[kernel] r5191 - patch-tracking
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Tue Jan 3 11:47:47 UTC 2006
Author: jmm-guest
Date: Tue Jan 3 11:47:46 2006
New Revision: 5191
Added:
patch-tracking/CVE-2004-2135
Log:
add the last missing patch tracker entry for older issues
Added: patch-tracking/CVE-2004-2135
==============================================================================
--- (empty file)
+++ patch-tracking/CVE-2004-2135 Tue Jan 3 11:47:46 2006
@@ -0,0 +1,29 @@
+Candidate: CVE-2004-2135
+References:
+ http://marc.theaimsgroup.com/?l=linux-kernel&m=107719798631935&w=2
+ http://mareichelt.de/pub/notmine/diskenc.pdf
+ http://www.securiteam.com/exploits/5UP0P1PFPM.html
+ http://www.securityfocus.com/bid/13775
+Description:
+ cryptoloop on Linux kernel 2.6.x, when used on certain file systems with a
+ block size 1024 or greater, has certain "IV computation" weaknesses that
+ allow watermarked files to be detected without decryption.
+Notes:
+ jmm> IIRC there was some serious flaming about the different disk encryption systems,
+ jmm> I'm not sure whether this has been addressed or how real it is
+ jmm> Plus, cryptoloop is marked DEPRECATED for a long time IIRC
+ jmm> It's not included in stock 2.4 kernels, but only available in kernel-patch-cryptoloop,
+ jmm> which is only part of sid and hasn't been shipped with neither Woody nor Sarge, so
+ jmm> I'm marking all these N/A
+Bugs:
+upstream:
+linux-2.6:
+2.6.8-sarge-security:
+2.4.27-sarge-security: N/A
+2.6.8:
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
More information about the Kernel-svn-changes
mailing list