[kernel] r6786 - patch-tracking/dsa-texts
Micah Anderson
micah at costa.debian.org
Fri Jun 9 03:09:57 UTC 2006
Author: micah
Date: Fri Jun 9 03:09:55 2006
New Revision: 6786
Modified:
patch-tracking/dsa-texts/2.6.8-sarge3
Log:
Added a few credits to issues and filled in several CVE descriptions
Modified: patch-tracking/dsa-texts/2.6.8-sarge3
==============================================================================
--- patch-tracking/dsa-texts/2.6.8-sarge3 (original)
+++ patch-tracking/dsa-texts/2.6.8-sarge3 Fri Jun 9 03:09:55 2006
@@ -67,32 +67,60 @@
CVE-2006-0558
- It was discovered that perfmon for the IA64 architecture allows users to
- trigger a BUG() assert, which allows denial of service.
+ It was discovered by Cliff Wickman that perfmon for the IA64
+ architecture allows users to trigger a BUG() assert, which allows
+ denial of service.
CVE-2006-0741
- foo
+ Intel EM64T systems were discovered to be susceptible to a local
+ DoS due to an endless recursive fault related to a bad elf entry
+ address.
CVE-2006-0742
- foo
+ Alan and Gareth discovered that the ia64 platform had an
+ incorrectly declared die_if_kernel() function as "does never
+ return" which could be exploited by a local attacker resulting in
+ a kernel crash.
CVE-2006-0744
- foo
+ The Linux kernel did not properly handle uncanonical return
+ addresses on Intel EM64T CPUs, reporting exceptions in the SYSRET
+ instead of the next instruction, causing the kernel exception
+ handler to run on the user stack with the wrong GS. This may result
+ in a DoS due to a local user changing the frames.
CVE-2006-1056
- foo
+ AMD64 machines (and other 7th and 8th generation AuthenticAMD
+ processors) were found to be vulnerable to sensitive information
+ leakage, due to how they handle saving and restoring the FOP, FIP,
+ and FDP x87 registers in FXSAVE/FXRSTOR when an exception is
+ pending. This allows a process to determine portions of the state
+ of floating point instructions of other processes.
CVE-2006-1242
- foo
+ Marco Ivaldi discovered that there was an unintended information
+ disclosure allowing remote attackers to bypass protections against
+ Idle Scans (nmap -sI) by abusing the ID field of IP packets and
+ bypassing the zero IP ID in DF packet countermeasure. This was a
+ result of the ip_push_pending_frames function improperly
+ incremented the IP ID field when sending a RST after receiving
+ unsolicited TCP SYN-ACK packets.
CVE-2006-1368
- foo
+ Shaun Tancheff discovered a buffer overflow (boundry condition
+ error) in the USB Gadget RNDIS implementation allowing remote
+ attackers to cause a DoS. While creating a reply message, the
+ driver allocated memory for the reply data, but not for the reply
+ structure. The kernel fails to properly bounds-check user-supplied
+ data before copying it to an insufficiently sized memory
+ buffer. Attackers could crash the system, or possibly execute
+ arbitrary machine code.
CVE-2006-1523
More information about the Kernel-svn-changes
mailing list