[kernel] r6786 - patch-tracking/dsa-texts

Micah Anderson micah at costa.debian.org
Fri Jun 9 03:09:57 UTC 2006 

Author: micah
Date: Fri Jun  9 03:09:55 2006
New Revision: 6786

Modified:
   patch-tracking/dsa-texts/2.6.8-sarge3

Log:
Added a few credits to issues and filled in several CVE descriptions


Modified: patch-tracking/dsa-texts/2.6.8-sarge3
==============================================================================
--- patch-tracking/dsa-texts/2.6.8-sarge3	(original)
+++ patch-tracking/dsa-texts/2.6.8-sarge3	Fri Jun  9 03:09:55 2006
@@ -67,32 +67,60 @@
 
 CVE-2006-0558
 
-    It was discovered that perfmon for the IA64 architecture allows users to
-    trigger a BUG() assert, which allows denial of service.
+    It was discovered by Cliff Wickman that perfmon for the IA64
+    architecture allows users to trigger a BUG() assert, which allows
+    denial of service.
 
 CVE-2006-0741
 
-    foo
+    Intel EM64T systems were discovered to be susceptible to a local
+    DoS due to an endless recursive fault related to a bad elf entry
+    address.
 
 CVE-2006-0742
 
-    foo
+    Alan and Gareth discovered that the ia64 platform had an
+    incorrectly declared die_if_kernel() function as "does never
+    return" which could be exploited by a local attacker resulting in
+    a kernel crash.
 
 CVE-2006-0744
 
-    foo
+    The Linux kernel did not properly handle uncanonical return
+    addresses on Intel EM64T CPUs, reporting exceptions in the SYSRET
+    instead of the next instruction, causing the kernel exception
+    handler to run on the user stack with the wrong GS. This may result
+    in a DoS due to a local user changing the frames.
 
 CVE-2006-1056
 
-    foo
+    AMD64 machines (and other 7th and 8th generation AuthenticAMD
+    processors) were found to be vulnerable to sensitive information
+    leakage, due to how they handle saving and restoring the FOP, FIP,
+    and FDP x87 registers in FXSAVE/FXRSTOR when an exception is
+    pending. This allows a process to determine portions of the state
+    of floating point instructions of other processes.
 
 CVE-2006-1242
 
-    foo
+    Marco Ivaldi discovered that there was an unintended information
+    disclosure allowing remote attackers to bypass protections against
+    Idle Scans (nmap -sI) by abusing the ID field of IP packets and
+    bypassing the zero IP ID in DF packet countermeasure. This was a
+    result of the ip_push_pending_frames function improperly
+    incremented the IP ID field when sending a RST after receiving
+    unsolicited TCP SYN-ACK packets.
 
 CVE-2006-1368
 
-    foo
+    Shaun Tancheff discovered a buffer overflow (boundry condition
+    error) in the USB Gadget RNDIS implementation allowing remote
+    attackers to cause a DoS. While creating a reply message, the
+    driver allocated memory for the reply data, but not for the reply
+    structure. The kernel fails to properly bounds-check user-supplied
+    data before copying it to an insufficiently sized memory
+    buffer. Attackers could crash the system, or possibly execute
+    arbitrary machine code.
 
 CVE-2006-1523

More information about the Kernel-svn-changes mailing list