[kernel] r5253 - patch-tracking
Simon Horman
horms at costa.debian.org
Thu Jan 5 04:03:34 UTC 2006
Author: horms
Date: Thu Jan 5 04:03:33 2006
New Revision: 5253
Modified:
patch-tracking/CVE-2005-0176
Log:
Only 2.6.10 has CVE-2005-0176
Modified: patch-tracking/CVE-2005-0176
==============================================================================
--- patch-tracking/CVE-2005-0176 (original)
+++ patch-tracking/CVE-2005-0176 Thu Jan 5 04:03:33 2006
@@ -4,20 +4,26 @@
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
http://www.redhat.com/support/errata/RHSA-2005-092.html
http://oval.mitre.org/oval/definitions/data/oval1225.html
+ http://www.kernel.org/git/?p=linux/kernel/git/tglx/history.git;a=commit;h=2637792e3d9ae50079238615fd16384a0d393b30
Description:
The shmctl function in Linux 2.6.9 and earlier allows local users to unlock
the memory of other processes, which could cause sensitive memory to be swapped
to disk, which could allow it to be read by other users once it has been released.
Notes:
+ It appears that 2.6.8 and earlier are not vulnerable as prior to the
+ following patch, local users could not effect lock or unlock
+ http://www.kernel.org/git/?p=linux/kernel/git/tglx/history.git;a=commit;h=16698c49bbb42567c0bbc528d3820d18885e4642
+ That is, only 2.6.10 is effected.
Bugs:
-upstream:
-linux-2.6:
-2.6.8-sarge-security:
-2.4.27-sarge-security:
-2.6.8:
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
+upstream: fixed (2.6.10)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.6.8: N/A
+2.4.27: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
More information about the Kernel-svn-changes
mailing list