diff options
| author | Kees Cook <kees@outflux.net> | 2007-07-18 22:56:01 +0000 |
|---|---|---|
| committer | Kees Cook <kees@outflux.net> | 2007-07-18 22:56:01 +0000 |
| commit | 98178c32510e0e50772d0fe66f33db001cb072be (patch) | |
| tree | 191de07ce183d6e2d135b737cd606df73664c74f | |
| parent | 55bd92e8dfd15c31e6c677e94846e2900e59fbc9 (diff) | |
updating ubuntu releases, adding missing descriptions
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@899 e094ebfe-e918-0410-adfb-c712417f3574
| -rw-r--r-- | active/CVE-2006-7203 | 6 | ||||
| -rw-r--r-- | active/CVE-2007-0005 | 2 | ||||
| -rw-r--r-- | active/CVE-2007-1000 | 2 | ||||
| -rw-r--r-- | active/CVE-2007-1353 | 2 | ||||
| -rw-r--r-- | active/CVE-2007-1861 | 8 | ||||
| -rw-r--r-- | active/CVE-2007-2242 | 2 | ||||
| -rw-r--r-- | active/CVE-2007-2453 | 7 | ||||
| -rw-r--r-- | active/CVE-2007-2525 | 5 | ||||
| -rw-r--r-- | active/CVE-2007-2875 | 9 | ||||
| -rw-r--r-- | active/CVE-2007-2876 | 10 | ||||
| -rw-r--r-- | active/CVE-2007-2878 | 5 | ||||
| -rwxr-xr-x | scripts/ubuntu-table | 2 |
12 files changed, 47 insertions, 13 deletions
diff --git a/active/CVE-2006-7203 b/active/CVE-2006-7203 index 080ab1b7..af249f7a 100644 --- a/active/CVE-2006-7203 +++ b/active/CVE-2006-7203 @@ -6,9 +6,11 @@ Description: and earlier allows local users to cause a denial of service (NULL pointer dereference and oops) by mounting a smbfs file system in compatibility mode ("mount -t smbfs"). - jmm> Vulnerable code not present in 2.4.27 Ubuntu-Description: + The compat_sys_mount function allowed local users to cause a denial of + service when mounting a smbfs filesystem in compatibility mode. Notes: + jmm> Vulnerable code not present in 2.4.27 Bugs: upstream: released (2.6.20, 2.6.18.6) linux-2.6: released (2.6.20-1) @@ -16,5 +18,5 @@ linux-2.6: released (2.6.20-1) 2.6.8-sarge-security: pending (2.6.8-17sarge1) [compat_sys_mount-NULL-data_page.dpatch] 2.4.27-sarge-security: N/A 2.6.15-dapper-security: pending (2.6.15-28.56) -2.6.17-edgy-security: pending (2.6.17.1-11.39) [b47f37617947e31bb19441e18714683e4ec86820] +2.6.17-edgy-security: released (2.6.17.1-11.39) [b47f37617947e31bb19441e18714683e4ec86820] 2.6.20-feisty-security: N/A diff --git a/active/CVE-2007-0005 b/active/CVE-2007-0005 index de55adfe..f3d8f6ff 100644 --- a/active/CVE-2007-0005 +++ b/active/CVE-2007-0005 @@ -16,5 +16,5 @@ linux-2.6: released (2.6.20-1) [2.6.20.2] 2.6.8-sarge-security: N/A 2.4.27-sarge-security: N/A 2.6.15-dapper-security: pending (2.6.15-28.56) -2.6.17-edgy-security: pending (2.6.17.1-11.39) [059819a41d4331316dd8ddcf977a24ab338f4300] +2.6.17-edgy-security: released (2.6.17.1-11.39) [059819a41d4331316dd8ddcf977a24ab338f4300] 2.6.20-feisty-security: N/A diff --git a/active/CVE-2007-1000 b/active/CVE-2007-1000 index c8ce5986..99e9022b 100644 --- a/active/CVE-2007-1000 +++ b/active/CVE-2007-1000 @@ -16,5 +16,5 @@ linux-2.6: released (2.6.20-1) 2.6.8-sarge-security: N/A 2.4.27-sarge-security: N/A 2.6.15-dapper-security: pending (2.6.15-28.56) -2.6.17-edgy-security: pending (2.6.17.1-11.39) [c6a7d4a50efdc7ebd50158bcd57c981e85bd31f7] +2.6.17-edgy-security: released (2.6.17.1-11.39) [c6a7d4a50efdc7ebd50158bcd57c981e85bd31f7] 2.6.20-feisty-security: N/A diff --git a/active/CVE-2007-1353 b/active/CVE-2007-1353 index 5dfc718a..77d38479 100644 --- a/active/CVE-2007-1353 +++ b/active/CVE-2007-1353 @@ -22,5 +22,5 @@ linux-2.6: 2.6.8-sarge-security: 2.4.27-sarge-security: pending (2.4.27-10sarge6) [244_bluetooth-l2cap-hci-info-leaks.diff] 2.6.15-dapper-security: pending (2.6.15-28.56) -2.6.17-edgy-security: pending (2.6.17.1-11.39) [6529b3249b30c826d8ab991d839c6cb4e952c1ed] +2.6.17-edgy-security: released (2.6.17.1-11.39) [6529b3249b30c826d8ab991d839c6cb4e952c1ed] 2.6.20-feisty-security: released (2.6.20-16.29) diff --git a/active/CVE-2007-1861 b/active/CVE-2007-1861 index 65173ea8..3dfded1f 100644 --- a/active/CVE-2007-1861 +++ b/active/CVE-2007-1861 @@ -3,7 +3,13 @@ References: Subject: [PATCH] infinite recursion in netlink Message-ID: <20070425183856.GA6028@ms2.inr.ac.ru> Description: + The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux Kernel before + 2.6.20.8 allows attackers to cause a denial of service (kernel panic) via + NETLINK_FIB_LOOKUP replies, which trigger infinite recursion and a stack + overflow. Ubuntu-Description: + A flaw was discovered in the handling of netlink messages. Local attackers + could cause infinite recursion leading to a denial of service. Notes: jmm> Introduced in 2.6.13 Bugs: @@ -14,5 +20,5 @@ linux-2.6: released (2.6.21-1) 2.4.27-sarge-security: N/A 2.6.12-breezy-security: N/A 2.6.15-dapper-security: pending (2.6.15-28.56) -2.6.17-edgy-security: pending (2.6.17.1-11.39) [a0819ea9cc4116f4d127c4e015ce146109be1f4b] +2.6.17-edgy-security: released (2.6.17.1-11.39) [a0819ea9cc4116f4d127c4e015ce146109be1f4b] 2.6.20-feisty-security: N/A diff --git a/active/CVE-2007-2242 b/active/CVE-2007-2242 index 7dc200f1..3776ae0d 100644 --- a/active/CVE-2007-2242 +++ b/active/CVE-2007-2242 @@ -26,5 +26,5 @@ linux-2.6: 2.6.8-sarge-security: 2.4.27-sarge-security: 2.6.15-dapper-security: deferred (2.6.15-29.57) -2.6.17-edgy-security: pending (2.6.17.1-11.39) [fee89820efa8e3479b39149dcfb2b1bccdaadedc] +2.6.17-edgy-security: released (2.6.17.1-11.39) [fee89820efa8e3479b39149dcfb2b1bccdaadedc] 2.6.20-feisty-security: released (2.6.20-16.28) diff --git a/active/CVE-2007-2453 b/active/CVE-2007-2453 index 2de3a77f..82ebf2d9 100644 --- a/active/CVE-2007-2453 +++ b/active/CVE-2007-2453 @@ -4,6 +4,11 @@ References: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=602b6aeefe8932dd8bb15014e8fe6bb25d736361 http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.4 Description: + The random number feature in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x + before 2.6.21.4, (1) does not properly seed pools when there is no entropy, + or (2) uses an incorrect cast when extracting entropy, which might cause the + random number generator to provide the same values after reboots on systems + without an entropy source. Ubuntu-Description: The random number generator was hashing a subset of the available entropy, leading to slightly less random numbers. Additionally, systems @@ -17,5 +22,5 @@ linux-2.6: released (2.6.21-5) 2.6.8-sarge-security: 2.4.27-sarge-security: 2.6.15-dapper-security: pending (2.6.15-28.57) -2.6.17-edgy-security: pending (2.6.17.1-11.39) +2.6.17-edgy-security: released (2.6.17.1-11.39) 2.6.20-feisty-security: released (2.6.20-16.29) diff --git a/active/CVE-2007-2525 b/active/CVE-2007-2525 index 8ddd0799..4319708a 100644 --- a/active/CVE-2007-2525 +++ b/active/CVE-2007-2525 @@ -6,6 +6,9 @@ Description: service (memory consumption) by creating a socket using connect, and releasing it before the PPPIOCGCHAN ioctl is initialized. Ubuntu-Description: + A flaw was discovered in the PPP over Ethernet implementation. Local + attackers could manipulate ioctls and cause kernel memory consumption + leading to a denial of service. Notes: jmm> 202a03acf9994076055df40ae093a5c5474ad0bd Bugs: @@ -15,5 +18,5 @@ linux-2.6: released (2.6.21-1) 2.6.8-sarge-security: pending (2.6.8-17sarge1) [pppoe-socket-release-mem-leak.dpatch] 2.4.27-sarge-security: needed 2.6.15-dapper-security: pending (2.6.15-28.56) -2.6.17-edgy-security: pending (2.6.17.1-11.39) [123623f9ad4d9bbe55c03b33ce79123e948b107f] +2.6.17-edgy-security: released (2.6.17.1-11.39) [123623f9ad4d9bbe55c03b33ce79123e948b107f] 2.6.20-feisty-security: pending (2.6.20-16.29) [168038c2da7f984a07fd169270b2cac561e1c90c] diff --git a/active/CVE-2007-2875 b/active/CVE-2007-2875 index e0ff093c..17bfbfa2 100644 --- a/active/CVE-2007-2875 +++ b/active/CVE-2007-2875 @@ -3,7 +3,14 @@ References: http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.20.y.git;a=commit;h=85badbdf5120d246ce2bb3f1a7689a805f9c9006 http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.4 Description: + Integer underflow in the cpuset_tasks_read function in the Linux kernel + before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem + is mounted, allows local users to obtain kernel memory contents by using a + large offset when reading the /dev/cpuset/tasks file. Ubuntu-Description: + An integer underflow was discovered in the cpuset filesystem. If mounted, + local attackers could obtain kernel memory using large file offsets while + reading the tasks file. This could disclose sensitive data. Notes: Use simple_read_from_buffer to avoid possible underflow in cpuset_tasks_read which could allow user to read kernel memory. @@ -14,5 +21,5 @@ linux-2.6: released (2.6.21-5) 2.6.8-sarge-security: 2.4.27-sarge-security: 2.6.15-dapper-security: pending (2.6.15-28.56) -2.6.17-edgy-security: pending (2.6.17.1-11.39) [1448fa0c7be21a3c6c31b20d19a8ecfafdfea143] +2.6.17-edgy-security: released (2.6.17.1-11.39) [1448fa0c7be21a3c6c31b20d19a8ecfafdfea143] 2.6.20-feisty-security: pending (2.6.20-16.29) [b07fd0532409fb2332562abc2254376222d1e913] diff --git a/active/CVE-2007-2876 b/active/CVE-2007-2876 index 4f69d243..4dcedabc 100644 --- a/active/CVE-2007-2876 +++ b/active/CVE-2007-2876 @@ -2,7 +2,15 @@ Candidate: CVE-2007-2876 References: http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.4 Description: + The sctp_new function in (1) ip_conntrack_proto_sctp.c and (2) + nf_conntrack_proto_sctp.c in Netfilter in Linux kernel 2.6 before 2.6.20.13, + and 2.6.21.x before 2.6.21.4, allows remote attackers to cause a denial of + service by causing certain invalid states that trigger a NULL pointer + dereference. Ubuntu-Description: + Vilmos Nebehaj discovered that the SCTP netfilter code did not correctly + validate certain states. A remote attacker could send a specially crafted + packet causing a denial of service. Notes: When creating a new connection by sending an unknown chunk type, we don't transition to a valid state, causing a NULL pointer dereference in @@ -14,5 +22,5 @@ linux-2.6: released (2.6.21-5) 2.6.8-sarge-security: N/A 2.4.27-sarge-security: N/A 2.6.15-dapper-security: pending (2.6.15-28.56) -2.6.17-edgy-security: pending (2.6.17.1-11.39) [71405ef45b6a5da5419cf4580db7fe9666a63774] +2.6.17-edgy-security: released (2.6.17.1-11.39) [71405ef45b6a5da5419cf4580db7fe9666a63774] 2.6.20-feisty-security: pending (2.6.20-16.29) [b72e4ea43b03b980f6818a10050f2d65d347f36c] diff --git a/active/CVE-2007-2878 b/active/CVE-2007-2878 index e9cfb2e3..eaad22e6 100644 --- a/active/CVE-2007-2878 +++ b/active/CVE-2007-2878 @@ -6,6 +6,9 @@ Description: on a 64-bit system, allow local users to corrupt a kernel_dirent struct and cause a denial of service (system crash) via unknown vectors. Ubuntu-Description: + Luca Tettamanti discovered a flaw in the VFAT compat ioctls on 64-bit + systems. A local attacker could corrupt a kernel_dirent struct and cause + a denial of service. Notes: dannf> reproduced in etch using reproducer provided in the changeset dannf> backporting the fix only proved hazardous as there was some recent @@ -20,5 +23,5 @@ linux-2.6: released (2.6.21-3) 2.6.8-sarge-security: N/A 2.4.27-sarge-security: N/A 2.6.15-dapper-security: pending (2.6.15-28.56) -2.6.17-edgy-security: pending (2.6.17.1-11.39) [6dbbec837f43196339b1638dc799d898fcba9302] +2.6.17-edgy-security: released (2.6.17.1-11.39) [6dbbec837f43196339b1638dc799d898fcba9302] 2.6.20-feisty-security: pending (2.6.20-16.29) [5825ab378271ac6ead26504a46b0d404b63592dc] diff --git a/scripts/ubuntu-table b/scripts/ubuntu-table index 7a6d6fa7..884e348a 100755 --- a/scripts/ubuntu-table +++ b/scripts/ubuntu-table @@ -30,7 +30,7 @@ for cve in cves: for rel in releases: if table[cve][rel] != 'N/A' and table[cve][rel] != 'released' and table[cve][rel] != '-unlisted-': ignore = 0 - if table[cve][rel] == 'needed': + if table[cve][rel] == 'needed' or table[cve][rel] == 'deferred': needed = 1 if table[cve][rel] == 'released': released = 1 |