[kernel] r6659 - patch-tracking/dsa-texts
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Sun May 21 06:20:14 UTC 2006
Author: jmm-guest
Date: Sun May 21 06:20:13 2006
New Revision: 6659
Modified:
patch-tracking/dsa-texts/2.6.8-sarge3
Log:
more work on sarge3 advisory text
Modified: patch-tracking/dsa-texts/2.6.8-sarge3
==============================================================================
--- patch-tracking/dsa-texts/2.6.8-sarge3 (original)
+++ patch-tracking/dsa-texts/2.6.8-sarge3 Sun May 21 06:20:13 2006
@@ -26,18 +26,116 @@
CVE-2006-0038
+ "Solar Designer" discovered that arithmetic computations in netfilter's
+ do_replace() function can lead to a buffer overflow and the execution of
+ arbitrary code. However, the operation requires CAP_NET_ADMIN privileges,
+ which is only an issue in virtualization systems or fine grained access
+ control systems.
+
+CVE-2006-0039
+
+ "Solar Designer" discovered a race condition in netfilter's
+ do_add_counters() function, which allows information disclosure of kernel
+ memory by exploiting a race condition. Likewise, it requires CAP_NET_ADMIN
+ privileges.
+
+CVE-2006-0456
+
+ David Howells discovered that the s390 assembly version of the
+ strnlen_user() function incorrectly returns some string size values.
+
+CVE-2006-0554
+
+ It was discovered that the ftruncate() function of XFS can expose
+ unallocated, which allows information disclosure of previously deleted
+ files.
+
+CVE-2006-0555
+
+ It was discovered that some NFS file operations on handles mounted with
+ O_DIRECT can force the kernel into a crash.
+
+CVE-2006-0557
+
+ It was discovered that the code to configure memory policies allows tricking
+ the kernel into a crash, thus allowing denial of service.
+
+CVE-2006-0558
+
+ It was discovered that perfmon for the IA64 architecture allows users to
+ trigger a BUG() assert, which allows denial of service.
+
+CVE-2006-0741
+
foo
-CVE-2006-1864
+CVE-2006-0742
- Mark Mosely discovered that chroots residing on an SMB share can be
+ foo
+
+CVE-2006-0744
+
+ foo
+
+CVE-2006-1056
+
+ foo
+
+CVE-2006-1242
+
+ foo
+
+CVE-2006-1368
+
+ foo
+
+CVE-2006-1523
+
+ foo
+
+CVE-2006-1524
+
+ foo
+
+CVE-2006-1525
+
+ foo
+
+CVE-2006-1857
+
+ foo
+
+CVE-2006-1858
+
+ foo
+
+CVE-2006-1863
+
+ Mark Mosely discovered that chroots residing on an CIFS share can be
escaped with specially crafted "cd" sequences.
CVE-2006-1864
- Mark Mosely discovered that chroots residing on an CIFS share can be
+ Mark Mosely discovered that chroots residing on an SMB share can be
escaped with specially crafted "cd" sequences.
+CVE-2006-2271
+
+ The "Mu security team" discovered that carefully crafted ECNE chunks can
+ cause a kernel crash by accessing incorrect state stable entries in the
+ SCTP networking subsystem, which allows denial of service.
+
+CVE-2006-2272
+
+ The "Mu security team" discovered that fragmented SCTP control chunks can
+ trigger kernel panics, which allows denial of service.
+
+CVE-2006-2274
+
+ It was discovered that SCTP packets with two initial bundled data packets
+ can lead to infinite recursion, which allows denial of service.
+
+
The following matrix explains which kernel version for which architecture
fix the problems mentioned above:
More information about the Kernel-svn-changes
mailing list