[kernel] r6659 - patch-tracking/dsa-texts

Sun May 21 06:20:14 UTC 2006

Author: jmm-guest
Date: Sun May 21 06:20:13 2006
New Revision: 6659

Modified:
   patch-tracking/dsa-texts/2.6.8-sarge3

Log:
more work on sarge3 advisory text


Modified: patch-tracking/dsa-texts/2.6.8-sarge3
==============================================================================

--- patch-tracking/dsa-texts/2.6.8-sarge3	(original)
+++ patch-tracking/dsa-texts/2.6.8-sarge3	Sun May 21 06:20:13 2006
@@ -26,18 +26,116 @@
     
 CVE-2006-0038
 
+    "Solar Designer" discovered that arithmetic computations in netfilter's
+    do_replace() function can lead to a buffer overflow and the execution of
+    arbitrary code. However, the operation requires CAP_NET_ADMIN privileges,
+    which is only an issue in virtualization systems or fine grained access
+    control systems.
+
+CVE-2006-0039
+
+    "Solar Designer" discovered a race condition in netfilter's
+    do_add_counters() function, which allows information disclosure of kernel
+    memory by exploiting a race condition. Likewise, it requires CAP_NET_ADMIN
+    privileges. 
+
+CVE-2006-0456
+
+    David Howells discovered that the s390 assembly version of the
+    strnlen_user() function incorrectly returns some string size values.
+
+CVE-2006-0554
+
+    It was discovered that the ftruncate() function of XFS can expose
+    unallocated, which allows information disclosure of previously deleted
+    files.
+
+CVE-2006-0555
+
+    It was discovered that some NFS file operations on handles mounted with
+    O_DIRECT can force the kernel into a crash.
+
+CVE-2006-0557
+
+    It was discovered that the code to configure memory policies allows tricking
+    the kernel into a crash, thus allowing denial of service.
+
+CVE-2006-0558
+
+    It was discovered that perfmon for the IA64 architecture allows users to
+    trigger a BUG() assert, which allows denial of service.
+
+CVE-2006-0741
+
     foo
 
-CVE-2006-1864
+CVE-2006-0742
 
-    Mark Mosely discovered that chroots residing on an SMB share can be
+    foo
+
+CVE-2006-0744
+
+    foo
+
+CVE-2006-1056
+
+    foo
+
+CVE-2006-1242
+
+    foo
+
+CVE-2006-1368
+
+    foo
+
+CVE-2006-1523
+
+    foo
+
+CVE-2006-1524
+
+    foo
+
+CVE-2006-1525
+
+    foo
+
+CVE-2006-1857
+
+    foo
+
+CVE-2006-1858
+
+    foo
+
+CVE-2006-1863
+
+    Mark Mosely discovered that chroots residing on an CIFS share can be
     escaped with specially crafted "cd" sequences.
 
 CVE-2006-1864
 
-    Mark Mosely discovered that chroots residing on an CIFS share can be
+    Mark Mosely discovered that chroots residing on an SMB share can be
     escaped with specially crafted "cd" sequences.
 
+CVE-2006-2271
+
+    The "Mu security team" discovered that carefully crafted ECNE chunks can
+    cause a kernel crash by accessing incorrect state stable entries in the
+    SCTP networking subsystem, which allows denial of service.
+
+CVE-2006-2272
+
+    The "Mu security team" discovered that fragmented SCTP control chunks can
+    trigger kernel panics, which allows denial of service.
+
+CVE-2006-2274
+
+    It was discovered that SCTP packets with two initial bundled data packets
+    can lead to infinite recursion, which allows denial of service.
+
+
 
 The following matrix explains which kernel version for which architecture
 fix the problems mentioned above:

