[kernel] r6751 - patch-tracking

Dann Frazier dannf at costa.debian.org
Mon May 29 04:13:42 UTC 2006 

Author: dannf
Date: Mon May 29 04:13:41 2006
New Revision: 6751

Modified:
   patch-tracking/CVE-2006-1056
   patch-tracking/CVE-2006-2272

Log:
CVE-2006-1056 updates

Modified: patch-tracking/CVE-2006-1056
==============================================================================
--- patch-tracking/CVE-2006-1056	(original)
+++ patch-tracking/CVE-2006-1056	Mon May 29 04:13:41 2006
@@ -1,11 +1,24 @@
 Candidate: CVE-2006-1056
 References: 
- http://marc.theaimsgroup.com/?l=linux-kernel&m=114633448824132&w=2
-Description: x87 inter process information leak
+ CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187910
+ CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187911
+ URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=114548768214478&w=2
+ URL:http://www.securityfocus.com/bid/17600
+ URL:http://xforce.iss.net/xforce/xfdb/25871 
+Description: 
+ The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on
+ AMD64 and other 7th and 8th generation AuthenticAMD processors, only
+ save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an
+ exception is pending, which allows one process to determine portions of the
+ state of floating point instructions of other processes, which can be
+ leveraged to obtain sensitive information such as cryptographic keys. NOTE:
+ this is the documented behavior of AMD64 processors, but it is inconsistent
+ with Intel processers in a security-relevant fashion that was not addressed
+ by the kernels.
 Notes: 
 Bugs: 
-upstream: released (2.6.16.9)
-linux-2.6:
+upstream: released (2.4.33-pre3), released (2.6.16.9)
+linux-2.6: released (2.6.16-9)
 2.6.8-sarge-security: pending (2.6.8-16sarge3)
 2.4.27-sarge-security: pending (2.4.27-10sarge3)
 2.4.27:

Modified: patch-tracking/CVE-2006-2272
==============================================================================
--- patch-tracking/CVE-2006-2272	(original)
+++ patch-tracking/CVE-2006-2272	Mon May 29 04:13:41 2006
@@ -8,6 +8,7 @@
  of service (kernel panic) via incoming IP fragmented (1) COOKIE_ECHO and (2)
  HEARTBEAT SCTP control chunks.
 Notes: 
+ dannf> Submitted to Marcelo for inclusion in 2.4
 Bugs: 
 upstream: released (2.6.16.15)
 linux-2.6: released (2.6.16-13)

More information about the Kernel-svn-changes mailing list