r4354 - people/micah
Micah Anderson
micah at costa.debian.org
Sat Oct 8 16:08:35 UTC 2005
Author: micah
Date: 2005-10-08 16:08:34 +0000 (Sat, 08 Oct 2005)
New Revision: 4354
Modified:
people/micah/pending_CVE_requests
Log:
Updating draft CVE texts
Modified: people/micah/pending_CVE_requests
===================================================================
--- people/micah/pending_CVE_requests 2005-10-07 21:27:50 UTC (rev 4353)
+++ people/micah/pending_CVE_requests 2005-10-08 16:08:34 UTC (rev 4354)
@@ -1,38 +1,55 @@
-waiting on dannf:
+Draft text for CVE:
A local denial of service was discovered in the ptrace code for ia64 in
linux-2.6.8 enabling unprivledged users to trigger an oops when
CONFIG_PREEMPT is enabled in the kernel configuration.
+TODO: dannf looking for reference
+TODO: is this included in 2.6.8-16sarge1?
+Patches included in 2.6.8-16sarge1:
+
+* fs-exec-posix-timers-leak-1.dpatch,
Draft text for CVE:
-A local denial of service was discovered in the ptrace code for ia64 in
-linux-2.6.8 enabling unprivledged users to trigger an oops when
-CONFIG_PREEMPT is enabled in the kernel configuration.
+A potential local denial of service was discovered in the linux kernel
+2.6? due to exec failing to clean up posix-timers, leaving lingering
+timers around that could kill processes with unexpected signals.
+URL: http://linux.bkbits.net:8080/linux-2.6/cset@414b332fsZQvEUsfzKJIo-q2_ZH0hg
+TODO: fixed in which version of upstream?
-from 2.6.8-16sarge1:
- * fs-exec-posix-timers-leak-1.dpatch,
- [Security] fs-exec-posix-timers-leak-2.dpatch
- Make exec clean up posix timers.
-M: dannf tracked
+* fs-exec-posix-timers-leak-2.dpatch
+Draft CVE text:
+Leaks were discovered in the exec structure of linux-2.6, resulting in
+pending signal loss... how is this a security problem?
+URL: http://linux.bkbits.net:8080/linux-2.6/cset@4174ac1exFxpMg163OsRuPZLQrlBKg
+TODO: Description is weak, also what upstream version is this fixed in?
- * net-bridge-forwarding-poison-2.dpatch,
- net-bridge-forwarding-poison-2.dpatch:
- [Security] Avoid poisoning of the bridge forwarding table by frames that
- have been dropped by filtering. This prevents spoofed source addresses on
- hostile side of bridge from causing packet leakage, a small but possible
- security risk.
-M: dannf tracked
+* net-bridge-forwarding-poison-1.dpatch,
+ net-bridge-forwarding-poison-2.dpatch:
+Draft CVE text:
+Spoofed source addresses on the public facing side of a bridge can
+cause packet leaks due to poisoning of the bridge forwarding table by
+frames that have been dropped by filtering.
+URL: http://linux.bkbits.net:8080/linux-2.6/cset@412d2246sXjFQD6OadAB57YWvqR9vQ
+URL: http://linux.bkbits.net:8080/linux-2.6/cset@1.3097.18.19?nav=index.html|src/|src/net|src/net/bridge|related/net/bridge/br_input.c
M: the following are pre-requisites:
M: net-bridge-mangle-oops-1.dpatch
M: net-bridge-mangle-oops-2.dpatch
+TODO: What upstream version is affected by this, and which is fixed?
- * [Security] net-rose-ndigis-verify.dpatch
- Verify ndigis argument of a new route.
-M: dannf tracked
+* net-rose-ndigis-verify.dpatch
+Draft CVE text:
+ROSE wasn't verifying the ndigis argument of a new route resulting in
+a minor security hole.
+URL:
+http://linux.bkbits.net:8080/linux-2.6/diffs/net/rose/rose_route.c@1.16?nav=index.html|src/|src/net|src/net/rose|related/net/rose/rose_route.c|cset@1.2009.1.46
+TODO: description is weak, what kind of security hole? What versions
+are affected?
- * sound-usb-usbaudio-unplug-oops.dpatch
+* sound-usb-usbaudio-unplug-oops.dpatch
[Security] Prevent oops & dead keyboard on usb unplugging while the device
is being used.
-M: dannf tracked
+TODO: How is this a security patch?
+TODO: URL
+TODO: CVE description
* net-ipv4-ipvs-conn_tab-race.dpatch
[Security] Fix race condition on ip_vs_conn_tab list modification
More information about the Kernel-svn-changes
mailing list