diff options
author | Kees Cook <kees@outflux.net> | 2008-06-24 03:39:17 +0000 |
---|---|---|
committer | Kees Cook <kees@outflux.net> | 2008-06-24 03:39:17 +0000 |
commit | 1efd3df215aa76275f902e197b38f8ff93800c73 (patch) | |
tree | 62a9cd65e615066bde7132653dc206be12dbd62c | |
parent | cd3ec32ab8c13aad37a99c90165709838c25c54a (diff) |
ubuntu released kernels
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1182 e094ebfe-e918-0410-adfb-c712417f3574
-rw-r--r-- | active/CVE-2007-4571 | 8 | ||||
-rw-r--r-- | active/CVE-2007-5904 | 9 | ||||
-rw-r--r-- | active/CVE-2007-6694 | 12 | ||||
-rw-r--r-- | active/CVE-2007-6712 | 4 | ||||
-rw-r--r-- | active/CVE-2008-0007 | 12 | ||||
-rw-r--r-- | active/CVE-2008-1294 | 10 | ||||
-rw-r--r-- | active/CVE-2008-1375 | 12 | ||||
-rw-r--r-- | active/CVE-2008-1669 | 11 | ||||
-rw-r--r-- | active/CVE-2008-1675 | 6 | ||||
-rw-r--r-- | scripts/ubuntu-release | 18 |
10 files changed, 72 insertions, 30 deletions
diff --git a/active/CVE-2007-4571 b/active/CVE-2007-4571 index e1630fe9..46103f5b 100644 --- a/active/CVE-2007-4571 +++ b/active/CVE-2007-4571 @@ -11,6 +11,10 @@ Description: information (kernel memory contents) via a small count argument, as demonstrated by multiple reads of /proc/driver/snd-page-alloc. Ubuntu-Description: + It was discovered that the ALSA /proc interface did not write the + correct number of bytes when reporting memory allocations. A local + attacker might be able to access sensitive kernel memory, leading to + a loss of privacy. Notes: dannf> ABI changer, was reverted from etch-security (r9547) Bugs: @@ -19,8 +23,8 @@ linux-2.6: released (2.6.22-5) 2.6.18-etch-security: released (2.6.18.dfsg.1-17etch1) [bugfix/proc-snd-page-alloc-mem-leak.patch] 2.6.8-sarge-security: N/A "cannot reproduce w/ ALSA in 2.6.8, alsa-driver package was affected/fixed in DSA 1505" 2.4.27-sarge-security: N/A "alsa-driver package was affected/fixed in DSA 1505" -2.6.15-dapper-security: pending (2.6.15-51.67) +2.6.15-dapper-security: released (2.6.15-52.67) 2.6.17-edgy-security: ignored (EOL) -2.6.20-feisty-security: pending (2.6.20-16.36) +2.6.20-feisty-security: released (2.6.20-17.36) 2.6.22-gutsy-security: N/A 2.6.24-hardy-security: N/A diff --git a/active/CVE-2007-5904 b/active/CVE-2007-5904 index eb54d436..d1fe8b66 100644 --- a/active/CVE-2007-5904 +++ b/active/CVE-2007-5904 @@ -9,6 +9,9 @@ References: http://marc.info/?l=linux-kernel&m=119457447724276&w=2 http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git;a=commit;h=133672efbc1085f9af990bdc145e1822ea93bcf3 Ubuntu-Description: + Multiple buffer overflows were discovered in the handling of CIFS + filesystems. A malicious CIFS server could cause a client system crash + or possibly execute arbitrary code with kernel privileges. Notes: kees> failed mount errors: a761ac579b89bc1f00212a42401398108deba65c Bugs: @@ -17,8 +20,8 @@ linux-2.6: 2.6.18-etch-security: released (2.6.18.dfsg.1-13etch5) [bugfix/cifs-better-failed-mount-errors.patch, bugfix/cifs-corrupt-server-response-overflow.patch] 2.6.8-sarge-security: ignored (2.6.8-17sarge2) "needs port if vulnerable" 2.4.27-sarge-security: N/A "No CIFS" -2.6.15-dapper-security: pending (2.6.15-51.67) +2.6.15-dapper-security: released (2.6.15-52.67) 2.6.17-edgy-security: ignored (EOL) -2.6.20-feisty-security: pending (2.6.20-16.36) -2.6.22-gutsy-security: pending (2.6.22-14.53) +2.6.20-feisty-security: released (2.6.20-17.36) +2.6.22-gutsy-security: released (2.6.22-15.54) 2.6.24-hardy-security: N/A diff --git a/active/CVE-2007-6694 b/active/CVE-2007-6694 index 9cf1226d..15e09d05 100644 --- a/active/CVE-2007-6694 +++ b/active/CVE-2007-6694 @@ -8,6 +8,10 @@ Description: References: http://marc.info/?l=linux-kernel&m=119576191029571&w=2 Ubuntu-Description: + It was discovered that PowerPC kernels did not correctly handle reporting + certain system details. By requesting a specific set of information, + a local attacker could cause a system crash resulting in a denial + of service. Notes: jmm> This appears more of a regular bug with a specific piece of hw jmm> than a security problem. Do we support the chrp POWER platform? @@ -17,8 +21,8 @@ linux-2.6: 2.6.18-etch-security: released (2.6.18.dfsg.1-18etch2) [bugfix/powerpc-chrp-null-deref.patch] 2.6.8-sarge-security: released (2.6.8-17sarge2) [powerpc-chrp-null-deref.dpatch] 2.4.27-sarge-security: released (2.4.27-10sarge6) [265_powerpc-chrp-null-deref.diff] -2.6.15-dapper-security: pending (2.6.15-51.67) +2.6.15-dapper-security: released (2.6.15-52.67) 2.6.17-edgy-security: ignored (EOL) -2.6.20-feisty-security: pending (2.6.20-16.36) -2.6.22-gutsy-security: pending (2.6.22-14.53) -2.6.24-hardy-security: pending (2.6.24-17.32) +2.6.20-feisty-security: released (2.6.20-17.36) +2.6.22-gutsy-security: released (2.6.22-15.54) +2.6.24-hardy-security: released (2.6.24-19.34) diff --git a/active/CVE-2007-6712 b/active/CVE-2007-6712 index d5c07fd3..c07bae11 100644 --- a/active/CVE-2007-6712 +++ b/active/CVE-2007-6712 @@ -14,6 +14,6 @@ linux-2.6: 2.6.18-etch-security: released (2.6.18.dfsg.1-18etch5) [bugfix/hrtimer-prevent-overrun.patch, bugfix/ktime-fix-MTIME_SEC_MAX-on-32-bit.patch] 2.6.24-etchnhalf-security: N/A 2.6.15-dapper-security: N/A -2.6.20-feisty-security: pending (2.6.20-16.36) -2.6.22-gutsy-security: pending (2.6.22-14.53) +2.6.20-feisty-security: released (2.6.20-17.36) +2.6.22-gutsy-security: released (2.6.22-15.54) 2.6.24-hardy-security: N/A diff --git a/active/CVE-2008-0007 b/active/CVE-2008-0007 index 595e7522..da26c1d3 100644 --- a/active/CVE-2008-0007 +++ b/active/CVE-2008-0007 @@ -1,7 +1,13 @@ Candidate: CVE-2008-0007 Description: + Linux kernel before 2.6.22.17, when using certain drivers that register + a fault handler that does not perform range checks, allows local users + to access kernel memory via an out-of-range offset. References: Ubuntu-Description: + It was discovered that some device driver fault handlers did not + correctly verify memory ranges. A local attacker could exploit this + to access sensitive kernel memory, possibly leading to a loss of privacy. Notes: Bugs: upstream: released (2.6.24.1) @@ -10,8 +16,8 @@ linux-2.6: released (2.6.24-4) 2.6.24-etchnhalf-security: needed 2.6.8-sarge-security: released (2.6.8-17sarge1) [mmap-VM_DONTEXPAND.dpatch] 2.4.27-sarge-security: released (2.4.27-10sarge6) [264_mmap-VM_DONTEXPAND.diff] -2.6.15-dapper-security: pending (2.6.15-51.67) +2.6.15-dapper-security: released (2.6.15-52.67) 2.6.17-edgy-security: ignored (EOL) -2.6.20-feisty-security: pending (2.6.20-16.36) -2.6.22-gutsy-security: pending (2.6.22-14.53) +2.6.20-feisty-security: released (2.6.20-17.36) +2.6.22-gutsy-security: released (2.6.22-15.54) 2.6.24-hardy-security: N/A diff --git a/active/CVE-2008-1294 b/active/CVE-2008-1294 index ab7b2239..773d05c9 100644 --- a/active/CVE-2008-1294 +++ b/active/CVE-2008-1294 @@ -1,7 +1,13 @@ Candidate: CVE-2008-1294 Description: + Linux kernel 2.6.17, and other versions before 2.6.22, does not check + when a user attempts to set RLIMIT_CPU to 0 until after the change is + made, which allows local users to bypass intended resource limits. References: Ubuntu-Description: + It was discovered that CPU resource limits could be bypassed. + A malicious local user could exploit this to avoid administratively + imposed resource limits. Notes: https://launchpad.net/bugs/107209 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419706 @@ -16,8 +22,8 @@ linux-2.6: 2.6.24-etchnhalf-security: 2.6.8-sarge-security: 2.4.27-sarge-security: -2.6.15-dapper-security: pending (2.6.15-51.67) +2.6.15-dapper-security: released (2.6.15-52.67) 2.6.17-edgy-security: ignored (EOL) -2.6.20-feisty-security: pending (2.6.20-16.36) +2.6.20-feisty-security: released (2.6.20-17.36) 2.6.22-gutsy-security: N/A 2.6.24-hardy-security: N/A diff --git a/active/CVE-2008-1375 b/active/CVE-2008-1375 index 176007e2..3cc4d4f5 100644 --- a/active/CVE-2008-1375 +++ b/active/CVE-2008-1375 @@ -4,6 +4,10 @@ Description: References: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=214b7049a7929f03bbd2786aaef04b8b79db34e2 Ubuntu-Description: + A race condition was discovered between dnotify fcntl() and close() in + the kernel. If a local attacker performed malicious dnotify requests, + they could cause memory consumption leading to a denial of service, + or possibly send arbitrary signals to any process. Notes: kees> ABI changer due to header addition? kees> http://svn.debian.org/wsvn/kernel/dists/etch-security/linux-2.6/debian/patches/bugfix/dnotify-race-avoid-abi-change.patch?op=file&rev=0&sc=0 @@ -12,8 +16,8 @@ upstream: pending (2.6.26-rc1) linux-2.6: needed 2.6.18-etch-security: released (2.6.18.dfsg.1-18etch2) [bugfix/dnotify-race.patch] 2.6.24-etchnhalf-security: needed -2.6.15-dapper-security: pending (2.6.15-51.67) +2.6.15-dapper-security: released (2.6.15-52.67) 2.6.17-edgy-security: ignored (EOL) -2.6.20-feisty-security: pending (2.6.20-16.36) -2.6.22-gutsy-security: pending (2.6.22-14.53) -2.6.24-hardy-security: pending (2.6.24-17.32) +2.6.20-feisty-security: released (2.6.20-17.36) +2.6.22-gutsy-security: released (2.6.22-15.54) +2.6.24-hardy-security: released (2.6.24-19.34) diff --git a/active/CVE-2008-1669 b/active/CVE-2008-1669 index 057c8f30..900a997a 100644 --- a/active/CVE-2008-1669 +++ b/active/CVE-2008-1669 @@ -3,6 +3,9 @@ Description: "add rcu_read_lock() to fs/locks.c and fix fcntl store/load" References: Ubuntu-Description: + On SMP systems, a race condition existed in fcntl(). Local attackers + could perform malicious locks, causing system crashes and leading to + a denial of service. Notes: kees> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=0b2bac2f1ea0d33a3621b27ca68b9ae760fca2e9 kees> linux-2.6.24.y: 0bbbae3bfd732f6c4d6b2a67121d77bf6b1c7f70 @@ -11,7 +14,7 @@ upstream: released (2.6.24.7, 2.6.25.2) linux-2.6: released (2.6.25-2) 2.6.18-etch-security: released (2.6.18.dfsg.1-18etch4) [bugfix/fcntl_setlk-close-race.patch] 2.6.24-etchnhalf-security: released (2.6.24-6~etchnhalf.2) [bugfix/all/stable/2.6.24.7.patch] -2.6.15-dapper-security: pending (2.6.15-51.67) -2.6.20-feisty-security: pending (2.6.20-16.36) -2.6.22-gutsy-security: pending (2.6.22-14.53) -2.6.24-hardy-security: pending (2.6.24-17.32) +2.6.15-dapper-security: released (2.6.15-52.67) +2.6.20-feisty-security: released (2.6.20-17.36) +2.6.22-gutsy-security: released (2.6.22-15.54) +2.6.24-hardy-security: released (2.6.24-19.34) diff --git a/active/CVE-2008-1675 b/active/CVE-2008-1675 index 7f44485e..0e3f1637 100644 --- a/active/CVE-2008-1675 +++ b/active/CVE-2008-1675 @@ -4,6 +4,10 @@ References: http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.24.y.git;a=commitdiff;h=a30678eb8ce99a7b4c716ad41c8c10a04d731127 http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.24.y.git;a=commitdiff;h=f1b6098616f329d26199f278f228a7b27d36558d Ubuntu-Description: + The tehuti network driver did not correctly handle certain IO functions. + A local attacker could perform malicious requests to the driver, + potentially accessing kernel memory, leading to privilege escalation + or access to private system information. Notes: Bugs: upstream: released (2.6.24.6) @@ -13,4 +17,4 @@ linux-2.6: released (2.6.24-7) 2.6.15-dapper-security: N/A 2.6.20-feisty-security: N/A 2.6.22-gutsy-security: N/A -2.6.24-hardy-security: pending (2.6.24-17.32) +2.6.24-hardy-security: released (2.6.24-19.34) diff --git a/scripts/ubuntu-release b/scripts/ubuntu-release index cf436685..3079cb1e 100644 --- a/scripts/ubuntu-release +++ b/scripts/ubuntu-release @@ -1,7 +1,15 @@ #!/bin/bash -echo 'This is just a place holder for future scripts. View source for examples.' -exit 1 +DAPPER="$1" +FEISTY="$2" +GUTSY="$3" +HARDY="$4" -# Examples: -#../scripts/ubuntu-usn-desc $(egrep '^2.6.20-feisty-security: pending' CVE* | cut -d: -f1) -#perl -pi -e 's/^2.6.20-feisty-security: pending \(2\.6\.20-16\.30\)/2.6.20-feisty-security: released (2.6.20-16.31)/' CVE* +if [ -z "$DAPPER" ] || [ -z "$FEISTY" ] || [ -z "$GUTSY" ] || [ -z "$HARDY" ]; then + echo "Usage: $0 DAPPER FEISTY GUTSY HARDY" >&2 + exit 1 +fi + +perl -pi -e 's/^2.6.15-dapper-security: pending.*/2.6.15-dapper-security: released ('"$DAPPER"')/' CVE* +perl -pi -e 's/^2.6.20-feisty-security: pending.*/2.6.20-feisty-security: released ('"$FEISTY"')/' CVE* +perl -pi -e 's/^2.6.22-gutsy-security: pending.*/2.6.22-gutsy-security: released ('"$GUTSY"')/' CVE* +perl -pi -e 's/^2.6.24-hardy-security: pending.*/2.6.24-hardy-security: released ('"$HARDY"')/' CVE* |