[kernel] r4860 - patch-tracking
Dann Frazier
dannf at costa.debian.org
Mon Nov 21 23:39:26 UTC 2005
Author: dannf
Date: Mon Nov 21 23:39:25 2005
New Revision: 4860
Added:
patch-tracking/CAN-2003-0465
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2004-0136
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2004-0415
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2004-0427
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2004-0447
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2004-0491
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2004-0495
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2004-0497
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2004-0535
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2004-0554
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2004-0565
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2004-0587
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2004-0596
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2004-0685
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2004-0790
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2004-0812
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2004-0813
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2004-0814
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2004-0816
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2004-0883
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2004-0949
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2004-1016
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2004-1017
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2004-1056
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2004-1057
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2004-1058
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2004-1070
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2004-1071
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2004-1072
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2004-1073
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2004-1074
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2004-1137
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2004-1144
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2004-1151
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2004-1234
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2004-1235
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2004-1333
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2004-1335
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2004-1337
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2005-0001
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2005-0003
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2005-0135
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2005-0136
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2005-0137
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2005-0177
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2005-0178
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2005-0204
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2005-0207
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2005-0209
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2005-0210
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2005-0384
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2005-0400
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2005-0529
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2005-0530
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2005-0531
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2005-0532
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2005-0749
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2005-0750
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2005-0815
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2005-0839
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2005-1263
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/CAN-2005-1264
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/moxa-serial-bounds-checking
- copied, changed from r4853, patch-tracking/00boilerplate
patch-tracking/sdla_xfer-bounds-checking
- copied, changed from r4853, patch-tracking/00boilerplate
Log:
here's a bunch of old issues - most of which are already fixed in sarge, but
not in woody.
Copied: patch-tracking/CAN-2003-0465 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2003-0465 Mon Nov 21 23:39:25 2005
@@ -1,8 +1,20 @@
-Candidate:
+Candidate: CAN-2003-0465
References:
-Description:
+ CONFIRM:http://marc.theaimsgroup.com/?l=linux-kernel&m=105796021120436&w=2
+ CONFIRM:http://marc.theaimsgroup.com/?l=linux-kernel&m=105796415223490&w=2
+ REDHAT:RHSA-2004:188
+ URL:http://www.redhat.com/support/errata/RHSA-2004-188.html
+Description:
+ The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad
+ the buffer on architectures other than x86, as opposed to the expected
+ behavior of strncpy as implemented in libc, which could lead to
+ information leaks.
Notes:
-Bugs:
+ 2.4.27-8 fixes s390x, ppc64 and s390 but leaves mips & alpha unfixed.
+ .
+ horms> N.B. This bug appears to be minor at best
+ horms> http://marc.theaimsgroup.com/?l=linux-kernel&m=105796021120436&w=2
+Bugs:
upstream:
2.6.14:
2.6.8-sarge-security:
Copied: patch-tracking/CAN-2004-0136 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2004-0136 Mon Nov 21 23:39:25 2005
@@ -1,7 +1,19 @@
-Candidate:
+Candidate: CVE-2004-0136
References:
+ REDHAT:RHSA-2004:549
+ URL:http://www.redhat.com/support/errata/RHSA-2004-549.html
+ SGI:20040601-01-P
+ URL:ftp://patches.sgi.com/support/free/security/advisories/20040601-01-P.asc
+ XF:irix-mapelf32exec-dos(16416)
+ URL:http://xforce.iss.net/xforce/xfdb/16416
+ BID:10547
+ URL:http://www.securityfocus.com/bid/10547
Description:
+ The mapelf32exec function call in IRIX 6.5.20 through 6.5.24 allows local
+ users to cause a denial of service (system crash) via a "corrupted binary."
Notes:
+ Strange description, but I think this is actually a Linux issue; note the
+ RedHat URLs above.
Bugs:
upstream:
2.6.14:
Copied: patch-tracking/CAN-2004-0415 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2004-0415 Mon Nov 21 23:39:25 2005
@@ -1,12 +1,28 @@
-Candidate:
+Candidate: CVE-2004-0415
References:
+ CONECTIVA:CLA-2004:879
+ URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000879
+ GENTOO:GLSA-200408-24
+ URL:http://www.gentoo.org/security/en/glsa/glsa-200408-24.xml
+ MANDRAKE:MDKSA-2004:087
+ URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:087
+ REDHAT:RHSA-2004:413
+ URL:http://www.redhat.com/support/errata/RHSA-2004-413.html
+ REDHAT:RHSA-2004:418
+ URL:http://www.redhat.com/support/errata/RHSA-2004-418.html
+ SGI:20040804-01-U
+ URL:ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc
+ XF:linux-pointer-info-disclosure(16877)
+ URL:http://xforce.iss.net/xforce/xfdb/16877
Description:
+ Linux kernel does not properly convert 64-bit file offset pointers to 32 bits,
+ which allows local users to access portions of kernel memory.
Notes:
Bugs:
-upstream:
+upstream: released (2.4.27)
2.6.14:
2.6.8-sarge-security:
-2.4.27-sarge-security:
+2.4.27-sarge-security: N/A
2.6.8:
2.4.19-woody-security:
2.4.18-woody-security:
Copied: patch-tracking/CAN-2004-0427 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2004-0427 Mon Nov 21 23:39:25 2005
@@ -1,13 +1,67 @@
-Candidate:
+Candidate: CVE-2004-0427
References:
+ MLIST:[linux-kernel] 20040408 [PATCH]: 2.4/2.6 do_fork() error path memory leak
+ URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=108139073506983&w=2
+ CONECTIVA:CLA-2004:846
+ URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846
+ ENGARDE:ESA-20040428-004
+ FEDORA:FEDORA-2004-111
+ URL:http://fedoranews.org/updates/FEDORA-2004-111.shtml
+ GENTOO:GLSA-200407-02
+ URL:http://security.gentoo.org/glsa/glsa-200407-02.xml
+ MANDRAKE:MDKSA-2004:037
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:037
+ REDHAT:RHSA-2004:255
+ URL:http://www.redhat.com/support/errata/RHSA-2004-255.html
+ REDHAT:RHSA-2004:260
+ URL:http://www.redhat.com/support/errata/RHSA-2004-260.html
+ REDHAT:RHSA-2004:327
+ URL:http://www.redhat.com/support/errata/RHSA-2004-327.html
+ SGI:20040504-01-U
+ URL:ftp://patches.sgi.com/support/free/security/advisories/20040504-01-U.asc
+ SGI:20040505-01-U
+ URL:ftp://patches.sgi.com/support/free/security/advisories/20040505-01-U.asc
+ SUSE:SuSE-SA:2004:010
+ URL:http://www.novell.com/linux/security/advisories/2004_10_kernel.html
+ TURBO:TLSA-2004-14
+ URL:http://www.turbolinux.com/security/2004/TLSA-2004-14.txt
+ MISC:http://linux.bkbits.net:8080/linux-2.4/cset@407bf20eDeeejm8t36_tpvSE-8EFHA
+ MISC:http://linux.bkbits.net:8080/linux-2.6/cset@407b1217x4jtqEkpFW2g_-RcF0726A
+ CIAC:O-164
+ URL:http://www.ciac.org/ciac/bulletins/o-164.shtml
+ BID:10221
+ URL:http://www.securityfocus.com/bid/10221
+ SECUNIA:11429
+ URL:http://secunia.com/advisories/11429
+ SECUNIA:11464
+ URL:http://secunia.com/advisories/11464
+ SECUNIA:11486
+ URL:http://secunia.com/advisories/11486
+ SECUNIA:11541
+ URL:http://secunia.com/advisories/11541
+ SECUNIA:11861
+ URL:http://secunia.com/advisories/11861
+ SECUNIA:11891
+ URL:http://secunia.com/advisories/11891
+ SECUNIA:11892
+ URL:http://secunia.com/advisories/11892
+ OVAL:OVAL2819
+ URL:http://oval.mitre.org/oval/definitions/data/oval2819.html
+ XF:linux-dofork-memory-leak(16002)
+ URL:http://xforce.iss.net/xforce/xfdb/16002
Description:
+ The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before 2.6.6,
+ does not properly decrement the mm_count counter when an error occurs after
+ the mm_struct for a child process has been activated, which triggers a memory
+ leak that allows local users to cause a denial of service (memory exhaustion)
+ via the clone (CLONE_VM) system call.
Notes:
Bugs:
-upstream:
-2.6.14:
-2.6.8-sarge-security:
-2.4.27-sarge-security:
-2.6.8:
+upstream: released (2.4.26, 2.6.6)
+2.6.14: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.6.8: N/A
2.4.19-woody-security:
2.4.18-woody-security:
2.4.17-woody-security:
Copied: patch-tracking/CAN-2004-0447 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2004-0447 Mon Nov 21 23:39:25 2005
@@ -1,6 +1,24 @@
-Candidate:
+Candidate: CVE-2004-0447
References:
+ MLIST:[owl-users] 20040619 Linux 2.4.26-ow2
+ URL:http://archives.neohapsis.com/archives/linux/owl/2004-q2/0038.html
+ GENTOO:GLSA-200407-16
+ URL:http://security.gentoo.org/glsa/glsa-200407-16.xml
+ REDHAT:RHSA-2004:413
+ URL:http://www.redhat.com/support/errata/RHSA-2004-413.html
+ SGI:20040804-01-U
+ URL:ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc
+ CIAC:O-193
+ URL:http://www.ciac.org/ciac/bulletins/o-193.shtml
+ BID:10783
+ URL:http://www.securityfocus.com/bid/10783
+ XF:linux-ia64-dos(16661)
+ URL:http://xforce.iss.net/xforce/xfdb/16661
Description:
+ Unknown vulnerability in Linux before 2.4.26 for IA64 allows local users to
+ cause a denial of service, with unknown impact. NOTE: due to a typo, this
+ issue was accidentally assigned CVE-2004-0477. This is the proper candidate to
+ use for the Linux local DoS.
Notes:
Bugs:
upstream:
Copied: patch-tracking/CAN-2004-0491 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2004-0491 Mon Nov 21 23:39:25 2005
@@ -1,6 +1,15 @@
-Candidate:
+Candidate: CVE-2004-0491
References:
+ CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=126411
+ MLIST:[linux-kernel] 20040402 Re: disable-cap-mlock
+ URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=108087017610947&w=2
+ OVAL:OVAL1117
+ URL:http://oval.mitre.org/oval/definitions/data/oval1117.html
Description:
+ The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not properly
+ maintain the mlock page count when one process unlocks pages that belong to
+ another process, which allows local users to mlock more memory than specified
+ by the rlimit.
Notes:
Bugs:
upstream:
Copied: patch-tracking/CAN-2004-0495 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2004-0495 Mon Nov 21 23:39:25 2005
@@ -1,6 +1,31 @@
-Candidate:
+Candidate: CVE-2004-0495
References:
+ CONECTIVA:CLA-2004:845
+ URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000845
+ CONECTIVA:CLA-2004:846
+ URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846
+ FEDORA:FEDORA-2004-186
+ URL:http://lwn.net/Articles/91155/
+ GENTOO:GLSA-200407-02
+ URL:http://security.gentoo.org/glsa/glsa-200407-02.xml
+ MANDRAKE:MDKSA-2004:066
+ URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:066
+ REDHAT:RHSA-2004:255
+ URL:http://www.redhat.com/support/errata/RHSA-2004-255.html
+ REDHAT:RHSA-2004:260
+ URL:http://www.redhat.com/support/errata/RHSA-2004-260.html
+ SUSE:SUSE-SA:2004:020
+ URL:http://www.novell.com/linux/security/advisories/2004_20_kernel.html
+ OVAL:OVAL2961
+ URL:http://oval.mitre.org/oval/definitions/data/oval2961.html
+ XF:linux-drivers-gain-privileges(16449)
+ URL:http://xforce.iss.net/xforce/xfdb/16449
+ BID:10566
+ URL:http://www.securityfocus.com/bid/10566
Description:
+ Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users
+ to gain privileges or access kernel memory, as found by the Sparse source code
+ checking tool.
Notes:
Bugs:
upstream:
Copied: patch-tracking/CAN-2004-0497 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2004-0497 Mon Nov 21 23:39:25 2005
@@ -1,7 +1,22 @@
-Candidate:
+Candidate: CVE-2004-0497
References:
+ CONECTIVA:CLA-2004:852
+ URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000852
+ MANDRAKE:MDKSA-2004:066
+ URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:066
+ REDHAT:RHSA-2004:354
+ URL:http://www.redhat.com/support/errata/RHSA-2004-354.html
+ REDHAT:RHSA-2004:360
+ URL:http://www.redhat.com/support/errata/RHSA-2004-360.html
+ SUSE:SUSE-SA:2004:020
+ URL:http://www.novell.com/linux/security/advisories/2004_20_kernel.html
+ XF:linux-fchown-groupid-modify(16599)
+ URL:http://xforce.iss.net/xforce/xfdb/16599
Description:
+ Unknown vulnerability in Linux kernel 2.x may allow local users to modify the
+ group ID of files, such as NFS exported files in kernel 2.4.
Notes:
+ Changelog shows fixed in 2.4.26-3
Bugs:
upstream:
2.6.14:
Copied: patch-tracking/CAN-2004-0535 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2004-0535 Mon Nov 21 23:39:25 2005
@@ -1,12 +1,38 @@
-Candidate:
+Candidate: CVE-2004-0535
References:
+ CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.4/testing/patch-2.4.27.log
+ CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=125168
+ CONECTIVA:CLA-2004:845
+ URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000845
+ FEDORA:FEDORA-2004-186
+ URL:http://lwn.net/Articles/91155/
+ GENTOO:GLSA-200407-02
+ URL:http://security.gentoo.org/glsa/glsa-200407-02.xml
+ MANDRAKE:MDKSA-2004:062
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:062
+ REDHAT:RHSA-2004:413
+ URL:http://www.redhat.com/support/errata/RHSA-2004-413.html
+ REDHAT:RHSA-2004:418
+ URL:http://www.redhat.com/support/errata/RHSA-2004-418.html
+ SGI:20040804-01-U
+ URL:ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc
+ SUSE:SUSE-SA:2004:020
+ URL:http://www.novell.com/linux/security/advisories/2004_20_kernel.html
+ XF:linux-e1000-bo(16159)
+ URL:http://xforce.iss.net/xforce/xfdb/16159
+ BID:10352
+ URL:http://www.securityfocus.com/bid/10352
Description:
+ The e1000 driver for Linux kernel 2.4.26 and earlier does not properly
+ initialize memory before using it, which allows local users to read portions
+ of kernel memory. NOTE: this issue was originally incorrectly reported as a
+ "buffer overflow" by some sources.
Notes:
Bugs:
-upstream:
+upstream: released (2.4.27)
2.6.14:
2.6.8-sarge-security:
-2.4.27-sarge-security:
+2.4.27-sarge-security: N/A
2.6.8:
2.4.19-woody-security:
2.4.18-woody-security:
Copied: patch-tracking/CAN-2004-0554 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2004-0554 Mon Nov 21 23:39:25 2005
@@ -1,6 +1,42 @@
-Candidate:
+Candidate: CVE-2004-0554
References:
+ MISC:http://gcc.gnu.org/bugzilla/show_bug.cgi?id=15905
+ MISC:http://linuxreviews.org/news/2004-06-11_kernel_crash/index.html
+ MLIST:[linux-kernel] 20040609 timer + fpu stuff locks my console race
+ URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=108681568931323&w=2
+ CONECTIVA:CLA-2004:845
+ URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000845
+ ENGARDE:ESA-20040621-005
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108793699910896&w=2
+ FEDORA:FEDORA-2004-186
+ URL:http://lwn.net/Articles/91155/
+ GENTOO:GLSA-200407-02
+ URL:http://security.gentoo.org/glsa/glsa-200407-02.xml
+ MANDRAKE:MDKSA-2004:062
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:062
+ REDHAT:RHSA-2004:255
+ URL:http://www.redhat.com/support/errata/RHSA-2004-255.html
+ REDHAT:RHSA-2004:260
+ URL:http://www.redhat.com/support/errata/RHSA-2004-260.html
+ SUSE:SuSE-SA:2004:017
+ URL:http://www.novell.com/linux/security/advisories/2004_17_kernel.html
+ TRUSTIX:2004-0034
+ URL:http://www.trustix.net/errata/2004/0034/
+ BUGTRAQ:20040620 TSSA-2004-011 - kernel
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108786114032681&w=2
+ CERT-VN:VU#973654
+ URL:http://www.kb.cert.org/vuls/id/973654
+ OVAL:OVAL2915
+ URL:http://oval.mitre.org/oval/definitions/data/oval2915.html
+ XF:linux-dos(16412)
+ URL:http://xforce.iss.net/xforce/xfdb/16412
+ BID:10566
+ URL:http://www.securityfocus.com/bid/10566
Description:
+ Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of
+ service (system crash), possibly via an infinite loop that triggers a signal
+ handler with a certain sequence of fsave and frstor instructions, as
+ originally demonstrated using a "crash.c" program.
Notes:
Bugs:
upstream:
Copied: patch-tracking/CAN-2004-0565 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2004-0565 Mon Nov 21 23:39:25 2005
@@ -1,12 +1,22 @@
-Candidate:
+Candidate: CVE-2004-0565
References:
+ MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124734
+ MLIST:[owl-users] 20040619 Linux 2.4.26-ow2
+ URL:http://archives.neohapsis.com/archives/linux/owl/2004-q2/0038.html
+ MANDRAKE:MDKSA-2004:066
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:066
+ XF:linux-ia64-info-disclosure(16644)
+ URL:http://xforce.iss.net/xforce/xfdb/16644
Description:
+ Floating point information leak in the context switch code for Linux 2.4.x
+ only checks the MFH bit but does not verify the FPH owner, which allows local
+ users to read register values of other processes by setting the MFH bit.
Notes:
Bugs:
-upstream:
+upstream: released (2.4.27)
2.6.14:
2.6.8-sarge-security:
-2.4.27-sarge-security:
+2.4.27-sarge-security: N/A
2.6.8:
2.4.19-woody-security:
2.4.18-woody-security:
Copied: patch-tracking/CAN-2004-0587 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2004-0587 Mon Nov 21 23:39:25 2005
@@ -1,7 +1,31 @@
-Candidate:
+Candidate: CVE-2004-0587
References:
+ FEDORA:FEDORA-2004-186
+ URL:http://lwn.net/Articles/91155/
+ MANDRAKE:MDKSA-2004:066
+ URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:066
+ REDHAT:RHSA-2004:413
+ URL:http://www.redhat.com/support/errata/RHSA-2004-413.html
+ REDHAT:RHSA-2004:418
+ URL:http://www.redhat.com/support/errata/RHSA-2004-418.html
+ SGI:20040804-01-U
+ URL:ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc
+ SUSE:SuSE-SA:2004:010
+ URL:http://www.novell.com/linux/security/advisories/2004_10_kernel.html
+ BID:10279
+ URL:http://www.securityfocus.com/bid/10279
+ SECTRACK:1010057
+ URL:http://securitytracker.com/id?1010057
+ XF:suse-hbaapinode-dos(16062)
+ URL:http://xforce.iss.net/xforce/xfdb/16062
Description:
+ Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Linux
+ allows local users to cause a denial of service.
Notes:
+ 2.4.26-3 has the note:
+ CAN-2004-0587 code is not present, not vulnerable
+ So the question is, did the code get added when we moved to 2.4.27, and
+ was it still vulnerable?
Bugs:
upstream:
2.6.14:
Copied: patch-tracking/CAN-2004-0596 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2004-0596 Mon Nov 21 23:39:25 2005
@@ -1,13 +1,21 @@
-Candidate:
+Candidate: CVE-2004-0596
References:
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@40d4aa72hPLWy-jMLr0eJAXMxHcNZg
+ XF:linux-eql-dos(16694)
+ URL:http://xforce.iss.net/xforce/xfdb/16694
+ BID:10730
+ URL:http://www.securityfocus.com/bid/10730
Description:
+ The Equalizer Load-balancer for serial network interfaces (eql.c) in Linux
+ kernel 2.6.x up to 2.6.7 allows local users to cause a denial of service via a
+ non-existent device name that triggers a null dereference.
Notes:
Bugs:
upstream:
-2.6.14:
-2.6.8-sarge-security:
+2.6.14: N/A
+2.6.8-sarge-security: N/A
2.4.27-sarge-security:
-2.6.8:
+2.6.8: N/A
2.4.19-woody-security:
2.4.18-woody-security:
2.4.17-woody-security:
Copied: patch-tracking/CAN-2004-0685 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2004-0685 Mon Nov 21 23:39:25 2005
@@ -1,12 +1,29 @@
-Candidate:
+Candidate: CVE-2004-0685
References:
+ FEDORA:FLSA:2336
+ URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
+ GENTOO:GLSA-200408-24
+ URL:http://www.gentoo.org/security/en/glsa/glsa-200408-24.xml
+ TRUSTIX:2004-0041
+ URL:http://www.trustix.net/errata/2004/0041/
+ CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127921
+ CERT-VN:VU#981134
+ URL:http://www.kb.cert.org/vuls/id/981134
+ BID:10892
+ URL:http://www.securityfocus.com/bid/10892
+ XF:linux-usb-gain-privileges(16931)
+ URL:http://xforce.iss.net/xforce/xfdb/16931
+ MISC:http://www.securityspace.com/smysecure/catid.html?id=14580
Description:
+ Certain USB drivers in the Linux 2.4 kernel use the copy_to_user function on
+ uninitialized structures, which could allow local users to obtain sensitive
+ information by reading memory that was not cleared from previous usage.
Notes:
Bugs:
-upstream:
+upstream: released (2.4.27)
2.6.14:
2.6.8-sarge-security:
-2.4.27-sarge-security:
+2.4.27-sarge-security: N/A
2.6.8:
2.4.19-woody-security:
2.4.18-woody-security:
Copied: patch-tracking/CAN-2004-0790 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2004-0790 Mon Nov 21 23:39:25 2005
@@ -1,13 +1,41 @@
-Candidate:
+Candidate: CVE-2004-0790
References:
+ MISC:http://www.watersprings.org/pub/id/draft-gont-tcpm-icmp-attacks-03.txt
+ MISC:http://www.uniras.gov.uk/niscc/docs/al-20050412-00308.html?lang=en
+ MISC:http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html
+ HP:HPSBTU01210
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=112861397904255&w=2
+ HP:SSRT4743
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=112861397904255&w=2
+ HP:SSRT4884
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=112861397904255&w=2
+ MS:MS05-019
+ URL:http://www.microsoft.com/technet/security/bulletin/ms05-019.mspx
+ SUNALERT:57746
+ URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-57746-1
+ OVAL:OVAL3458
+ URL:http://oval.mitre.org/oval/definitions/data/oval3458.html
+ OVAL:OVAL1910
+ URL:http://oval.mitre.org/oval/definitions/data/oval1910.html
+ OVAL:OVAL4804
+ URL:http://oval.mitre.org/oval/definitions/data/oval4804.html
Description:
+ Multiple TCP/IP and ICMP implementations allow remote attackers to cause a
+ denial of service (reset TCP connections) via spoofed ICMP error messages, aka
+ the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and
+ CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065,
+ CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that
+ are SPLIT based on the underlying vulnerability. While CVE normally SPLITs
+ based on vulnerability, the attack-based identifiers exist due to the variety
+ and number of affected implementations and solutions that address the attacks
+ instead of the underlying vulnerabilities.
Notes:
-Bugs:
+Bugs: 305655
upstream:
2.6.14:
-2.6.8-sarge-security:
-2.4.27-sarge-security:
-2.6.8:
+2.6.8-sarge-security: released (2.6.8-16) [net-ipv4-icmp-quench.dpatch]
+2.4.27-sarge-security: released (2.4.27-10) [164_net-ipv4-icmp-quench.diff]
+2.6.8: released (2.6.8-16) [net-ipv4-icmp-quench.dpatch]
2.4.19-woody-security:
2.4.18-woody-security:
2.4.17-woody-security:
Copied: patch-tracking/CAN-2004-0812 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2004-0812 Mon Nov 21 23:39:25 2005
@@ -1,6 +1,21 @@
-Candidate:
+Candidate: CVE-2004-0812
References:
+ REDHAT:RHSA-2004:549
+ URL:http://www.redhat.com/support/errata/RHSA-2004-549.html
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@3fad673ber4GuU7iWppydzNIyLntEQ
+ CIAC:P-047
+ URL:http://www.ciac.org/ciac/bulletins/p-047.shtml
+ BID:11794
+ URL:http://www.securityfocus.com/bid/11794
+ SECUNIA:13359
+ URL:http://secunia.com/advisories/13359
+ XF:linux-tss-gain-privilege(18346)
+ URL:http://xforce.iss.net/xforce/xfdb/18346
Description:
+Unknown vulnerability in the Linux kernel before 2.4.23, on the AMD AMD64 and
+ Intel EM64T architectures, associated with "setting up TSS limits," allows
+ local users to cause a denial of service (crash) and possibly execute
+ arbitrary code.
Notes:
Bugs:
upstream:
Copied: patch-tracking/CAN-2004-0813 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2004-0813 Mon Nov 21 23:39:25 2005
@@ -1,6 +1,12 @@
-Candidate:
+Candidate: CVE-2004-0813
References:
+ MISC:http://lkml.org/lkml/2004/7/30/147
+ XF:linux-sgio-gain-privileges(17505)
+ URL:http://xforce.iss.net/xforce/xfdb/17505
Description:
+ Unknown vulnerability in the SG_IO functionality in ide-cd allows local users
+ to bypass read-only access and perform unauthorized write and erase
+ operations.
Notes:
Bugs:
upstream:
Copied: patch-tracking/CAN-2004-0814 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2004-0814 Mon Nov 21 23:39:25 2005
@@ -1,13 +1,35 @@
-Candidate:
+Candidate: CVE-2004-0814
References:
+ BUGTRAQ:20041020 CAN-2004-0814: Linux terminal layer races
+ URL:http://www.securityfocus.com/archive/1/379005
+ CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=131672
+ CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=133110
+ FEDORA:FLSA:2336
+ URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
+ MANDRAKE:MDKSA-2005:022
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ BUGTRAQ:20041214 [USN-38-1] Linux kernel vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110306397320336&w=2
+ BID:11491
+ URL:http://www.securityfocus.com/bid/11491
+ BID:11492
+ URL:http://www.securityfocus.com/bid/11492
+ XF:linux-tiocsetd-race-condition(17816)
+ URL:http://xforce.iss.net/xforce/xfdb/17816
Description:
+ Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6.x
+ before 2.6.9, allow (1) local users to obtain portions of kernel data via a
+ TIOCSETD ioctl call to a terminal interface that is being accessed by another
+ thread, or (2) remote attackers to cause a denial of service (panic) by
+ switching from console to PPP line discipline, then quickly sending data that
+ is received during the switch.
Notes:
Bugs:
upstream:
2.6.14:
-2.6.8-sarge-security:
-2.4.27-sarge-security:
-2.6.8:
+2.6.8-sarge-security: released (2.6.8-8) [tty-locking-fixes.dpatch, tty-locking-fixes2.dpatch, tty-locking-fixes3.dpatch, tty-locking-fixes4.dpatch, tty-locking-fixes5.dpatch, tty-locking-fixes6.dpatch, tty-locking-fixes7.dpatch, tty-locking-fixes8.dpatch]
+2.4.27-sarge-security: released (2.4.27-7) [093_tty_lockup.diff, 093_tty_lockup-2.diff, 115_tty_lockup-3.diff, 093-tty_lockup-3.diff]
+2.6.8: released (2.6.8-8) [tty-locking-fixes.dpatch, tty-locking-fixes2.dpatch, tty-locking-fixes3.dpatch, tty-locking-fixes4.dpatch, tty-locking-fixes5.dpatch, tty-locking-fixes6.dpatch, tty-locking-fixes7.dpatch, tty-locking-fixes8.dpatch]
2.4.19-woody-security:
2.4.18-woody-security:
2.4.17-woody-security:
Copied: patch-tracking/CAN-2004-0816 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2004-0816 Mon Nov 21 23:39:25 2005
@@ -1,6 +1,19 @@
-Candidate:
+Candidate: CVE-2004-0816
References:
+ MANDRAKE:MDKSA-2005:022
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ SUSE:SUSE-SA:2004:037
+ URL:http://www.novell.com/linux/security/advisories/2004_37_kernel.html
+ BID:11488
+ URL:http://www.securityfocus.com/bid/11488
+ SECUNIA:11202
+ URL:http://secunia.com/advisories/11202/
+ XF:linux-ip-packet-dos(17800)
+ URL:http://xforce.iss.net/xforce/xfdb/17800
Description:
+ Integer underflow in the firewall logging rules for iptables in Linux before
+ 2.6.8 allows remote attackers to cause a denial of service (application crash)
+ via a malformed IP packet.
Notes:
Bugs:
upstream:
Copied: patch-tracking/CAN-2004-0883 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2004-0883 Mon Nov 21 23:39:25 2005
@@ -1,6 +1,38 @@
-Candidate:
+Candidate: CVE-2004-0883
References:
+ BUGTRAQ:20041117 Advisory 14/2004: Linux 2.x smbfs multiple remote vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110072140811965&w=2
+ MISC:http://security.e-matters.de/advisories/142004.html
+ BUGTRAQ:20041118 [USN-30-1] Linux kernel vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110082989725345&w=2
+ FEDORA:FLSA:2336
+ URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
+ MANDRAKE:MDKSA-2005:022
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ REDHAT:RHSA-2004:537
+ URL:http://www.redhat.com/support/errata/RHSA-2004-537.html
+ CERT-VN:VU#726198
+ URL:http://www.kb.cert.org/vuls/id/726198
+ SECUNIA:13232
+ URL:http://secunia.com/advisories/13232/
+ BID:11695
+ URL:http://www.securityfocus.com/bid/11695
+ XF:linux-smbprocreadxdata-dos(18135)
+ URL:http://xforce.iss.net/xforce/xfdb/18135
+ XF:linux-smb-response-dos(18134)
+ URL:http://xforce.iss.net/xforce/xfdb/18134
+ XF:linux-smbreceivetrans2-dos(18136)
+ URL:http://xforce.iss.net/xforce/xfdb/18136
Description:
+ Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4
+ and 2.6 allow remote samba servers to cause a denial of service (crash) or
+ gain sensitive information from kernel memory via a samba server (1) returning
+ more data than requested to the smb_proc_read function, (2) returning a data
+ offset from outside the samba packet to the smb_proc_readX function, (3)
+ sending a certain TRANS2 fragmented packet to the smb_receive_trans2 function,
+ (4) sending a samba packet with a certain header size to the
+ smb_proc_readX_data function, or (5) sending a certain packet based offset for
+ the data in a packet to the smb_receive_trans2 function.
Notes:
Bugs:
upstream:
Copied: patch-tracking/CAN-2004-0949 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2004-0949 Mon Nov 21 23:39:25 2005
@@ -1,6 +1,30 @@
-Candidate:
+Candidate: CVE-2004-0949
References:
+ BUGTRAQ:20041117 Advisory 14/2004: Linux 2.x smbfs multiple remote vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110072140811965&w=2
+ MISC:http://security.e-matters.de/advisories/142004.html
+ FEDORA:FLSA:2336
+ URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
+ MANDRAKE:MDKSA-2005:022
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ REDHAT:RHSA-2004:537
+ URL:http://www.redhat.com/support/errata/RHSA-2004-537.html
+ TRUSTIX:2004-0061
+ URL:http://www.trustix.org/errata/2004/0061/
+ UBUNTU:USN-30-1
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110082989725345&w=2
+ XF:linux-smbrecvtrans2-memory-leak(18137)
+ URL:http://xforce.iss.net/xforce/xfdb/18137
+ BID:11695
+ URL:http://www.securityfocus.com/bid/11695
+ SECUNIA:13232
+ URL:http://secunia.com/advisories/13232/
Description:
+ The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux
+ kernel 2.4 and 2.6 does not properly handle the re-assembly of fragmented
+ packets correctly, which could allow remote samba servers to (1) read
+ arbitrary kernel information or (2) raise a counter value to an arbitrary
+ number by sending the first part of the fragmented packet multiple times.
Notes:
Bugs:
upstream:
Copied: patch-tracking/CAN-2004-1016 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2004-1016 Mon Nov 21 23:39:25 2005
@@ -1,13 +1,32 @@
-Candidate:
+Candidate: CVE-2004-1016
References:
+ VULNWATCH:20041214 Linux kernel scm_send local DoS
+ MISC:http://isec.pl/vulnerabilities/isec-0019-scm.txt
+ UBUNTU:USN-38-1
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110306397320336&w=2
+ FEDORA:FLSA:2336
+ URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
+ MANDRAKE:MDKSA-2005:022
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ REDHAT:RHSA-2004:689
+ URL:http://www.redhat.com/support/errata/RHSA-2004-689.html
+ XF:linux-scmsend-dos(18483)
+ URL:http://xforce.iss.net/xforce/xfdb/18483
Description:
+ The scm_send function in the scm layer for Linux kernel 2.4.x up to 2.4.28,
+ and 2.6.x up to 2.6.9, allows local users to cause a denial of service (system
+ hang) via crafted auxiliary messages that are passed to the sendmsg function,
+ which causes a deadlock condition.
Notes:
+ dannf> 2.4.27 has a reference to CAN-2004-1016 in the changelog, but it looks
+ like it referred to the wrong issue - our 2.4.27 may still be
+ vulnerable.
Bugs:
upstream:
-2.6.14:
-2.6.8-sarge-security:
+2.6.14: N/A
+2.6.8-sarge-security: released (2.6.8-11) [scm_send-dos-fix.dpatch, scm_send-dos-fix2.dpatch]
2.4.27-sarge-security:
-2.6.8:
+2.6.8: released (2.6.8-11) [scm_send-dos-fix.dpatch, scm_send-dos-fix2.dpatch]
2.4.19-woody-security:
2.4.18-woody-security:
2.4.17-woody-security:
Copied: patch-tracking/CAN-2004-1017 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2004-1017 Mon Nov 21 23:39:25 2005
@@ -1,12 +1,20 @@
-Candidate:
+Candidate: CVS-2004-1017
References:
+ FEDORA:FLSA:2336
+ URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
+ REDHAT:RHSA-2004:689
+ URL:http://www.redhat.com/support/errata/RHSA-2004-689.html
+ XF:linux-ioedgeport-bo(18433)
+ URL:http://xforce.iss.net/xforce/xfdb/18433
Description:
+ Multiple "overflows" in the io_edgeport driver for Linux kernel 2.4.x have
+ unknown impact and unknown attack vectors.
Notes:
Bugs:
upstream:
2.6.14:
2.6.8-sarge-security:
-2.4.27-sarge-security:
+2.4.27-sarge-security: released (2.4.27-9) [137_io_edgeport_overflow.diff]
2.6.8:
2.4.19-woody-security:
2.4.18-woody-security:
Copied: patch-tracking/CAN-2004-1056 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2004-1056 Mon Nov 21 23:39:25 2005
@@ -1,13 +1,24 @@
-Candidate:
+Candidate: CVE-2004-1056
References:
+ UBUNTU:USN-38-1
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110306397320336&w=2
+ FEDORA:FLSA:2336
+ URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
+ REDHAT:RHSA-2005:092
+ URL:http://www.redhat.com/support/errata/RHSA-2005-092.html
+ XF:linux-i810-dma-dos(15972)
+ URL:http://xforce.iss.net/xforce/xfdb/15972
Description:
+ Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does not properly
+ check the DMA lock, which could allow remote attackers or local users to cause
+ a denial of service (X Server crash) and possibly modify the video output.
Notes:
Bugs:
upstream:
2.6.14:
-2.6.8-sarge-security:
-2.4.27-sarge-security:
-2.6.8:
+2.6.8-sarge-security: released (2.6.8-11) [drm-locking-fixes.dpatch]
+2.4.27-sarge-security: released (2.4.27-8) [121_drm-locking-checks-1.diff, 121_drm-locking-checks-2.diff]
+2.6.8: released (2.6.8-11) [drm-locking-fixes.dpatch]
2.4.19-woody-security:
2.4.18-woody-security:
2.4.17-woody-security:
Copied: patch-tracking/CAN-2004-1057 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2004-1057 Mon Nov 21 23:39:25 2005
@@ -1,12 +1,21 @@
-Candidate:
+Candidate: CVE-2004-1057
References:
+ MISC:http://www.kernel.org/pub/linux/kernel/people/andrea/kernels/v2.4/2.4.23aa3/00_VM_IO-4
+ REDHAT:RHSA-2005:016
+ URL:http://www.redhat.com/support/errata/RHSA-2005-016.html
+ CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=137821
+ XF:linux-kernel-vmio-dos(19275)
+ URL:http://xforce.iss.net/xforce/xfdb/19275
Description:
+ Multiple drivers in Linux kernel 2.4.19 and earlier do not properly mark
+ memory with the VM_IO flag, which causes incorrect reference counts and may
+ lead to a denial of service (kernel panic) when accessing freed kernel pages.
Notes:
Bugs:
upstream:
2.6.14:
2.6.8-sarge-security:
-2.4.27-sarge-security:
+2.4.27-sarge-security: released (2.4.27-10) [165_VM_IO.diff]
2.6.8:
2.4.19-woody-security:
2.4.18-woody-security:
Copied: patch-tracking/CAN-2004-1058 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2004-1058 Mon Nov 21 23:39:25 2005
@@ -1,13 +1,25 @@
-Candidate:
+Candidate: CVE-2004-1058
References:
+ FEDORA:FLSA:152532
+ URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532
+ GENTOO:GLSA-200408-24
+ URL:http://www.gentoo.org/security/en/glsa/glsa-200408-24.xml
+ MANDRAKE:MDKSA-2005:022
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ UBUNTU:USN-38-1
+ URL:http://www.ubuntulinux.org/support/documentation/usn/usn-38-1
+ XF:linux-spawning-race-condition(17151)
+ URL:http://xforce.iss.net/xforce/xfdb/17151
Description:
+ Race condition in Linux kernel 2.6 allows local users to read the environment
+ variables of another process that is still spawning via /proc/.../cmdline.
Notes:
Bugs:
upstream:
2.6.14:
-2.6.8-sarge-security:
+2.6.8-sarge-security: released (2.6.8-14) [proc-cmdline-mmput-leak.dpatch]
2.4.27-sarge-security:
-2.6.8:
+2.6.8: released (2.6.8-14) [proc-cmdline-mmput-leak.dpatch]
2.4.19-woody-security:
2.4.18-woody-security:
2.4.17-woody-security:
Copied: patch-tracking/CAN-2004-1070 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2004-1070 Mon Nov 21 23:39:25 2005
@@ -1,13 +1,27 @@
-Candidate:
+Candidate: CVE-2004-1070
References:
+ MISC:http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt
+ FEDORA:FLSA:2336
+ URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
+ MANDRAKE:MDKSA-2005:022
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ REDHAT:RHSA-2004:549
+ URL:http://www.redhat.com/support/errata/RHSA-2004-549.html
+ XF:linux-elf-setuid-gain-privileges(18025)
+ URL:http://xforce.iss.net/xforce/xfdb/18025
Description:
+ The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux
+ kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8 , does not properly check
+ return values from calls to the kernel_read function, which may allow local
+ users to modify sensitive memory in a setuid program and execute arbitrary
+ code.
Notes:
Bugs:
upstream:
2.6.14:
-2.6.8-sarge-security:
-2.4.27-sarge-security:
-2.6.8:
+2.6.8-sarge-security: released (2.6.8-9) [elf-loader-fixes.dpatch, elf-loader-fixes-the-return.dpatch]
+2.4.27-sarge-security: released (2.4.27-6) [097-elf_loader_overflow-1.diff, 097-elf_loader_overflow-2.diff, 097-elf_loader_overflow-3.diff, 097-elf_loader_overflow-4.diff]
+2.6.8: released (2.6.8-9) [elf-loader-fixes.dpatch, elf-loader-fixes-the-return.dpatch]
2.4.19-woody-security:
2.4.18-woody-security:
2.4.17-woody-security:
Copied: patch-tracking/CAN-2004-1071 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2004-1071 Mon Nov 21 23:39:25 2005
@@ -1,13 +1,26 @@
-Candidate:
+Candidate: CVE-2004-1071
References:
+ MISC:http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt
+ FEDORA:FLSA:2336
+ URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
+ MANDRAKE:MDKSA-2005:022
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ REDHAT:RHSA-2004:537
+ URL:http://www.redhat.com/support/errata/RHSA-2004-537.html
+ XF:linux-elf-setuid-gain-privileges(18025)
+ URL:http://xforce.iss.net/xforce/xfdb/18025
Description:
+ The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and
+ 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap
+ function, which causes an incorrect mapped image and may allow local users to
+ execute arbitrary code.
Notes:
Bugs:
upstream:
2.6.14:
-2.6.8-sarge-security:
-2.4.27-sarge-security:
-2.6.8:
+2.6.8-sarge-security: released (2.6.8-9) [elf-loader-fixes.dpatch, elf-loader-fixes-the-return.dpatch]
+2.4.27-sarge-security: released (2.4.27-6) [097-elf_loader_overflow-1.diff, 097-elf_loader_overflow-2.diff, 097-elf_loader_overflow-3.diff, 097-elf_loader_overflow-4.diff]
+2.6.8: released (2.6.8-9) [elf-loader-fixes.dpatch, elf-loader-fixes-the-return.dpatch]
2.4.19-woody-security:
2.4.18-woody-security:
2.4.17-woody-security:
Copied: patch-tracking/CAN-2004-1072 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2004-1072 Mon Nov 21 23:39:25 2005
@@ -1,13 +1,29 @@
-Candidate:
+Candidate: CVE-2004-1072
References:
+ MISC:http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt
+ FEDORA:FLSA:2336
+ URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
+ MANDRAKE:MDKSA-2005:022
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ REDHAT:RHSA-2004:537
+ URL:http://www.redhat.com/support/errata/RHSA-2004-537.html
+ REDHAT:RHSA-2005:275
+ URL:http://www.redhat.com/support/errata/RHSA-2005-275.html
+ XF:linux-elf-setuid-gain-privileges(18025)
+ URL:http://xforce.iss.net/xforce/xfdb/18025
Description:
+ The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and
+ 2.6.x up to 2.6.8, may create an interpreter name string that is not NULL
+ terminated, which could cause strings longer than PATH_MAX to be used, leading
+ to buffer overflows that allow local users to cause a denial of service (hang)
+ and possibly execute arbitrary code.
Notes:
Bugs:
upstream:
2.6.14:
-2.6.8-sarge-security:
-2.4.27-sarge-security:
-2.6.8:
+2.6.8-sarge-security: released (2.6.8-9) [elf-loader-fixes.dpatch, elf-loader-fixes-the-return.dpatch]
+2.4.27-sarge-security: released (2.4.27-6) [097-elf_loader_overflow-1.diff, 097-elf_loader_overflow-2.diff, 097-elf_loader_overflow-3.diff, 097-elf_loader_overflow-4.diff]
+2.6.8: released (2.6.8-9) [elf-loader-fixes.dpatch, elf-loader-fixes-the-return.dpatch]
2.4.19-woody-security:
2.4.18-woody-security:
2.4.17-woody-security:
Copied: patch-tracking/CAN-2004-1073 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2004-1073 Mon Nov 21 23:39:25 2005
@@ -1,13 +1,25 @@
-Candidate:
+Candidate: CVE-2004-1073
References:
+ MISC:http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt
+ FEDORA:FLSA:2336
+ URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
+ MANDRAKE:MDKSA-2005:022
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ REDHAT:RHSA-2004:549
+ URL:http://www.redhat.com/support/errata/RHSA-2004-549.html
+ XF:linux-elf-setuid-gain-privileges(18025)
+ URL:http://xforce.iss.net/xforce/xfdb/18025
Description:
+ The open_exec function in the execve functionality (exec.c) in Linux kernel
+ 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read
+ non-readable ELF binaries by using the interpreter (PT_INTERP) functionality.
Notes:
Bugs:
upstream:
2.6.14:
-2.6.8-sarge-security:
-2.4.27-sarge-security:
-2.6.8:
+2.6.8-sarge-security: released (2.6.8-9) [elf-loader-fixes.dpatch, elf-loader-fixes-the-return.dpatch]
+2.4.27-sarge-security: released (2.4.27-6) [097-elf_loader_overflow-1.diff, 097-elf_loader_overflow-2.diff, 097-elf_loader_overflow-3.diff, 097-elf_loader_overflow-4.diff]
+2.6.8: released (2.6.8-9) [elf-loader-fixes.dpatch, elf-loader-fixes-the-return.dpatch]
2.4.19-woody-security:
2.4.18-woody-security:
2.4.17-woody-security:
Copied: patch-tracking/CAN-2004-1074 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2004-1074 Mon Nov 21 23:39:25 2005
@@ -1,13 +1,30 @@
-Candidate:
+Candidate: CVE-2004-1074
References:
+ MLIST:[linux-kernel] 20041111 a.out issue
+ URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=110021173607372&w=2
+ CONECTIVA:CLA-2005:930
+ URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
+ FEDORA:FLSA:2336
+ URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
+ MANDRAKE:MDKSA-2005:022
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ TRUSTIX:2005-0001
+ URL:http://www.trustix.org/errata/2005/0001/
+ BUGTRAQ:20041216 [USN-39-1] Linux amd64 kernel vulnerability
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110322596918807&w=2
+ XF:linux-aout-binary-dos(18290)
+ URL:http://xforce.iss.net/xforce/xfdb/18290
Description:
+ The binfmt functionality in the Linux kernel, when "memory overcommit" is
+ enabled, allows local users to cause a denial of service (kernel oops) via a
+ malformed a.out binary.
Notes:
Bugs:
upstream:
2.6.14:
-2.6.8-sarge-security:
-2.4.27-sarge-security:
-2.6.8:
+2.6.8-sarge-security: released (2.6.8-11) [binfmt-huge-vma-dos.dpatch, binfmt-huge-vma-dos2.dpatch]
+2.4.27-sarge-security: released (2.4.27-7) [114-binfmt_aout-CAN-2004-1074.diff]
+2.6.8: released (2.6.8-11) [binfmt-huge-vma-dos.dpatch, binfmt-huge-vma-dos2.dpatch]
2.4.19-woody-security:
2.4.18-woody-security:
2.4.17-woody-security:
Copied: patch-tracking/CAN-2004-1137 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2004-1137 Mon Nov 21 23:39:25 2005
@@ -1,13 +1,36 @@
-Candidate:
+Candidate: CVE-2004-1137
References:
+ VULNWATCH:20041214 Linux kernel IGMP vulnerabilities
+ BUGTRAQ:20041214 Linux kernel IGMP vulnerabilities
+ MISC:http://isec.pl/vulnerabilities/isec-0018-igmp.txt
+ CONECTIVA:CLA-2005:930
+ URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
+ FEDORA:FLSA:2336
+ URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
+ MANDRAKE:MDKSA-2005:022
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ REDHAT:RHSA-2005:092
+ URL:http://www.redhat.com/support/errata/RHSA-2005-092.html
+ BUGTRAQ:20041214 [USN-38-1] Linux kernel vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110306397320336&w=2
+ XF:linux-igmpmarksources-dos(18482)
+ URL:http://xforce.iss.net/xforce/xfdb/18482
+ XF:linux-ipmcsource-code-execution(18481)
+ URL:http://xforce.iss.net/xforce/xfdb/18481
Description:
+ Multiple vulnerabilities in the IGMP functionality for Linux kernel 2.4.22 to
+ 2.4.28, and 2.6.x to 2.6.9, allow local and remote attackers to cause a denial
+ of service or execute arbitrary code via (1) the ip_mc_source function, which
+ decrements a counter to -1, or (2) the igmp_marksources function, which does
+ not properly validate IGMP message parameters and performs an out-of-bounds
+ read.
Notes:
Bugs:
upstream:
-2.6.14:
-2.6.8-sarge-security:
-2.4.27-sarge-security:
-2.6.8:
+2.6.14: N/A
+2.6.8-sarge-security: released (2.6.8-11) [igmp-src-list-fix.dpatch]
+2.4.27-sarge-security: released (2.4.27-7) [117-igmp-source-filter-fixes.patch]
+2.6.8: released (2.6.8-11) [igmp-src-list-fix.dpatch]
2.4.19-woody-security:
2.4.18-woody-security:
2.4.17-woody-security:
Copied: patch-tracking/CAN-2004-1144 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2004-1144 Mon Nov 21 23:39:25 2005
@@ -1,12 +1,20 @@
-Candidate:
+Candidate: CVE-2004-1144
References:
+ REDHAT:RHSA-2004:689
+ URL:http://www.redhat.com/support/errata/RHSA-2004-689.html
+ SUSE:SUSE-SA:2004:046
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110376890429798&w=2
+ XF:linux-32bit-emulation-gain-privileges(18686)
+ URL:http://xforce.iss.net/xforce/xfdb/18686
Description:
+ Unknown vulnerability in the 32bit emulation code in Linux 2.4 on AMD64
+ systems allows local users to gain privileges.
Notes:
Bugs:
upstream:
2.6.14:
2.6.8-sarge-security:
-2.4.27-sarge-security:
+2.4.27-sarge-security: released (2.4.27-9) [138_amd64_syscall_vuln.diff]
2.6.8:
2.4.19-woody-security:
2.4.18-woody-security:
Copied: patch-tracking/CAN-2004-1151 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2004-1151 Mon Nov 21 23:39:25 2005
@@ -1,13 +1,24 @@
-Candidate:
+Candidate: CVE-2004-1151
References:
+ MLIST:[linux-kernel] 20041130 Buffer overrun in arch/x86_64/sys_ia32.c:sys32_ni_syscall()
+ URL:http://www.ussg.iu.edu/hypermail/linux/kernel/0411.3/1467.html
+ MISC:http://linux.bkbits.net:8080/linux-2.6/cset@1.2079
+ MISC:http://linux.bkbits.net:8080/linux-2.6/gnupatch@41ae6af1cR3mJYlW6D8EHxCKSxuJiQ
+ MANDRAKE:MDKSA-2005:022
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ BUGTRAQ:20041214 [USN-38-1] Linux kernel vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110306397320336&w=2
Description:
+ Multiple buffer overflows in the (1) sys32_ni_syscall and (2)
+ sys32_vm86_warning functions in sys_ia32.c for Linux 2.6.x may allow local
+ attackers to modify kernel memory and gain privileges.
Notes:
Bugs:
upstream:
2.6.14:
-2.6.8-sarge-security:
+2.6.8-sarge-security: released (2.6.8-11) [arch-x86_64-sys32_ni-overflow.dpatch]
2.4.27-sarge-security:
-2.6.8:
+2.6.8: released (2.6.8-11) [arch-x86_64-sys32_ni-overflow.dpatch]
2.4.19-woody-security:
2.4.18-woody-security:
2.4.17-woody-security:
Copied: patch-tracking/CAN-2004-1234 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2004-1234 Mon Nov 21 23:39:25 2005
@@ -1,6 +1,19 @@
-Candidate:
+Candidate: CVE-2004-1234
References:
+ FEDORA:FLSA:2336
+ URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
+ REDHAT:RHSA-2004:689
+ URL:http://www.redhat.com/support/errata/RHSA-2004-689.html
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.4/cset@4076466d_SqUm4azg4_v3FIG2-X6XQ
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.4/cset@4076466d_SqUm4azg4_v3FIG2-X6XQ
+ CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=142965
+ BID:12101
+ URL:http://www.securityfocus.com/bid/12101
+ XF:linux-loadelfbinary-dos(18687)
+ URL:http://xforce.iss.net/xforce/xfdb/18687
Description:
+ load_elf_binary in Linux before 2.4.26 allows local users to cause a denial of
+ service (system crash) via an ELF binary in which the interpreter is NULL.
Notes:
Bugs:
upstream:
Copied: patch-tracking/CAN-2004-1235 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2004-1235 Mon Nov 21 23:39:25 2005
@@ -1,13 +1,40 @@
-Candidate:
+Candidate: CVE-2004-1235
References:
+ BUGTRAQ:20050107 Linux kernel sys_uselib local root vulnerability
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110512575901427&w=2
+ MISC:http://isec.pl/vulnerabilities/isec-0021-uselib.txt
+ CONECTIVA:CLA-2005:930
+ URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
+ FEDORA:FEDORA-2005-013
+ URL:http://www.securityfocus.com/advisories/7806
+ FEDORA:FEDORA-2005-014
+ URL:http://www.securityfocus.com/advisories/7805
+ FEDORA:FLSA:2336
+ URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
+ MANDRAKE:MDKSA-2005:022
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ REDHAT:RHSA-2005:043
+ URL:http://www.redhat.com/support/errata/RHSA-2005-043.html
+ REDHAT:RHSA-2005:092
+ URL:http://www.redhat.com/support/errata/RHSA-2005-092.html
+ TRUSTIX:2005-0001
+ URL:http://www.trustix.org/errata/2005/0001/
+ CONFIRM:http://www.securityfocus.com/advisories/7804
+ BID:12190
+ URL:http://www.securityfocus.com/bid/12190
+ XF:linux-uselib-gain-privileges(18800)
+ URL:http://xforce.iss.net/xforce/xfdb/18800
Description:
+ Race condition in the (1) load_elf_library and (2) binfmt_aout function calls
+ for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows
+ local users to execute arbitrary code by manipulating the VMA descriptor.
Notes:
Bugs:
upstream:
2.6.14:
-2.6.8-sarge-security:
-2.4.27-sarge-security:
-2.6.8:
+2.6.8-sarge-security: released (2.6.8-12) [028-do_brk_security_fixes.dpatch]
+2.4.27-sarge-security: released (2.4.27-8) [122_sec_brk-locked.diff]
+2.6.8: released (2.6.8-12) [028-do_brk_security_fixes.dpatch]
2.4.19-woody-security:
2.4.18-woody-security:
2.4.17-woody-security:
Copied: patch-tracking/CAN-2004-1333 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2004-1333 Mon Nov 21 23:39:25 2005
@@ -1,13 +1,29 @@
-Candidate:
+Candidate: CVE-2004-1333
References:
+ FULLDISC:20041215 fun with linux kernel
+ URL:http://www.securitytrap.com/mail/full-disclosure/2004/Dec/0323.html
+ MISC:http://www.guninski.com/where_do_you_want_billg_to_go_today_2.html
+ FEDORA:FLSA:152532
+ URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532
+ SUSE:SUSE-SA:2005:018
+ URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html
+ UBUNTU:USN-47-1
+ URL:http://www.ubuntulinux.org/support/documentation/usn/usn-47-1
+ BID:11956
+ URL:http://www.securityfocus.com/bid/11956
+ XF:linux-vcresize-dos(18523)
+ URL:http://xforce.iss.net/xforce/xfdb/18523
Description:
+ Integer overflow in the vc_resize function in the Linux kernel 2.4 and 2.6
+ before 2.6.10 allows local users to cause a denial of service (kernel crash)
+ via a short new screen value, which leads to a buffer overflow.
Notes:
Bugs:
upstream:
2.6.14:
-2.6.8-sarge-security:
-2.4.27-sarge-security:
-2.6.8:
+2.6.8-sarge-security: released (2.6.8-11) [vt-of-death.dpatch]
+2.4.27-sarge-security: released (2.4.27-9) [136_vc_resizing_overflow.diff]
+2.6.8: released (2.6.8-11) [vt-of-death.dpatch]
2.4.19-woody-security:
2.4.18-woody-security:
2.4.17-woody-security:
Copied: patch-tracking/CAN-2004-1335 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2004-1335 Mon Nov 21 23:39:25 2005
@@ -1,13 +1,25 @@
-Candidate:
+Candidate: CVE-2004-1335
References:
+ FULLDISC:20041215 fun with linux kernel
+ URL:http://www.securitytrap.com/mail/full-disclosure/2004/Dec/0323.html
+ MISC:http://www.guninski.com/where_do_you_want_billg_to_go_today_2.html
+ BUGTRAQ:20041215 [USN-47-1] Linux kernel vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110383108211524&w=2
+ BID:11956
+ URL:http://www.securityfocus.com/bid/11956
+ XF:linux-ipoptionsget-memory-leak(18524)
+ URL:http://xforce.iss.net/xforce/xfdb/18524
Description:
+ Memory leak in the ip_options_get function in the Linux kernel before 2.6.10
+ allows local users to cause a denial of service (memory consumption) by
+ repeatedly calling the ip_cmsg_send function.
Notes:
Bugs:
-upstream:
-2.6.14:
-2.6.8-sarge-security:
-2.4.27-sarge-security:
-2.6.8:
+upstream: released (2.6.10)
+2.6.14: N/A
+2.6.8-sarge-security: released (2.6.8-11) [fix-ip-options-leak.dpatch]
+2.4.27-sarge-security: released (2.4.27-9) [135_fix_ip_options_leak.diff]
+2.6.8: released (2.6.8-11) [fix-ip-options-leak.dpatch]
2.4.19-woody-security:
2.4.18-woody-security:
2.4.17-woody-security:
Copied: patch-tracking/CAN-2004-1337 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2004-1337 Mon Nov 21 23:39:25 2005
@@ -1,13 +1,24 @@
Candidate:
References:
+ BUGTRAQ:20041223 Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110384535113035&w=2
+ CONECTIVA:CLA-2005:930
+ URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
+ BID:12093
+ URL:http://www.securityfocus.com/bid/12093
+ XF:linux-security-module-gain-privileges(18673)
+ URL:http://xforce.iss.net/xforce/xfdb/18673
Description:
+ The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 does not
+ properly handle the credentials of a process that is launched before the
+ module is loaded, which allows local users to gain privileges.
Notes:
Bugs:
upstream:
2.6.14:
-2.6.8-sarge-security:
+2.6.8-sarge-security: released (2.6.8-14) [025-track_dummy_capability.dpatch, 027-track_dummy_capability.dpatch]
2.4.27-sarge-security:
-2.6.8:
+2.6.8: released (2.6.8-14) [025-track_dummy_capability.dpatch, 027-track_dummy_capability.dpatch]
2.4.19-woody-security:
2.4.18-woody-security:
2.4.17-woody-security:
Copied: patch-tracking/CAN-2005-0001 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2005-0001 Mon Nov 21 23:39:25 2005
@@ -1,13 +1,39 @@
-Candidate:
+Candidate: CVE-2005-0001
References:
+ BUGTRAQ:20050112 Linux kernel i386 SMP page fault handler privilege escalation
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110554694522719&w=2
+ FULLDISC:20050112 Linux kernel i386 SMP page fault handler privilege escalation
+ URL:http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030826.html
+ MISC:http://isec.pl/vulnerabilities/isec-0022-pagefault.txt
+ CONECTIVA:CLA-2005:930
+ URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
+ FEDORA:FLSA:2336
+ URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
+ MANDRAKE:MDKSA-2005:022
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ REDHAT:RHSA-2005:043
+ URL:http://www.redhat.com/support/errata/RHSA-2005-043.html
+ REDHAT:RHSA-2005:092
+ URL:http://www.redhat.com/support/errata/RHSA-2005-092.html
+ TRUSTIX:2005-0001
+ URL:http://www.trustix.org/errata/2005/0001/
+ BUGTRAQ:20050114 [USN-60-0] Linux kernel vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110581146702951&w=2
+ XF:linux-fault-handler-gain-privileges(18849)
+ URL:http://xforce.iss.net/xforce/xfdb/18849
Description:
+ Race condition in the page fault handler (fault.c) for Linux kernel 2.2.x to
+ 2.2.7, 2.4 to 2.4.29, and 2.6 to 2.6.10, when running on multiprocessor
+ machines, allows local users to execute arbitrary code via concurrent threads
+ that share the same virtual memory space and simultaneously request stack
+ expansion.
Notes:
Bugs:
upstream:
2.6.14:
-2.6.8-sarge-security:
-2.4.27-sarge-security:
-2.6.8:
+2.6.8-sarge-security: released (2.6.8-13) [034-stack_resize_exploit.dpatch]
+2.4.27-sarge-security: released (2.4.27-8) [131_expand_stack_race.diff]
+2.6.8: released (2.6.8-13) [034-stack_resize_exploit.dpatch]
2.4.19-woody-security:
2.4.18-woody-security:
2.4.17-woody-security:
Copied: patch-tracking/CAN-2005-0003 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2005-0003 Mon Nov 21 23:39:25 2005
@@ -1,12 +1,30 @@
-Candidate:
+Candidate: CVE-2005-0003
References:
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.4/cset@41c36fb6q1Z68WUzKQFjJR-40Ev3tw
+ MANDRAKE:MDKSA-2005:022
+ URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
+ REDHAT:RHSA-2005:043
+ URL:http://www.redhat.com/support/errata/RHSA-2005-043.html
+ SUSE:SUSE-SA:2005:018
+ URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html
+ TRUSTIX:2005-0001
+ URL:http://www.trustix.org/errata/2005/0001/
+ MISC:http://linux.bkbits.net:8080/linux-2.6/cset@41a6721cce-LoPqkzKXudYby_3TUmg
+ BID:12261
+ URL:http://www.securityfocus.com/bid/12261
+ XF:linux-vma-gain-privileges(18886)
+ URL:http://xforce.iss.net/xforce/xfdb/18886
Description:
+ The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit
+ architectures, does not properly check for overlapping VMA (virtual memory
+ address) allocations, which allows local users to cause a denial of service
+ (system crash) or execute arbitrary code via a crafted ELF or a.out file.
Notes:
Bugs:
-upstream:
-2.6.14:
+upstream: released (2.6.10)
+2.6.14: N/A
2.6.8-sarge-security:
-2.4.27-sarge-security:
+2.4.27-sarge-security: released (2.4.27-9) [145_insert_vm_struct-no-BUG.patch]
2.6.8:
2.4.19-woody-security:
2.4.18-woody-security:
Copied: patch-tracking/CAN-2005-0135 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2005-0135 Mon Nov 21 23:39:25 2005
@@ -1,13 +1,24 @@
-Candidate:
+Candidate: CVE-2005-0135
References:
+ REDHAT:RHSA-2005:284
+ URL:http://www.redhat.com/support/errata/RHSA-2005-284.html
+ REDHAT:RHSA-2005:366
+ URL:http://www.redhat.com/support/errata/RHSA-2005-366.html
+ CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=148868
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@41f2beablXVnAs_6fznhhITh1j5hZg
+ SECUNIA:15019
+ URL:http://secunia.com/advisories/15019
Description:
+ The unw_unwind_to_user function in unwind.c on Itanium (ia64) architectures in
+ Linux kernel 2.6 allows local users to cause a denial of service (system
+ crash).
Notes:
Bugs:
upstream:
2.6.14:
-2.6.8-sarge-security:
+2.6.8-sarge-security: released (2.6.8-14) [ia64-unwind-fix.dpatch]
2.4.27-sarge-security:
-2.6.8:
+2.6.8: released (2.6.8-14) [ia64-unwind-fix.dpatch]
2.4.19-woody-security:
2.4.18-woody-security:
2.4.17-woody-security:
Copied: patch-tracking/CAN-2005-0136 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2005-0136 Mon Nov 21 23:39:25 2005
@@ -1,13 +1,14 @@
-Candidate:
+Candidate: CVE-2005-0136
References:
+ ** RESERVED **
Description:
Notes:
Bugs:
upstream:
2.6.14:
-2.6.8-sarge-security:
+2.6.8-sarge-security: released (2.6.8-14) [ia64-ptrace-fixes.dpatch, ia64-ptrace-speedup.dpatch]
2.4.27-sarge-security:
-2.6.8:
+2.6.8: released (2.6.8-14) [ia64-ptrace-fixes.dpatch, ia64-ptrace-speedup.dpatch]
2.4.19-woody-security:
2.4.18-woody-security:
2.4.17-woody-security:
Copied: patch-tracking/CAN-2005-0137 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2005-0137 Mon Nov 21 23:39:25 2005
@@ -1,12 +1,18 @@
-Candidate:
+Candidate: CVE-2005-0137
References:
+ REDHAT:RHSA-2005:284
+ URL:http://www.redhat.com/support/errata/RHSA-2005-284.html
+ REDHAT:RHSA-2005:293
+ URL:http://www.redhat.com/support/errata/RHSA-2005-293.html
Description:
+ Linux kernel 2.6 on Itanium (ia64) architectures allows local users to cause a
+ denial of service via a "missing Itanium syscall table entry."
Notes:
Bugs:
upstream:
2.6.14:
2.6.8-sarge-security:
-2.4.27-sarge-security:
+2.4.27-sarge-security: released (2.4.27-10) [165_arch-ia64-kernel-missing-sysctl.diff]
2.6.8:
2.4.19-woody-security:
2.4.18-woody-security:
Copied: patch-tracking/CAN-2005-0177 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2005-0177 Mon Nov 21 23:39:25 2005
@@ -1,13 +1,22 @@
-Candidate:
+Candidate: CVE-2005-0177
References:
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@41e2bfbeOiXFga62XrBhzm7Kv9QDmQ
+ CONECTIVA:CLA-2005:930
+ URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
+ REDHAT:RHSA-2005:092
+ URL:http://www.redhat.com/support/errata/RHSA-2005-092.html
+ BUGTRAQ:20050215 [USN-82-1] Linux kernel vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=110846102231365&w=2
Description:
+ nls_ascii.c in Linux before 2.6.8.1 uses an incorrect table size, which allows
+ attackers to cause a denial of service (kernel crash) via a buffer overflow.
Notes:
Bugs:
-upstream:
+upstream: released (2.6.8.1)
2.6.14:
-2.6.8-sarge-security:
+2.6.8-sarge-security: released (2.6.8-14) [nls-table-overflow.dpatch]
2.4.27-sarge-security:
-2.6.8:
+2.6.8: released (2.6.8-14) [nls-table-overflow.dpatch]
2.4.19-woody-security:
2.4.18-woody-security:
2.4.17-woody-security:
Copied: patch-tracking/CAN-2005-0178 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2005-0178 Mon Nov 21 23:39:25 2005
@@ -1,13 +1,23 @@
-Candidate:
+Candidate: CVE-2005-0178
References:
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@41ddda70CWJb5nNL71T4MOlG2sMG8A
+ CONECTIVA:CLA-2005:930
+ URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
+ REDHAT:RHSA-2005:092
+ URL:http://www.redhat.com/support/errata/RHSA-2005-092.html
+ BUGTRAQ:20050215 [USN-82-1] Linux kernel vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=110846102231365&w=2
Description:
+ Race condition in the setsid function in Linux before 2.6.8.1 allows local
+ users to cause a denial of service (crash) and possibly access portions of
+ kernel memory, related to TTY changes, locking, and semaphores.
Notes:
Bugs:
-upstream:
+upstream: released (2.6.8.1)
2.6.14:
-2.6.8-sarge-security:
+2.6.8-sarge-security: released (2.6.8-14) [setsid-race.dpatch]
2.4.27-sarge-security:
-2.6.8:
+2.6.8: released (2.6.8-14) [setsid-race.dpatch]
2.4.19-woody-security:
2.4.18-woody-security:
2.4.17-woody-security:
Copied: patch-tracking/CAN-2005-0204 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2005-0204 Mon Nov 21 23:39:25 2005
@@ -1,13 +1,18 @@
-Candidate:
+Candidate: CVE-2005-0204
References:
+ REDHAT:RHSA-2005:092
+ URL:http://www.redhat.com/support/errata/RHSA-2005-092.html
Description:
+ Linux kernel before 2.6.9, when running on the AMD64 and Intel EM64T
+ architectures, allows local users to write to privileged IO ports via the OUTS
+ instruction.
Notes:
-Bugs:
+Bugs: 296700
upstream:
-2.6.14:
-2.6.8-sarge-security:
-2.4.27-sarge-security:
-2.6.8:
+2.6.14: N/A
+2.6.8-sarge-security: released (2.6.8-14) [outs.dpatch]
+2.4.27-sarge-security: released (2.4.27-9) [143_outs.diff]
+2.6.8: released (2.6.8-14) [outs.dpatch]
2.4.19-woody-security:
2.4.18-woody-security:
2.4.17-woody-security:
Copied: patch-tracking/CAN-2005-0207 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2005-0207 Mon Nov 21 23:39:25 2005
@@ -1,13 +1,21 @@
-Candidate:
+Candidate: CVE-2005-0207
References:
+ CONECTIVA:CLA-2005:930
+ URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000930
+ SUSE:SUSE-SA:2005:003
+ URL:http://www.securityfocus.com/advisories/7880
+ BID:12330
+ URL:http://www.securityfocus.com/bid/12330
Description:
+ Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows NFS
+ clients to cause a denial of service via O_DIRECT.
Notes:
Bugs:
upstream:
2.6.14:
-2.6.8-sarge-security:
+2.6.8-sarge-security: released (2.6.8-14) [nfs-O_DIRECT-fix.dpatch]
2.4.27-sarge-security:
-2.6.8:
+2.6.8: released (2.6.8-14) [nfs-O_DIRECT-fix.dpatch]
2.4.19-woody-security:
2.4.18-woody-security:
2.4.17-woody-security:
Copied: patch-tracking/CAN-2005-0209 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2005-0209 Mon Nov 21 23:39:25 2005
@@ -1,13 +1,21 @@
-Candidate:
+Candidate: CVE-2005-0209
References:
+ BUGTRAQ:20050315 [USN-95-1] Linux kernel vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111091402626556&w=2
+ CONECTIVA:CLA-2005:945
+ URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000945
+ SUSE:SUSE-SA:2005:018
+ URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html
Description:
+ Netfilter in Linux kernel 2.6.8.1 allows remote attackers to cause a denial of
+ service (kernel crash) via crafted IP packet fragments.
Notes:
Bugs:
upstream:
2.6.14:
-2.6.8-sarge-security:
-2.4.27-sarge-security:
-2.6.8:
+2.6.8-sarge-security: released (2.6.8-14) [skb-reset-ip_summed.dpatch]
+2.4.27-sarge-security: released (2.4.27-9) [134_skb_reset_ip_summed.diff]
+2.6.8: released (2.6.8-14) [skb-reset-ip_summed.dpatch]
2.4.19-woody-security:
2.4.18-woody-security:
2.4.17-woody-security:
Copied: patch-tracking/CAN-2005-0210 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2005-0210 Mon Nov 21 23:39:25 2005
@@ -1,13 +1,22 @@
-Candidate:
+Candidate: CVE-2005-0210
References:
+ BUGTRAQ:20050315 [USN-95-1] Linux kernel vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111091402626556&w=2
+ CONECTIVA:CLA-2005:945
+ URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000945
+ SUSE:SUSE-SA:2005:018
+ URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html
Description:
+ Netfilter in the Linux kernel 2.6.8.1 allows local users to cause a denial of
+ service (memory consumption) via certain packet fragments that are reassembled
+ twice, which causes a data structure to be allocated twice.
Notes:
Bugs:
upstream:
2.6.14:
-2.6.8-sarge-security:
-2.4.27-sarge-security:
-2.6.8:
+2.6.8-sarge-security: released (2.6.8-15) [ip_copy_metadata_leak.dpatch, ip6_copy_metadata_leak.dpatch]
+2.4.27-sarge-security: released (2.4.27-9) [146_ip6_copy_metadata_leak.diff, 147_ip_copy_metadata_leak.diff]
+2.6.8: released (2.6.8-15) [ip_copy_metadata_leak.dpatch, ip6_copy_metadata_leak.dpatch]
2.4.19-woody-security:
2.4.18-woody-security:
2.4.17-woody-security:
Copied: patch-tracking/CAN-2005-0384 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2005-0384 Mon Nov 21 23:39:25 2005
@@ -1,13 +1,28 @@
-Candidate:
+Candidate: CVE-2005-0384
References:
+ FEDORA:FLSA:152532
+ URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532
+ REDHAT:RHSA-2005:283
+ URL:http://www.redhat.com/support/errata/RHSA-2005-283.html
+ REDHAT:RHSA-2005:284
+ URL:http://www.redhat.com/support/errata/RHSA-2005-284.html
+ SUSE:SUSE-SA:2005:018
+ URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html
+ TRUSTIX:2005-0009
+ URL:http://www.trustix.org/errata/2005/0009/
+ UBUNTU:USN-95-1
+ URL:http://www.ubuntulinux.org/support/documentation/usn/usn-95-1
Description:
+ Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 allows
+ remote attackers to cause a denial of service (kernel crash) via a pppd
+ client.
Notes:
Bugs:
upstream:
2.6.14:
-2.6.8-sarge-security:
-2.4.27-sarge-security:
-2.6.8:
+2.6.8-sarge-security: released (2.6.8-15) [drivers-net-ppp_async-fix-dos.dpatch]
+2.4.27-sarge-security: released (2.4.27-9) [153_ppp_async_dos.diff]
+2.6.8: released (2.6.8-15) [drivers-net-ppp_async-fix-dos.dpatch]
2.4.19-woody-security:
2.4.18-woody-security:
2.4.17-woody-security:
Copied: patch-tracking/CAN-2005-0400 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2005-0400 Mon Nov 21 23:39:25 2005
@@ -1,13 +1,29 @@
-Candidate:
+Candidate: CVE-2005-0400
References:
+ BUGTRAQ:20050401 Information leak in the Linux kernel ext2 implementation
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111238764720696&w=2
+ MISC:http://arkoon.net/advisories/ext2-make-empty-leak.txt
+ FEDORA:FLSA:152532
+ URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532
+ UBUNTU:USN-103-1
+ URL:http://www.ubuntulinux.org/support/documentation/usn/usn-103-1
+ XF:kernel-ext2-information-disclosure(19866)
+ URL:http://xforce.iss.net/xforce/xfdb/19866
+ CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.6
+ SECUNIA:14713
+ URL:http://secunia.com/advisories/14713/
Description:
+ The ext2_make_empty function call in the Linux kernel before 2.6.11.6 does not
+ properly initialize memory when creating a block for a new directory entry,
+ which allows local users to obtain potentially sensitive information by
+ reading the block.
Notes:
-Bugs:
-upstream:
+Bugs: 301799
+upstream: released (2.6.11.6)
2.6.14:
-2.6.8-sarge-security:
-2.4.27-sarge-security:
-2.6.8:
+2.6.8-sarge-security: released (2.6.8-16) [fs-ext2-info-leak.dpatch]
+2.4.27-sarge-security: released (2.4.27-10) [156_fs-ext2-info-leak.diff]
+2.6.8: released (2.6.8-16) [fs-ext2-info-leak.dpatch]
2.4.19-woody-security:
2.4.18-woody-security:
2.4.17-woody-security:
Copied: patch-tracking/CAN-2005-0529 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2005-0529 Mon Nov 21 23:39:25 2005
@@ -1,13 +1,27 @@
-Candidate:
+Candidate: CVE-2005-0529
References:
+ FULLDISC:20050215 linux kernel 2.6 fun. windoze is a joke
+ URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=110846727602817&w=2
+ MISC:http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@4201818eC6aMn0x3GY_9rw3ueb2ZWQ
+ CONECTIVA:CLA-2005:930
+ URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
+ SUSE:SUSE-SA:2005:018
+ URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html
+ BUGTRAQ:20050315 [USN-95-1] Linux kernel vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111091402626556&w=2
Description:
+ Linux kernel 2.6.10 and 2.6.11rc1-bk6 uses different size types for offset
+ arguments to the proc_file_read and locks_read_proc functions, which leads to
+ a heap-based buffer overflow when a signed comparison causes negative integers
+ to be used in a positive context.
Notes:
Bugs:
upstream:
2.6.14:
-2.6.8-sarge-security:
+2.6.8-sarge-security: released (2.6.8-14) [115-proc_file_read_nbytes_signedness_fix.dpatch]
2.4.27-sarge-security:
-2.6.8:
+2.6.8: released (2.6.8-14) [115-proc_file_read_nbytes_signedness_fix.dpatch]
2.4.19-woody-security:
2.4.18-woody-security:
2.4.17-woody-security:
Copied: patch-tracking/CAN-2005-0530 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2005-0530 Mon Nov 21 23:39:25 2005
@@ -1,13 +1,26 @@
-Candidate:
+Candidate: CVE-2005-0530
References:
+ FULLDISC:20050215 linux kernel 2.6 fun. windoze is a joke
+ URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=110846727602817&w=2
+ MISC:http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@420181322LZmhPTewcCOLkubGwOL3w
+ CONECTIVA:CLA-2005:930
+ URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
+ SUSE:SUSE-SA:2005:018
+ URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html
+ BUGTRAQ:20050315 [USN-95-1] Linux kernel vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111091402626556&w=2
Description:
+ Signedness error in the copy_from_read_buf function in n_tty.c for Linux
+ kernel 2.6.10 and 2.6.11rc1 allows local users to read kernel memory via a
+ negative argument.
Notes:
Bugs:
upstream:
2.6.14:
-2.6.8-sarge-security:
+2.6.8-sarge-security: released (2.6.8-14) [116-n_tty_copy_from_read_buf_signedness_fixes.dpatch]
2.4.27-sarge-security:
-2.6.8:
+2.6.8: released (2.6.8-14) [116-n_tty_copy_from_read_buf_signedness_fixes.dpatch]
2.4.19-woody-security:
2.4.18-woody-security:
2.4.17-woody-security:
Copied: patch-tracking/CAN-2005-0531 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2005-0531 Mon Nov 21 23:39:25 2005
@@ -1,13 +1,24 @@
-Candidate:
+Candidate: CVE-2005-0531
References:
+ FULLDISC:20050215 linux kernel 2.6 fun. windoze is a joke
+ URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=110846727602817&w=2
+ MISC:http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/gnupatch@4208e1fcfccuD-eH2OGM5mBhihmQ3A
+ CONECTIVA:CLA-2005:930
+ URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
+ BUGTRAQ:20050315 [USN-95-1] Linux kernel vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111091402626556&w=2
Description:
+ The atm_get_addr function in addr.c for Linux kernel 2.6.10 and 2.6.11 before
+ 2.6.11-rc4 may allow local users to trigger a buffer overflow via negative
+ arguments.
Notes:
Bugs:
upstream:
2.6.14:
-2.6.8-sarge-security:
-2.4.27-sarge-security:
-2.6.8:
+2.6.8-sarge-security: released (2.6.8-14) [123-atm_get_addr_signedness_fix.dpatch]
+2.4.27-sarge-security: released (2.4.27-9) [151_atm_get_addr_signedness_fix.diff]
+2.6.8: released (2.6.8-14) [123-atm_get_addr_signedness_fix.dpatch]
2.4.19-woody-security:
2.4.18-woody-security:
2.4.17-woody-security:
Copied: patch-tracking/CAN-2005-0532 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2005-0532 Mon Nov 21 23:39:25 2005
@@ -1,13 +1,25 @@
-Candidate:
+Candidate: CVE-2005-0532
References:
+ FULLDISC:20050215 linux kernel 2.6 fun. windoze is a joke
+ URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=110846727602817&w=2
+ MISC:http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@42018227TkNpHlX6BefnItV_GqMmzQ
+ SUSE:SUSE-SA:2005:018
+ URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html
+ BUGTRAQ:20050315 [USN-95-1] Linux kernel vulnerabilities
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111091402626556&w=2
Description:
+ The reiserfs_copy_from_user_to_file_region function in reiserfs/file.c for
+ Linux kernel 2.6.10 and 2.6.11 before 2.6.11-rc4, when running on 64-bit
+ architectures, may allow local users to trigger a buffer overflow as a result
+ of casting discrepancies between size_t and int data types.
Notes:
Bugs:
upstream:
2.6.14:
-2.6.8-sarge-security:
+2.6.8-sarge-security: released (2.6.8-14) [117-reiserfs_file_64bit_size_t_fixes.dpatch]
2.4.27-sarge-security:
-2.6.8:
+2.6.8: released (2.6.8-14) [117-reiserfs_file_64bit_size_t_fixes.dpatch]
2.4.19-woody-security:
2.4.18-woody-security:
2.4.17-woody-security:
Copied: patch-tracking/CAN-2005-0749 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2005-0749 Mon Nov 21 23:39:25 2005
@@ -1,13 +1,25 @@
-Candidate:
+Candidate: CVE-2005-0749
References:
+ FEDORA:FLSA:152532
+ URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532
+ UBUNTU:USN-103-1
+ URL:http://www.ubuntulinux.org/support/documentation/usn/usn-103-1
+ CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.6
+ SECUNIA:14713
+ URL:http://secunia.com/advisories/14713/
+ XF:kernel-loadelflibrary-dos(19867)
+ URL:http://xforce.iss.net/xforce/xfdb/19867
Description:
+ The load_elf_library in the Linux kernel before 2.6.11.6 allows local users to
+ cause a denial of service (kernel crash) via a crafted ELF library or
+ executable, which causes a free of an invalid pointer.
Notes:
-Bugs:
-upstream:
+Bugs: 301799, 303498
+upstream: released (2.6.11.6)
2.6.14:
-2.6.8-sarge-security:
-2.4.27-sarge-security:
-2.6.8:
+2.6.8-sarge-security: released (2.6.8-16) [fs-binfmt_elf-dos.dpatch]
+2.4.27-sarge-security: released (2.4.27-10) [158_fs-binfmt_elf-dos.diff]
+2.6.8: released (2.6.8-16) [fs-binfmt_elf-dos.dpatch]
2.4.19-woody-security:
2.4.18-woody-security:
2.4.17-woody-security:
Copied: patch-tracking/CAN-2005-0750 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2005-0750 Mon Nov 21 23:39:25 2005
@@ -1,13 +1,29 @@
-Candidate:
+Candidate: CVE-2005-0750
References:
+ BUGTRAQ:20050327 local root security bug in linux >= 2.4.6 <= 2.4.30-rc1 and 2.6.x.y <= 2.6.11.5
+ URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111204562102633&w=2
+ FULLDISC:20050327 local root security bug in linux >= 2.4.6 <= 2.4.30-rc1 and 2.6.x.y <= 2.6.11.5
+ URL:http://lists.grok.org.uk/pipermail/full-disclosure/2005-March/032913.html
+ FEDORA:FLSA:152532
+ URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532
+ REDHAT:RHSA-2005:283
+ URL:http://www.redhat.com/support/errata/RHSA-2005-283.html
+ REDHAT:RHSA-2005:284
+ URL:http://www.redhat.com/support/errata/RHSA-2005-284.html
+ XF:kernel-bluezsockcreate-integer-underflow(19844)
+ URL:http://xforce.iss.net/xforce/xfdb/19844
Description:
+ The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6
+ through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain
+ privileges via (1) socket or (2) socketpair call with a negative protocol
+ value.
Notes:
-Bugs:
-upstream:
-2.6.14:
-2.6.8-sarge-security:
-2.4.27-sarge-security:
-2.6.8:
+Bugs: 301799
+upstream: released (2.6.11.5)
+2.6.14: N/A
+2.6.8-sarge-security: released (2.6.8-16) [net-bluetooth-signdness-fix.dpatch]
+2.4.27-sarge-security: released (2.4.27-10) [155_net-bluetooth-signdness-fix.diff]
+2.6.8: released (2.6.8-16) [net-bluetooth-signdness-fix.dpatch]
2.4.19-woody-security:
2.4.18-woody-security:
2.4.17-woody-security:
Copied: patch-tracking/CAN-2005-0815 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2005-0815 Mon Nov 21 23:39:25 2005
@@ -1,13 +1,25 @@
-Candidate:
+Candidate: CVE-2005-0815
References:
+ BUGTRAQ:20050317 Linux ISO9660 handling flaws
+ URL:http://www.securityfocus.com/archive/1/393590
+ CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.12-rc1
+ FEDORA:FLSA:152532
+ URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532
+ BID:12837
+ URL:http://www.securityfocus.com/bid/12837
+ XF:kernel-iso9660-filesystem(19741)
+ URL:http://xforce.iss.net/xforce/xfdb/19741
Description:
+ Multiple "range checking flaws" in the ISO9660 filesystem handler in Linux
+ 2.6.11 and earlier may allow attackers to cause a denial of service or corrupt
+ memory via a crafted filesystem.
Notes:
-Bugs:
+Bugs: 301799
upstream:
2.6.14:
-2.6.8-sarge-security:
-2.4.27-sarge-security:
-2.6.8:
+2.6.8-sarge-security: released (2.6.8-16) [fs-isofs-range-check-1.dpatch, fs-isofs-range-check-2.dpatch, fs-isofs-range-check-3.dpatch]
+2.4.27-sarge-security: released (2.4.27-10) [157_fs-isofs-range-check-1.diff, 157_fs-isofs-range-check-2.diff, 157_fs-isofs-range-check-3.diff]
+2.6.8: released (2.6.8-16) [fs-isofs-range-check-1.dpatch, fs-isofs-range-check-2.dpatch, fs-isofs-range-check-3.dpatch]
2.4.19-woody-security:
2.4.18-woody-security:
2.4.17-woody-security:
Copied: patch-tracking/CAN-2005-0839 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2005-0839 Mon Nov 21 23:39:25 2005
@@ -1,13 +1,19 @@
-Candidate:
+Candidate: CVE-2005-0839
References:
+ MLIST:[linux-kernel] 20050301 Re: Breakage from patch: Only root should be able to set the N_MOUSE line discipline.
+ URL:http://www.mail-archive.com/linux-kernel@vger.kernel.org/msg64704.html
+ MISC:http://linux.bkbits.net:8080/linux-2.6/cset@41fa6464E1UuGu6zmketEYxm73KSyQ
Description:
+ Linux kernel 2.6 before 2.6.11 does not restrict access to the N_MOUSE line
+ discipline for a TTY, which allows local users to gain privileges by injecting
+ mouse or keyboard events into other user sessions.
Notes:
-Bugs:
-upstream:
+Bugs: 301372
+upstream: released (2.6.11)
2.6.14:
-2.6.8-sarge-security:
+2.6.8-sarge-security: released (2.6.8-16) [drivers-input-serio-nmouse.dpatch]
2.4.27-sarge-security:
-2.6.8:
+2.6.8: released (2.6.8-16) [drivers-input-serio-nmouse.dpatch]
2.4.19-woody-security:
2.4.18-woody-security:
2.4.17-woody-security:
Copied: patch-tracking/CAN-2005-1263 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2005-1263 Mon Nov 21 23:39:25 2005
@@ -1,13 +1,25 @@
-Candidate:
+Candidate: CVE-2005-1263
References:
+ BUGTRAQ:20050511 Linux kernel ELF core dump privilege elevation
+ URL:http://www.securityfocus.com/archive/1/397966
+ MISC:http://www.isec.pl/vulnerabilities/isec-0023-coredump.txt
+ FRSIRT:ADV-2005-0524
+ URL:http://www.frsirt.com/english/advisories/2005/0524
+ OVAL:OVAL1122
+ URL:http://oval.mitre.org/oval/definitions/data/oval1122.html
Description:
+ The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to
+ 2.2.27-rc2, 2.4.x to 2.4.31-pre1, and 2.6.x to 2.6.12-rc4 allows local users
+ to execute arbitrary code via an ELF binary that, in certain conditions
+ involving the create_elf_tables function, causes a negative length argument
+ to pass a signed integer comparison, leading to a buffer overflow.
Notes:
Bugs:
-upstream:
-2.6.14:
-2.6.8-sarge-security:
-2.4.27-sarge-security:
-2.6.8:
+upstream: released (2.2.27-rc2, 2.4.31-pre1, 2.6.12-rc4)
+2.6.14: N/A
+2.6.8-sarge-security: released (2.6.8-16)
+2.4.27-sarge-security: released (2.4.27-10)
+2.6.8: released (2.6.8-16)
2.4.19-woody-security:
2.4.18-woody-security:
2.4.17-woody-security:
Copied: patch-tracking/CAN-2005-1264 (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CAN-2005-1264 Mon Nov 21 23:39:25 2005
@@ -1,13 +1,26 @@
-Candidate:
+Candidate: CVE-2005-1264
References:
+ MLIST:[linux-kernel] 20050517 [PATCH] Fix root hole in raw device
+ URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=111630512512222
+ VULNWATCH:20050516 Linux kernel pktcdvd and rawdevice ioctl break user space limit vulnerability
+ URL:http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0045.html
+ VULNWATCH:20050517 Re: Linux kernel pktcdvd and rawdevice ioctl break user space limit vulnerability
+ URL:http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0046.html
+ CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.10
+ FRSIRT:ADV-2005-0557
+ URL:http://www.frsirt.com/english/advisories/2005/0557
Description:
+ Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong
+ function before passing an ioctl to the block device, which crosses security
+ boundaries by making kernel address space accessible from user space, a
+ similar vulnerability to CVE-2005-1589.
Notes:
Bugs:
-upstream:
+upstream: released (2.6.11.10)
2.6.14:
-2.6.8-sarge-security:
+2.6.8-sarge-security: released (2.6.8-16) [drivers-block-raw-ioctl.dpatch]
2.4.27-sarge-security:
-2.6.8:
+2.6.8: released (2.6.8-16) [drivers-block-raw-ioctl.dpatch]
2.4.19-woody-security:
2.4.18-woody-security:
2.4.17-woody-security:
Copied: patch-tracking/moxa-serial-bounds-checking (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/moxa-serial-bounds-checking Mon Nov 21 23:39:25 2005
@@ -1,13 +1,16 @@
-Candidate:
+Candidate: needed
References:
+ MISC:http://www.securitytracker.com/alerts/2005/Feb/1013273.html
Description:
+ Make sure the length we're passing copy_from_user() is never negative or
+ too large for moxaBuff.
Notes:
Bugs:
upstream:
2.6.14:
-2.6.8-sarge-security:
-2.4.27-sarge-security:
-2.6.8:
+2.6.8-sarge-security: released (2.6.8-12) [030-moxa_user_copy_checking.dpatch]
+2.4.27-sarge-security: released (2.4.27-8) [125_moxa_bound_checking.diff]
+2.6.8: released (2.6.8-12) [030-moxa_user_copy_checking.dpatch]
2.4.19-woody-security:
2.4.18-woody-security:
2.4.17-woody-security:
Copied: patch-tracking/sdla_xfer-bounds-checking (from r4853, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/sdla_xfer-bounds-checking Mon Nov 21 23:39:25 2005
@@ -1,12 +1,13 @@
-Candidate:
+Candidate: needed
References:
Description:
+ [SECURITY] Fix sdla_xfer lack of bounds checking, reported by Coverity.
Notes:
Bugs:
upstream:
2.6.14:
2.6.8-sarge-security:
-2.4.27-sarge-security:
+2.4.27-sarge-security: released (2.4.27-8) [129_net_sdla_coverty.diff]
2.6.8:
2.4.19-woody-security:
2.4.18-woody-security:
More information about the Kernel-svn-changes
mailing list