no amd64 for 2.4 in Sarge
-
-
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3044
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050922
+ Category: SF
+ Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.13.2
+Description:
+ Multiple vulnerabilities in Linux kernel before 2.6.13.2 allow loal
+ users to cause a denial of service (kernel OOPS from null dereference)
+ via (1) fput in a 32-bit ioctl on 64-bit x86 systems or (2) sockfd_put
+ in the 32-bit routing_ioctl function on 64-bit systems.
+Notes:
+ http://lkml.org/lkml/2005/9/30/218
+ horms> 2.4.27 code is vulnerable but there is no amd64 for 2.4 in Sarge
+ dannf> Though, I guess its possible that someone would try to build an amd64
+ dannf> kernel out of our tree, so I marked 2.4 "needed" below. Lowest of the
+ dannf> low priorities though...
+upstream: released (2.6.13.2)
+2.6.13: released (2.6.13-1) [linux-2.6.13.2.patch]
+2.6.12: released (2.6.12-7) [lost-fput-in-32bit-ioctl-on-x86-64.patch]
+2.6.8-sarge: pending [lost-fput-in-32bit-ioctl-on-x86-64.dpatch]
+2.6.8-sarge-security: pending [lost-fput-in-32bit-ioctl-on-x86-64.dpatch]
+2.4.27-sid/sarge: needed
+2.4.27-sarge-security: needed
Modified: people/dannf/patchinfo/CAN-2005-3053
==============================================================================
--- people/dannf/patchinfo/CAN-2005-3053 (original)
+++ people/dannf/patchinfo/CAN-2005-3053 Tue Nov 8 07:55:43 2005
@@ -1,24 +1,23 @@
-======================================================
Candidate: CAN-2005-3053
-URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3053
-Final-Decision:
-Interim-Decision:
-Modified:
-Proposed:
-Assigned: 20050926
-Category: SF
-Reference: CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@42eef8b09C5r6iI0LuMe5Uy3k05c5g
-
-The sys_set_mempolicy function in mempolicy.c in Linux kernel 2.6.x
-allows local users to cause a denial of service (kernel BUG()) via a
-negative first argument.
-
-Notes Horms:
-http://lkml.org/lkml/2005/9/30/218
-upstream: 2.6.12.5
-2.6.12: fixed in 2.6.12-3
-2.6.8-sarge: in svn: mempolicy-check-mode.dpatch
-2.6.8-sarge-security: in svn: mempolicy-check-mode.dpatch
-2.4.27-sid/sarge: not applicable
-2.4.27-sarge-security: not applicable
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3053
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050926
+ Category: SF
+ Reference: CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@42eef8b09C5r6iI0LuMe5Uy3k05c5g
+Description:
+ The sys_set_mempolicy function in mempolicy.c in Linux kernel 2.6.x
+ allows local users to cause a denial of service (kernel BUG()) via a
+ negative first argument.
+Notes:
+ horms> http://lkml.org/lkml/2005/9/30/218
+upstream: released (2.6.12.5)
+2.6.12: released (2.6.12-3)
+2.6.8-sarge: pending [mempolicy-check-mode.dpatch]
+2.6.8-sarge-security: pending [mempolicy-check-mode.dpatch]
+2.4.27-sid/sarge: N/A
+2.4.27-sarge-security: N/A
Modified: people/dannf/patchinfo/CAN-2005-3055
==============================================================================
--- people/dannf/patchinfo/CAN-2005-3055 (original)
+++ people/dannf/patchinfo/CAN-2005-3055 Tue Nov 8 07:55:43 2005
@@ -1,29 +1,28 @@
-======================================================
Candidate: CAN-2005-3055
-URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3055
-Final-Decision:
-Interim-Decision:
-Modified:
-Proposed:
-Assigned: 20050926
-Category: SF
-Reference: MLIST:[linux-kernel] 20050925 [BUG/PATCH/RFC] Oops while completing async USB via usbdevio
-Reference: URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=112766129313883
-
-Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial
-of service (kernel OOPS) via a userspace process that issues a USB
-Request Block (URB) to a USB device and terminates before the URB is
-finished, which leads to a stale pointer reference.
-
-Notes Horms:
-http://lkml.org/lkml/mbox/2005/10/11/90
-http://lkml.org/lkml/2005/10/11/90
-http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330287;msg=21
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3055
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050926
+ Category: SF
+ MLIST:[linux-kernel] 20050925 [BUG/PATCH/RFC] Oops while completing async USB via usbdevio
+ URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=112766129313883
+Description:
+ Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial
+ of service (kernel OOPS) via a userspace process that issues a USB
+ Request Block (URB) to a USB device and terminates before the URB is
+ finished, which leads to a stale pointer reference.
+Notes:
+ horms> http://lkml.org/lkml/mbox/2005/10/11/90
+ horms> http://lkml.org/lkml/2005/10/11/90
+ horms> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330287;msg=21
upstream: pending
-2.6.13: vulnerable: #330287
-2.6.12: vulnerable: #330287
-2.6.8-sarge: vulnerable: #332596
-2.6.8-sarge-security: vulnerable: #332596
-2.4.27-sid/sarge: not applicable
-2.4.27-sarge-security: not applicable
-
+Bugs: 330287, 33259
+2.6.13: needed
+2.6.12: needed
+2.6.8-sarge: needed
+2.6.8-sarge-security: needed
+2.4.27-sid/sarge: N/A
+2.4.27-sarge-security: N/A
Modified: people/dannf/patchinfo/CAN-2005-3105
==============================================================================
--- people/dannf/patchinfo/CAN-2005-3105 (original)
+++ people/dannf/patchinfo/CAN-2005-3105 Tue Nov 8 07:55:43 2005
@@ -1,32 +1,30 @@
-======================================================
Candidate: CAN-2005-3105
-URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3105
-Final-Decision:
-Interim-Decision:
-Modified:
-Proposed:
-Assigned: 20050930
-Category: SF
-Reference: MISC:http://www.intel.com/cd/ids/developer/asmo-na/eng/215766.htm
-Reference: MISC:http://cache-www.intel.com/cd/00/00/21/57/215792_215792.pdf
-Reference: CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@4248d4019z8HvgrPAji51TKrWiV2uw?nav=index.html|src/|src/mm|related/mm/mprotect.c
-
-The mrpotect code (mprotect.c) in Linux 2.6 on Itanium IA64 Montecito
-processors does not properly maintain cache coherency as required by
-the architecture, which allows local users to cause a denial of
-service and possibly corrupt data by modifying PTE protections.
-
-Extra information from Moritz Muehlenhof:
-ia64 Montecito CPU do not maintain cache coherency correctly, which can be
-exploited by a local DoS.
-http://linux.bkbits.net:8080/linux-2.6/cset@4248d4019z8HvgrPAji51TKrWiV2uw?nav=index.html|src/|src/mm|related/mm/mprotect.c
-
-Notes from Micah and Horms:
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3105
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050930
+ Category: SF
+ Reference: MISC:http://www.intel.com/cd/ids/developer/asmo-na/eng/215766.htm
+ Reference: MISC:http://cache-www.intel.com/cd/00/00/21/57/215792_215792.pdf
+ Reference: CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@4248d4019z8HvgrPAji51TKrWiV2uw?nav=index.html|src/|src/mm|related/mm/mprotect.c
+Description:
+ The mrpotect code (mprotect.c) in Linux 2.6 on Itanium IA64 Montecito
+ processors does not properly maintain cache coherency as required by
+ the architecture, which allows local users to cause a denial of
+ service and possibly corrupt data by modifying PTE protections.
+ .
+ Extra information from Moritz Muehlenhof:
+ ia64 Montecito CPU do not maintain cache coherency correctly, which can be
+ exploited by a local DoS.
+ http://linux.bkbits.net:8080/linux-2.6/cset@4248d4019z8HvgrPAji51TKrWiV2uw?nav=index.html|src/|src/mm|related/mm/mprotect.c
+Bugs: 332569
upstream: 2.6.12
-2.6.13: not vulnerable
-2.6.12: not vulnerable
-2.6.8-sarge: in svn: mckinley_icache.dpatch
-2.6.8-sarge-security: fixed in 2.6.8-16sarge1: mckinley_icache.dpatch
-2.4.27-sid/sarge: vulnerable: #332569
-2.4.27-sarge-security: vulnerable: #332569
-
+2.6.13: N/A
+2.6.12: N/A
+2.6.8-sarge: pending [mckinley_icache.dpatch]
+2.6.8-sarge-security: released (2.6.8-16sarge1) [mckinley_icache.dpatch]
+2.4.27-sid/sarge: needed
+2.4.27-sarge-security: needed
Modified: people/dannf/patchinfo/CAN-2005-3106
==============================================================================
--- people/dannf/patchinfo/CAN-2005-3106 (original)
+++ people/dannf/patchinfo/CAN-2005-3106 Tue Nov 8 07:55:43 2005
@@ -1,31 +1,28 @@
-======================================================
Candidate: CAN-2005-3106
-URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3106
-Final-Decision:
-Interim-Decision:
-Modified:
-Proposed:
-Assigned: 20050930
-Category: SF
-Reference: CONFIRM:http://linux.bkbits.net:8080/linux-2.6/diffs/fs/exec.c@1.156?nav=index.html|src/|src/fs|hist/fs/exec.c
-
-Race condition in Linux 2.6, when threads are sharing memory mapping
-via CLONE_VM (such as linuxthreads and vfork), might allow local users
-to cause a denial of service (deadlock) by triggering a core dump
-while waiting for a thread that has just performed an exec.
-
-Extra information from Moritz Muehlenhof:
-CAN-2005-3106:
-DoS through race condition in processes that share a memory mapping through
-CLONE_VM
-http://linux.bkbits.net:8080/linux-2.6/diffs/fs/exec.c@1.156?nav=index.html|src/|src/fs|hist/fs/exec.c
-
-Notes from Micah and Horms:
-upstream: 2.6.11
-2.6.13: not vulnerable
-2.6.13: not vulnerable
-2.6.8-sarge: in svn: fs-exec-ptrace-core-exec-race.dpatch
-2.6.8-sarge-security: fixed in 2.6.8-16sarge1: fs-exec-ptrace-core-exec-race.dpatch
-2.4.27-sid/sarge: not implemented
-2.4.27-sarge-security: not implemented
-
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3106
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050930
+ Category: SF
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/diffs/fs/exec.c@1.156?nav=index.html|src/|src/fs|hist/fs/exec.c
+Description:
+ Race condition in Linux 2.6, when threads are sharing memory mapping
+ via CLONE_VM (such as linuxthreads and vfork), might allow local users
+ to cause a denial of service (deadlock) by triggering a core dump
+ while waiting for a thread that has just performed an exec.
+ .
+ Extra information from Moritz Muehlenhof:
+ CAN-2005-3106:
+ DoS through race condition in processes that share a memory mapping through
+ CLONE_VM
+ http://linux.bkbits.net:8080/linux-2.6/diffs/fs/exec.c@1.156?nav=index.html|src/|src/fs|hist/fs/exec.c
+upstream: released (2.6.11)
+2.6.13: N/A
+2.6.12: N/A
+2.6.8-sarge: pending [fs-exec-ptrace-core-exec-race.dpatch]
+2.6.8-sarge-security: released (2.6.8-16sarge1) [fs-exec-ptrace-core-exec-race.dpatch]
+2.4.27-sid/sarge: N/A
+2.4.27-sarge-security: N/A
Modified: people/dannf/patchinfo/CAN-2005-3107
==============================================================================
--- people/dannf/patchinfo/CAN-2005-3107 (original)
+++ people/dannf/patchinfo/CAN-2005-3107 Tue Nov 8 07:55:43 2005
@@ -1,31 +1,28 @@
-======================================================
Candidate: CAN-2005-3107
-URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3107
-Final-Decision:
-Interim-Decision:
-Modified:
-Proposed:
-Assigned: 20050930
-Category: SF
-Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.11-rc1/2.6.11-rc1-mm1/broken-out/fix-coredump_wait-deadlock-with-ptracer-tracee-on-shared-mm.patch
-Reference: CONFIRM:http://linux.bkbits.net:8080/linux-2.6/diffs/fs/exec.c@1.155?nav=index.html|src/|src/fs|hist/fs/exec.c
-
-fs/exec.c in Linux 2.6, when one thread is tracing another thread that
-shares the same memory map, might allow local users to cause a denial
-of service (deadlock) by forcing a core dump when the traced thread is
-in the TASK_TRACED state.
-
-Extra information from Moritz Muehlenhof:
-Local DoS through threads tracing each other by forcing a core dump, while the traced
-thread is in TASK_TRACED state.
-http://www.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.11-rc1/2.6.11-rc1-mm1/broken-out/fix-coredump_wait-deadlock-with-ptracer-tracee-on-shared-mm.patch
-
-Notes from Micah and Horms:
-upstream: 2.6.11
-2.6.13: not vulnerable
-2.6.13: not vulnerable
-2.6.8-sarge: in svn: fs-exec-ptrace-deadlock.dpatch
-2.6.8-sarge-security: fixed in 2.6.8-16sarge1: fs-exec-ptrace-deadlock.dpatch
-2.4.27-sid/sarge: not vulnerable
-2.4.27-sarge-security: not vulnerable
-
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3107
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050930
+ Category: SF
+ CONFIRM:http://www.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.11-rc1/2.6.11-rc1-mm1/broken-out/fix-coredump_wait-deadlock-with-ptracer-tracee-on-shared-mm.patch
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/diffs/fs/exec.c@1.155?nav=index.html|src/|src/fs|hist/fs/exec.c
+Description:
+ fs/exec.c in Linux 2.6, when one thread is tracing another thread that
+ shares the same memory map, might allow local users to cause a denial
+ of service (deadlock) by forcing a core dump when the traced thread is
+ in the TASK_TRACED state.
+ .
+ Extra information from Moritz Muehlenhof:
+ Local DoS through threads tracing each other by forcing a core dump, while the traced
+ thread is in TASK_TRACED state.
+ http://www.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.11-rc1/2.6.11-rc1-mm1/broken-out/fix-coredump_wait-deadlock-with-ptracer-tracee-on-shared-mm.patch
+upstream: released (2.6.11)
+2.6.13: N/A
+2.6.12: N/A
+2.6.8-sarge: pending [fs-exec-ptrace-deadlock.dpatch]
+2.6.8-sarge-security: released (2.6.8-16sarge1) [fs-exec-ptrace-deadlock.dpatch]
+2.4.27-sid/sarge: N/A
+2.4.27-sarge-security: N/A
Modified: people/dannf/patchinfo/CAN-2005-3108
==============================================================================
--- people/dannf/patchinfo/CAN-2005-3108 (original)
+++ people/dannf/patchinfo/CAN-2005-3108 Tue Nov 8 07:55:43 2005
@@ -1,30 +1,26 @@
-======================================================
Candidate: CAN-2005-3108
-URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3108
-Final-Decision:
-Interim-Decision:
-Modified:
-Proposed:
-Assigned: 20050930
-Category: SF
-Reference: CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=93ef70a217637ade3f335303a112b22a134a1ec2
-
-mm/ioremap.c in Linux 2.6 on 64-bit x86 systems allows local users to
-cause a denial of service or an information leak via an iremap on a
-certain memory map that causes the iounmap to perform a lookup of a
-page that does not exist.
-
-Extra information from Moritz Muehlenhof:
-DoS and potential information leak in ioremap (seemingly specific to amd64)
-http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=93ef70a217637ade3f335303a112b22a134a1ec2
-
-Notes from Horms:
-Fixed in:
-upstream: 2.6.11.12
-2.6.13: not vulnerable
-2.6.12: not vulnerable
-2.6.8-sarge: applied to svn: arch-x86_64-mm-ioremap-page-lookup.dpatch
-2.6.8-sarge-security: fixed in 2.6.8-16sarge1: arch-x86_64-mm-ioremap-page-lookup.dpatch
-2.4.27-sid/sarge: not implemented
-2.4.27-sarge-security: not implemented
-
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3108
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050930
+ Category: SF
+ CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=93ef70a217637ade3f335303a112b22a134a1ec2
+Description:
+ mm/ioremap.c in Linux 2.6 on 64-bit x86 systems allows local users to
+ cause a denial of service or an information leak via an iremap on a
+ certain memory map that causes the iounmap to perform a lookup of a
+ page that does not exist.
+Notes:
+ Extra information from Moritz Muehlenhof:
+ DoS and potential information leak in ioremap (seemingly specific to amd64)
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=93ef70a217637ade3f335303a112b22a134a1ec2
+upstream: released (2.6.11.12)
+2.6.13: N/A
+2.6.12: N/A
+2.6.8-sarge: pending [arch-x86_64-mm-ioremap-page-lookup.dpatch]
+2.6.8-sarge-security: released (2.6.8-16sarge1) [arch-x86_64-mm-ioremap-page-lookup.dpatch]
+2.4.27-sid/sarge: N/A
+2.4.27-sarge-security: N/A
Modified: people/dannf/patchinfo/CAN-2005-3109
==============================================================================
--- people/dannf/patchinfo/CAN-2005-3109 (original)
+++ people/dannf/patchinfo/CAN-2005-3109 Tue Nov 8 07:55:43 2005
@@ -1,29 +1,26 @@
-======================================================
Candidate: CAN-2005-3109
-URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3109
-Final-Decision:
-Interim-Decision:
-Modified:
-Proposed:
-Assigned: 20050930
-Category: SF
-Reference: CONFIRM:http://www.kernel.org/git/gitweb.cgi?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=945b092011c6af71a0107be96e119c8c08776f3f
-
-The HFS and HFS+ (hfsplus) modules in Linux 2.6 allows attackers to
-cause a denial of service (oops) by using hfsplus to mount a
-filesystem that is not hfsplus.
-
-Extra information from Moritz Muehlenhof:
-Local DoS through oops by mounting a non-HFS+ filesystem as HFS+.
-
-
-Notes from Horms:
-Fixed in:
-upstream: 2.6.11.12
-2.6.13: not vulnerable
-2.6.12: not vulnerable
-2.6.8-sarge: applied to svn: fs-hfs-oops-and-leak.dpatch
-2.6.8-sarge-security: fixed in 2.6.8-16sarge1: fs-hfs-oops-and-leak.dpatch
-2.4.27-sid/sarge: asking upstream: http://lkml.org/lkml/2005/10/7/3/index.html
-2.4.27-sarge-security: asking upstream: http://lkml.org/lkml/2005/10/7/3/index.html
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3109
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050930
+ Category: SF
+ CONFIRM:http://www.kernel.org/git/gitweb.cgi?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=945b092011c6af71a0107be96e119c8c08776f3f
+Description::
+ The HFS and HFS+ (hfsplus) modules in Linux 2.6 allows attackers to
+ cause a denial of service (oops) by using hfsplus to mount a
+ filesystem that is not hfsplus.
+Notes:
+ Extra information from Moritz Muehlenhof:
+ Local DoS through oops by mounting a non-HFS+ filesystem as HFS+.
+ Asking upstream about 2.4: http://lkml.org/lkml/2005/10/7/3/index.html
+upstream: released (2.6.11.12)
+2.6.13: N/A
+2.6.12: N/A
+2.6.8-sarge: pending [fs-hfs-oops-and-leak.dpatch]
+2.6.8-sarge-security: released (2.6.8-16sarge1) [fs-hfs-oops-and-leak.dpatch]
+2.4.27-sid/sarge:
+2.4.27-sarge-security:
Modified: people/dannf/patchinfo/CAN-2005-3110
==============================================================================
--- people/dannf/patchinfo/CAN-2005-3110 (original)
+++ people/dannf/patchinfo/CAN-2005-3110 Tue Nov 8 07:55:43 2005
@@ -1,31 +1,27 @@
-======================================================
Candidate: CAN-2005-3110
-URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3110
-Final-Decision:
-Interim-Decision:
-Modified:
-Proposed:
-Assigned: 20050930
-Category: SF
-Reference: CONFIRM:http://sourceforge.net/mailarchive/forum.php?thread_id=6800453&forum_id=8572
-
-Race condition in ebtables netfilter module (ebtables.c) in Linux 2.6,
-when running on an SMP system that is operating under a heavy load,
-might allow remote attackers to cause a denial of service (crash) via
-a series of packets that cause a value to be modified after it has
-been read but before it has been locked.
-
-Extra information from Moritz Muehlenhof:
-DoS on SMP, potentially 2.4 and 2.6
-http://sourceforge.net/mailarchive/forum.php?thread_id=6800453&forum_id=8572
-
-Notes from Horms:
-Fixed in:
-upstream: 2.6.11.11
-2.6.13: not vulnerable
-2.6.12: not vulnerable
-2.6.8-sarge: added to svn: net-bridge-netfilter-etables-smp-race.dpatch
-2.6.8-sarge-security: fixed in 2.6.8-16sarge1: net-bridge-netfilter-etables-smp-race.dpatch
-2.4.27-sid/sarge: not applicable
-2.4.27-sarge-security: not applicable
-
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3110
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned: 20050930
+ Category: SF
+ Reference: CONFIRM:http://sourceforge.net/mailarchive/forum.php?thread_id=6800453&forum_id=8572
+Description:
+ Race condition in ebtables netfilter module (ebtables.c) in Linux 2.6,
+ when running on an SMP system that is operating under a heavy load,
+ might allow remote attackers to cause a denial of service (crash) via
+ a series of packets that cause a value to be modified after it has
+ been read but before it has been locked.
+Notes:
+ Extra information from Moritz Muehlenhof:
+ DoS on SMP, potentially 2.4 and 2.6
+ http://sourceforge.net/mailarchive/forum.php?thread_id=6800453&forum_id=8572
+upstream: released (2.6.11.11)
+2.6.13: N/A
+2.6.12: N/A
+2.6.8-sarge: pending [net-bridge-netfilter-etables-smp-race.dpatch]
+2.6.8-sarge-security: released (2.6.8-16sarge1) [net-bridge-netfilter-etables-smp-race.dpatch]
+2.4.27-sid/sarge: N/A
+2.4.27-sarge-security: N/A
Modified: people/dannf/patchinfo/CAN-2005-3119
==============================================================================
--- people/dannf/patchinfo/CAN-2005-3119 (original)
+++ people/dannf/patchinfo/CAN-2005-3119 Tue Nov 8 07:55:43 2005
@@ -1,26 +1,23 @@
-======================================================
Candidate: CAN-2005-3119
-URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3119
-Final-Decision:
-Interim-Decision:
-Modified:
-Proposed:
-Assigned:
-Category:
-Reference:
-
-** RESERVED **
-
-Notes from Horms:
-Plug request_key_auth memleak. This can be triggered by unprivileged
-users, so is local DoS.
-http://www.ussg.iu.edu/hypermail/linux/kernel/0510.0/1860.html
-Fixed in:
-upstream: 2.6.13.4
-2.6.13: vulnerable
-2.6.12: pending examination
-2.6.8-sarge: pending examination
-2.6.8-sarge-security: pending examination
-2.4.27-sid/sarge: pending examination
-2.4.27-sarge-security: pending examination
-
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3119
+ Final-Decision:
+ Interim-Decision:
+ Modified:
+ Proposed:
+ Assigned:
+ Category:
+ Reference:
+Description:
+ ** RESERVED **
+Notes:
+ Plug request_key_auth memleak. This can be triggered by unprivileged
+ users, so is local DoS.
+ http://www.ussg.iu.edu/hypermail/linux/kernel/0510.0/1860.html
+upstream: released (2.6.13.4)
+2.6.13: needed
+2.6.12:
+2.6.8-sarge:
+2.6.8-sarge-security:
+2.4.27-sid/sarge:
+2.4.27-sarge-security:
Modified: people/dannf/patchinfo/CAN-2005-3179
==============================================================================
--- people/dannf/patchinfo/CAN-2005-3179 (original)
+++ people/dannf/patchinfo/CAN-2005-3179 Tue Nov 8 07:55:43 2005
@@ -1,24 +1,22 @@
-> > From: Dave Jones <davej at redhat.com>
-> >
-> > Please consider for next 2.6.13, it is a minor security issue allowing
-> > users to turn on drm debugging when they shouldn't...
-
-======================================================
Candidate: CAN-2005-3179
-URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3179
-Reference: CONFIRM:http://www.kernel.org/hg/linux-2.6/?cmd=changeset;node=d7067d7d1f92cba14963a430cfbd53098cbbc8fd
-Reference: CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=107893
-
-drm.c in Linux kernel 2.6.13 and earlier creates a debug file in sysfs
-with world-readable and world-writable permissions, which allows local
-users to enable DRM debugging and obtain sensitive information.
-
-Notes from Horms
-upstream: 2.6.13.4
-2.6.13: applied
-2.6.12: added to svn; drm-module_param-permissions-fix.patch
-2.6.8-sarge: not vulnerable
-2.6.8-sarge-security: not vulnerable
-2.4.27-sid/sarge: not vulnerable
-2.4.27-sarge-security: not vulnerable
-
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3179
+ Reference: CONFIRM:http://www.kernel.org/hg/linux-2.6/?cmd=changeset;node=d7067d7d1f92cba14963a430cfbd53098cbbc8fd
+ Reference: CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=107893
+Description:
+ drm.c in Linux kernel 2.6.13 and earlier creates a debug file in sysfs
+ with world-readable and world-writable permissions, which allows local
+ users to enable DRM debugging and obtain sensitive information.
+Notes:
+ (from Horms)
+ > > From: Dave Jones <davej at redhat.com>
+ > >
+ > > Please consider for next 2.6.13, it is a minor security issue allowing
+ > > users to turn on drm debugging when they shouldn't...
+upstream: released (2.6.13.4)
+2.6.13: pending
+2.6.12: pending [drm-module_param-permissions-fix.patch]
+2.6.8-sarge: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sid/sarge: N/A
+2.4.27-sarge-security: N/A
Modified: people/dannf/patchinfo/CAN-2005-3180
==============================================================================
--- people/dannf/patchinfo/CAN-2005-3180 (original)
+++ people/dannf/patchinfo/CAN-2005-3180 Tue Nov 8 07:55:43 2005
@@ -1,26 +1,23 @@
-> > From: Pavel Roskin <proski at gnu.org>
-> >
-> > The orinoco driver can send uninitialized data exposing random pieces of
-> > the system memory. This happens because data is not padded with zeroes
-> > when its length needs to be increased.
-
-======================================================
Candidate: CAN-2005-3180
-URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3180
-Reference: CONFIRM:http://www.kernel.org/hg/linux-2.6/?cmd=changeset;node=feecb2ffde28639e60ede769c6f817dc536c677b
-
-The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does
-not properly clear memory from a previously used packet whose length
-is increased, which allows remote attackers to obtain sensitive
-information.
-
-Notes from Horms
-upstream: 2.6.13.4
-2.6.13: applied
-2.6.12: added to svn; orinoco-info-leak.patch
-2.6.8-sarge: added to svn; backported; orinoco-info-leak.dpatch
-2.6.8-sarge-security: added to svn; backported; orinoco-info-leak.dpatch
-2.4.27-sid/sarge: added to svn; backported; 192_orinoco-info-leak.diff
-2.4.27-sarge-security: added to svn; backported; 192_orinoco-info-leak.diff
-
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3180
+ CONFIRM:http://www.kernel.org/hg/linux-2.6/?cmd=changeset;node=feecb2ffde28639e60ede769c6f817dc536c677b
+Description:
+ The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does
+ not properly clear memory from a previously used packet whose length
+ is increased, which allows remote attackers to obtain sensitive
+ information.
+Notes:
+ > > From: Pavel Roskin <proski at gnu.org>
+ > >
+ > > The orinoco driver can send uninitialized data exposing random pieces of
+ > > the system memory. This happens because data is not padded with zeroes
+ > > when its length needs to be increased.
+upstream: released (2.6.13.4)
+2.6.13: pending
+2.6.12: pending [orinoco-info-leak.patch]
+2.6.8-sarge: pending [orinoco-info-leak.dpatch]
+2.6.8-sarge-security: pending [orinoco-info-leak.dpatch]
+2.4.27-sid/sarge: pending [192_orinoco-info-leak.diff]
+2.4.27-sarge-security: pending [192_orinoco-info-leak.diff]
Modified: people/dannf/patchinfo/CAN-2005-3181
==============================================================================
--- people/dannf/patchinfo/CAN-2005-3181 (original)
+++ people/dannf/patchinfo/CAN-2005-3181 Tue Nov 8 07:55:43 2005
@@ -1,19 +1,20 @@
-======================================================
Candidate: CAN-2005-3181
-URL: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CAN-2005-3181
-Reference:
-CONFIRM: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=829841146878e082613a49581ae252c071057c23
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CAN-2005-3181
+ Reference:
+ CONFIRM: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=829841146878e082613a49581ae252c071057c23
Description:
Linux kernel before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, uses an
incorrect function to free names_cache memory, which prevents the memory
from being tracked by AUDITSYSCALL code and leads to a memory leak that
allows attackers to cause a denial of service (memory consumption).
-
-Bug:
-fixed-upstream: 2.6.13.4
+Notes:
+ 2.4 isn't vulnerable because AUDITSYSCALL doesn't exist in 2.4
+Bugs:
+upstream: released (2.6.13.4)
2.6.13: released (2.6.13+2.6.14-rc4-0experimental.1)
2.6.8-sarge-security: pending (2.6.8-16sarge2)
2.6.8-sarge: pending (2.6.8-17)
-2.4.27-sarge-security: not vulnerable: AUDITSYSCALL doesn't exist in 2.4
-2.4.27-sarge/sid: not vulnerable: AUDITSYSCALL doesn't exist in 2.4
+2.4.27-sarge-security: N/A
+2.4.27-sarge/sid: N/A
Modified: people/dannf/patchinfo/fix-dst-leak-in-icmp_push_reply
==============================================================================
--- people/dannf/patchinfo/fix-dst-leak-in-icmp_push_reply (original)
+++ people/dannf/patchinfo/fix-dst-leak-in-icmp_push_reply Tue Nov 8 07:55:43 2005
@@ -1,14 +1,12 @@
-======================================================
Candidate: ##NEEDED##
-URL: ##NEEDED##
-Reference: CONFIRM:http://lkml.org/lkml/2005/8/26/173
-
-Description: ##NEEDED##
-
-upstream: 2.6.12.6
-2.6.13: ##NEEDED##
-2.6.12: ##NEEDED##
-2.6.8-sarge: ##NEEDED##
-2.6.8-sarge-security: added to svn; backported; fix-dst-leak-in-icmp_push_reply.dpatch
-2.4.27-sid/sarge: ##NEEDED##
-2.4.27-sarge-security: ##NEEDED##
+References:
+ URL:
+ CONFIRM:http://lkml.org/lkml/2005/8/26/173
+Description:
+upstream: released (2.6.12.6)
+2.6.13:
+2.6.12:
+2.6.8-sarge:
+2.6.8-sarge-security: pending [fix-dst-leak-in-icmp_push_reply.dpatch]
+2.4.27-sid/sarge:
+2.4.27-sarge-security:
Modified: people/dannf/patchinfo/fs-exec-posix-timers-leak-1.dpatch
==============================================================================
--- people/dannf/patchinfo/fs-exec-posix-timers-leak-1.dpatch (original)
+++ people/dannf/patchinfo/fs-exec-posix-timers-leak-1.dpatch Tue Nov 8 07:55:43 2005
@@ -1,19 +1,18 @@
-======================================================
Candidate: CVE-2005-3271
-URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3271
-Reference: MLIST:[linux-kernel] 20040911 [PATCH] exec: fix posix-timers leak and pending signal loss
-Reference: URL:http://www.ussg.iu.edu/hypermail/linux/kernel/0409.1/1107.html
-Reference: CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@414b332fsZQvEUsfzKJIo-q2_ZH0hg
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3271
+ MLIST:[linux-kernel] 20040911 [PATCH] exec: fix posix-timers leak and pending signal loss
+ URL:http://www.ussg.iu.edu/hypermail/linux/kernel/0409.1/1107.html
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@414b332fsZQvEUsfzKJIo-q2_ZH0hg
Description:
Exec in Linux kernel 2.6 does not properly clear posix-timers in
multi-threaded environments, which results in a resource leak and
could allow a large number of multiple local users to cause a denial
of service by using more posix-timers than specified by the quota for
a single user.
-
-Bug: [id, id, ...]
-fixed-upstream: [2.6.9]
-2.6.13: (N/A)
-2.6.12: (N/A)
+Bugs:
+upstream: released (2.6.9)
+2.6.13: N/A
+2.6.12: N/A
2.6.8-sarge-security: released (2.6.8-16sarge1)
-2.4.27-sarge-security: (N/A)
+2.4.27-sarge-security: N/A
Modified: people/dannf/patchinfo/fs_ext2_ext3_xattr-sharing.dpatch
==============================================================================
--- people/dannf/patchinfo/fs_ext2_ext3_xattr-sharing.dpatch (original)
+++ people/dannf/patchinfo/fs_ext2_ext3_xattr-sharing.dpatch Tue Nov 8 07:55:43 2005
@@ -1,20 +1,19 @@
-======================================================
Candidate: CVE-2005-2801
-URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2801
-Reference: MLIST:[Acl-Devel] 20050205 [FIX] Long-standing xattr sharing bug
-Reference: URL:http://acl.bestbits.at/pipermail/acl-devel/2005-February/001848.html
-Reference: MLIST:[debian-kernel] 20050809 Re: ACL patches in Debian 2.4 series kernel.
-Reference: URL:http://lists.debian.org/debian-kernel/2005/08/msg00238.html
-Reference: SUSE:SUSE-SA:2005:018
-Reference: URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2801
+ MLIST:[Acl-Devel] 20050205 [FIX] Long-standing xattr sharing bug
+ URL:http://acl.bestbits.at/pipermail/acl-devel/2005-February/001848.html
+ MLIST:[debian-kernel] 20050809 Re: ACL patches in Debian 2.4 series kernel.
+ URL:http://lists.debian.org/debian-kernel/2005/08/msg00238.html
+ SUSE:SUSE-SA:2005:018
+ URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html
Description:
xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6
does not properly compare the name_index fields when sharing xattr
blocks, which could prevent default ACLs from being applied.
-
-Bug: [id, id, ...]
-fixed-upstream: [2.6.11]
-2.6.13: (pending [(version)]|released [(version)]|N/A)[, backported][pre-requisite.dpatch(, pre-requisite.dpatch)*]
-2.6.12: (pending [(version)]|released [(version)]|N/A)[, backported][pre-requisite.dpatch(, pre-requisite.dpatch)*]
+Bugs:
+upstream: released (2.6.11)
+2.6.13:
+2.6.12:
2.6.8-sarge-security: released (2.6.8-16-sarge1)
-2.4.27-sarge-security: (2.4.27-10sarge1)
+2.4.27-sarge-security: released (2.4.27-10sarge1)
Modified: people/dannf/patchinfo/net-bridge-forwarding-poison-2.dpatch
==============================================================================
--- people/dannf/patchinfo/net-bridge-forwarding-poison-2.dpatch (original)
+++ people/dannf/patchinfo/net-bridge-forwarding-poison-2.dpatch Tue Nov 8 07:55:43 2005
@@ -1,16 +1,14 @@
-======================================================
Candidate: CVE-2005-3272
-URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3272
-Reference:
-CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@1.3097.18.19?nav=index.html|src/|src/net|src/net/bridge|related/net/bridge/br_input.c
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3272
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@1.3097.18.19?nav=index.html|src/|src/net|src/net/bridge|related/net/bridge/br_input.c
Description:
Linux kernel before 2.6.12 allows remote attackers to poison the
bridge forwarding table using frames that have already been dropped by
filtering, which can cause the bridge to forward spoofed packets.
-
-Bug: [id, id, ...]
-fixed-upstream: [2.6.12]
-2.6.13: (pending [(version)]|released [(version)]|N/A)[pre-requisite.dpatch(, pre-requisite.dpatch)*]
-2.6.12: (pending [(version)]|released [(version)]|N/A)[pre-requisite.dpatch(, pre-requisite.dpatch)*]
+Bugs:
+upstream: released (2.6.12)
+2.6.13:
+2.6.12:
2.6.8-sarge-security: released (2.6.8-16sarge1) [net-bridge-forwarding-poison-1.dpatch, net-bridge-mangle-oops-1.dpatch, net-bridge-mangle-oops-2.dpatch]
-2.4.27-sarge-security: (N/A)
+2.4.27-sarge-security: N/A
Modified: people/dannf/patchinfo/net-ipv4-ipvs-conn_tab-race.dpatch
==============================================================================
--- people/dannf/patchinfo/net-ipv4-ipvs-conn_tab-race.dpatch (original)
+++ people/dannf/patchinfo/net-ipv4-ipvs-conn_tab-race.dpatch Tue Nov 8 07:55:43 2005
@@ -1,20 +1,18 @@
-======================================================
Candidate: CVE-2005-3274
-URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3274
-Reference:
-CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=e684f066dff5628bb61ad1912de6e8058b5b4c7d
-Reference: CONFIRM:http://lkml.org/lkml/2005/6/23/249
-Reference: CONFIRM:http://lkml.org/lkml/2005/6/24/173
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3274
+ CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=e684f066dff5628bb61ad1912de6e8058b5b4c7d
+ CONFIRM:http://lkml.org/lkml/2005/6/23/249
+ CONFIRM:http://lkml.org/lkml/2005/6/24/173
Description:
Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4
before 2.4.32-pre2, when running on SMP systems, allows local users to
cause a denial of service (null dereference) by causing a connection
timer to expire while the connection table is being flushed before the
appropriate lock is acquired.
-
-Bug: [id, id, ...]
-fixed-upstream: [2.6.13(, 2.4.32-pre2)]
-2.6.13: (pending [(version)]|released [(version)]|N/A)[, backported][, patch-name-used.diff]
-2.6.12: (pending [(version)]|released [(version)]|N/A)[, backported][, patch-name-used.diff]
+Bugs:
+upstream: released (2.6.13, 2.4.32-pre2)
+2.6.13: N/A
+2.6.12:
2.6.8-sarge-security: released (2.6.8-sarge1)
2.4.27-sarge-security: pending (2.4.27-10sarge1)
Modified: people/dannf/patchinfo/net-ipv6-udp_v6_get_port-loop.patch
==============================================================================
--- people/dannf/patchinfo/net-ipv6-udp_v6_get_port-loop.patch (original)
+++ people/dannf/patchinfo/net-ipv6-udp_v6_get_port-loop.patch Tue Nov 8 07:55:43 2005
@@ -1,13 +1,13 @@
-======================================================
Candidate: CVE-2005-2973
-URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2973
-Reference:
-CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@4342df67SNhRx_3FGhUrrU-FXLlQIA
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2973
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@4342df67SNhRx_3FGhUrrU-FXLlQIA
Description:
Fix infinite loop in udp_v6_get_port().
-
-Bug:
-fixed-upstream: pending (2.6.14-rc4); submitted for inclsuion in 2.4.32-rc2
+Bugs:
+Notes:
+ submitted for inclusion in 2.4.32-rc2
+upstream: released (2.6.14-rc4)
2.6.13: released (2.6.13+2.6.14-rc4-0experimental.1)
2.6.8-sarge-security: pending (2.6.8-16sarge2)
2.6.8-sarge: pending (2.6.8-17)
Modified: people/dannf/patchinfo/net-rose-ndigis-verify.dpatch
==============================================================================
--- people/dannf/patchinfo/net-rose-ndigis-verify.dpatch (original)
+++ people/dannf/patchinfo/net-rose-ndigis-verify.dpatch Tue Nov 8 07:55:43 2005
@@ -1,18 +1,16 @@
-======================================================
Candidate: CVE-2005-3273
-URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3273
-Reference:
-CONFIRM:http://linux.bkbits.net:8080/linux-2.6/diffs/net/rose/rose_route.c@1.16?nav=index.html|src/|src/net|src/net/rose|related/net/rose/rose_route.c|cset@1.2009.1.46
-Reference: CONFIRM:http://lkml.org/lkml/2005/5/23/169
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3273
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/diffs/net/rose/rose_route.c@1.16?nav=index.html|src/|src/net|src/net/rose|related/net/rose/rose_route.c|cset@1.2009.1.46
+ CONFIRM:http://lkml.org/lkml/2005/5/23/169
Description:
The rose_rt_ioctl function in rose_route.c for ROSE in Linux 2.6
kernels prior to 2.6.12 does not properly verify the ndigis argument
for a new route, which allows attackers to trigger array out-of-bounds
errors with a large number of digipeats.
-
-Bug: [id, id, ...]
-fixed-upstream: [2.6.12]
-2.6.13: (pending [(version)]|released [(version)]|N/A)[, backported][, patch-name-used.diff]
-2.6.12: (pending [(version)]|released [(version)]|N/A)[, backported][, patch-name-used.diff]
+Bugs:
+upstream: released (2.6.12)
+2.6.13: N/A
+2.6.12: N/A
2.6.8-sarge-security: pending (2.6.8-16sarge2)
-2.4.27-sarge-security: (N/A)
+2.4.27-sarge-security: N/A
Modified: people/dannf/patchinfo/netfilter-NAT-memory-corruption.dpatch
==============================================================================
--- people/dannf/patchinfo/netfilter-NAT-memory-corruption.dpatch (original)
+++ people/dannf/patchinfo/netfilter-NAT-memory-corruption.dpatch Tue Nov 8 07:55:43 2005
@@ -1,8 +1,7 @@
-======================================================
Candidate: CVE-2005-3275
-URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3275
-Reference:
-CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@1.3596.79.34?nav=index.html|src/|src/net|src/net/ipv4|src/net/ipv4/netfilter|related/net/ipv4/netfilter/ip_nat_proto_udp.c
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3275
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@1.3596.79.34?nav=index.html|src/|src/net|src/net/ipv4|src/net/ipv4/netfilter|related/net/ipv4/netfilter/ip_nat_proto_udp.c
Description:
The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c in
Linux kernel 2.6 before 2.6.13 and 2.4 before 2.4.32-rc1 incorrectly
@@ -10,10 +9,9 @@
cause a denial of service (memory corruption) by causing two packets
for the same protocol to be NATed at the same time, which leads to
memory corruption.
-
-Bug: [id, id, ...]
-fixed-upstream: [2.6.12.3]
-2.6.13: (pending [(version)]|released [(version)]|N/A)[, backported][, patch-name-used.diff]
-2.6.12: (pending [(version)]|released [(version)]|N/A)[, backported][, patch-name-used.diff]
+Bugs:
+upstream: released (2.6.12.3)
+2.6.13:
+2.6.12:
2.6.8-sarge-security: released (2.6.8-16sarge1)
2.4.27-sarge-security: pending (2.4.27-10sarge1)
Modified: people/dannf/patchinfo/plug-names_cache-memleak.dpatch
==============================================================================
--- people/dannf/patchinfo/plug-names_cache-memleak.dpatch (original)
+++ people/dannf/patchinfo/plug-names_cache-memleak.dpatch Tue Nov 8 07:55:43 2005
@@ -1,21 +1,19 @@
-A boilerplate for tracking the status of patches across Debian Kernel trees.
-dannf> should anything go above this line?
-dannf> should we use debian-style rfc822 for this for machine readability?
-======================================================
Candidate: CVE-2005-3257
-URL: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2005-3257
-Reference: MISC:##URL##
-CONFIRM: http://article.gmane.org/gmane.linux.debian.devel.bugs.general/8533
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2005-3257
+ CONFIRM: http://article.gmane.org/gmane.linux.debian.devel.bugs.general/8533
Description:
The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12 allows local
users to use the KDSKBSENT ioctl on terminals of other users and gain
privileges, as demonstrated by modifying key bindings using loadkeys.
+Bugs: 334113
+Notes:
+ Not upstream yet, but in -mm tree
+upstream: pending
+2.6.13:
+2.6.12:
+2.6.8-sarge-security:
+2.6.8-sarge:
+2.4.27-sarge-security:
+2.4.27-sarge/sid:
-Bug: #334113
-fixed-upstream: Not upstream yet, but in -mm tree
-2.6.13: pending upstream
-2.6.12: pending upstream
-2.6.8-sarge-security: pending upstream
-2.6.8-sarge: pending upstream
-2.4.27-sarge-security: pending upstream
-2.4.27-sarge/sid: pending upstream
Modified: people/dannf/patchinfo/setkeys-needs-root.patch
==============================================================================
--- people/dannf/patchinfo/setkeys-needs-root.patch (original)
+++ people/dannf/patchinfo/setkeys-needs-root.patch Tue Nov 8 07:55:43 2005
@@ -1,19 +1,19 @@
-======================================================
Candidate: CAN-2005-3181
-URL: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CAN-2005-3181
-Reference:
-CONFIRM: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=829841146878e082613a49581ae252c071057c23
+References:
+ URL: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CAN-2005-3181
+ CONFIRM: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=829841146878e082613a49581ae252c071057c23
Description:
Linux kernel before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, uses an
incorrect function to free names_cache memory, which prevents the memory
from being tracked by AUDITSYSCALL code and leads to a memory leak that
allows attackers to cause a denial of service (memory consumption).
-
-Bug:
-fixed-upstream: 2.6.13.4
+Notes:
+ 2.4 isn't vulnerable because AUDITSYSCALL doesn't exist in 2.4
+Bugs:
+upstream: released (2.6.13.4)
2.6.13: released (2.6.13+2.6.14-rc4-0experimental.1)
2.6.8-sarge-security: pending (2.6.8-16sarge2)
2.6.8-sarge: pending (2.6.8-17)
-2.4.27-sarge-security: not vulnerable: AUDITSYSCALL doesn't exist in 2.4
-2.4.27-sarge/sid: not vulnerable: AUDITSYSCALL doesn't exist in 2.4
+2.4.27-sarge-security: N/A
+2.4.27-sarge/sid: N/A
Modified: people/dannf/patchinfo/sys_get_thread_area-leak.dpatch
==============================================================================
--- people/dannf/patchinfo/sys_get_thread_area-leak.dpatch (original)
+++ people/dannf/patchinfo/sys_get_thread_area-leak.dpatch Tue Nov 8 07:55:43 2005
@@ -1,16 +1,15 @@
-======================================================
Candidate: CVE-2005-3276
-CONFIRM: http://linux.bkbits.net:8080/linux-2.6/cset@1.3700.4.106?nav=index.html|src/|src/arch|src/arch/i386|src/arch/i386/kernel|related/arch/i386/kernel/process.c
-CONFIRM: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=71ae18ec690953e9ba7107c7cc44589c2cc0d9f1
-REFERENCE: http://lkml.org/lkml/2005/8/3/36
+References:
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@1.3700.4.106?nav=index.html|src/|src/arch|src/arch/i386|src/arch/i386/kernel|related/arch/i386/kernel/process.c
+ CONFIRM: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=71ae18ec690953e9ba7107c7cc44589c2cc0d9f1
+ URL:http://lkml.org/lkml/2005/8/3/36
Description:
The sys_get_thread_area function in Linux 2.6 kernels prior to 2.6.12.4 and
2.6.13 does not entirely clear a user_desc structure before copying it
to userspace, resulting in a small information leak.
-
-Bug: [id, id, ...]
-fixed-upstream: [2.6.12.4]
-2.6.13: (pending [(version)]|released [(version)]|N/A)[, backported][, patch-name-used.diff]
-2.6.12: (pending [(version)]|released [(version)]|N/A)[, backported][, patch-name-used.diff]
+Bugs:
+upstream: released (2.6.12.4)
+2.6.13:
+2.6.12:
2.6.8-sarge-security: pending (2.6.8-16sarge2)
-2.4.27-sarge-security: (N/A)
+2.4.27-sarge-security: N/A
More information about the Kernel-svn-changes
mailing list