add CVE references

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1278 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 74 insertions, 6 deletions

diff --git a/dsa-texts/2.6.18.dfsg.1-23etch1 b/dsa-texts/2.6.18.dfsg.1-23etch1
index 6e647dd0..74accfc9 100644
--- a/dsa-texts/2.6.18.dfsg.1-23etch1
+++ b/dsa-texts/2.6.18.dfsg.1-23etch1
@@ -1,27 +1,95 @@
 ----------------------------------------------------------------------
 Debian Security Advisory DSA-XXXX-1                security@debian.org
 http://www.debian.org/security/                           dann frazier
-Dec 13, 2008                        http://www.debian.org/security/faq
+Dec 14, 2008                        http://www.debian.org/security/faq
 ----------------------------------------------------------------------
 
 Package        : linux-2.6
 Vulnerability  : denial of service/privilege escalation
 Problem type   : local/remote
 Debian-specific: no
-CVE Id(s)      : CVE-XXXX-XXXX
+CVE Id(s)      : CVE-2008-3527 CVE-2008-3528 CVE-2008-4554 CVE-2008-4576
+                 CVE-2008-4933 CVE-2008-4934 CVE-2008-5025 CVE-2008-5029
+                 CVE-2008-5079 CVE_2008-5182 CVE-2008-5300
 
 Several vulnerabilities have been discovered in the Linux kernel that
 may lead to a denial of service or privilege escalation. The Common
 Vulnerabilities and Exposures project identifies the following
 problems:
 
-CVE-XXXX-XXXX
+CVE-2008-3527
 
-    XXXX
+    Tavis Ormandy reported a local DoS and potential privilege escalation
+    in the Virtual Dynamic Shared Objects (vDSO) implementation.
 
-CVE-XXXX-XXX
+CVE-2008-3528
 
-    XXXX
+    Eugene Teo reported a local DoS issue in the ext2 and ext3
+    filesystems.  Local users who have been granted the privileges
+    necessary to mount a filesystem would be able to craft a corrupted
+    filesystem that causes the kernel to output error messages in an
+    infinite loop.
+
+CVE-2008-4554
+
+    Milos Szeredi reported that the usage of splice() on files opened
+    with O_APPEND allows users to write to the file at arbitrary
+    offsets, enabling a bypass of possible assumed semantics of the
+    O_APPEND flag.
+
+CVE-2008-4576
+
+    Vlad Yasevich reported an issue in the SCTP subsystem that may
+    allow remote users to cause a local DoS by triggering a kernel
+    oops.
+
+CVE-2008-4933
+
+    Eric Sesterhenn reported a local DoS issue in the hfsplus
+    filesystem.  Local users who have been granted the privileges
+    necessary to mount a filesystem would be able to craft a corrupted
+    filesystem that causes the kernel to overrun a buffer, resulting
+    in a system oops or memory corruption.
+
+CVE-2008-4934
+
+    Eric Sesterhenn reported a local DoS issue in the hfsplus
+    filesystem.  Local users who have been granted the privileges
+    necessary to mount a filesystem would be able to craft a corrupted
+    filesystem that results in a kernel oops due to an unchecked
+    return value.
+
+CVE-2008-5025
+
+    Eric Sesterhenn reported a local DoS issue in the hfs filesystem.
+    Local users who have been granted the privileges necessary to
+    mount a filesystem would be able to craft a filesystem with a
+    corrupted catalog name length, resulting in a system oops or
+    memory corruption.
+
+CVE-2008-5029
+
+    Andrea Bittau reported a DoS issue in the unix socket subsystem
+    that allows a local user to cause memory corruption, resulting in
+    a kernel panic.
+
+CVE-2008-5079
+
+    Hugo Dias reported a DoS condition in the ATM subsystem
+    that can be triggered by a local user by calling the svc_listen
+    function twice on the same socket and reading /proc/net/atm/*vc.
+
+CVE_2008-5182
+
+    Al Viro reported race conditions in the inotify subsystem that may
+    allow local users to acquire elevated privileges.
+
+CVE-2008-5300
+
+    Dann Frazier reported a DoS condition that allows local users to
+    cause the out of memory handler to kill off privileged processes
+    or trigger soft lockups due to a starvation issue in the unix
+    socket subsystem.
 
 For the stable distribution (etch), this problem has been fixed in
 version 2.6.18.dfsg.1-23etch1.