more CVE texts

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1349 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 74 insertions, 1 deletions

diff --git a/dsa-texts/2.6.24-6~etchnhalf.8etch1 b/dsa-texts/2.6.24-6~etchnhalf.8etch1
index 02cb9f6a..fd845bc4 100644
--- a/dsa-texts/2.6.24-6~etchnhalf.8etch1
+++ b/dsa-texts/2.6.24-6~etchnhalf.8etch1
@@ -21,6 +21,11 @@ Vulnerabilities and Exposures project identifies the following
 problems:
 
 CVE-2008-4307
+
+    Bryn M. Reeves reported a denial of service in the NFS filesystem.
+    Local users can trigger a kernel BUG() due to a race condition
+    in the do_setlk function.
+
 CVE-2008-5079
 
     Hugo Dias reported a DoS condition in the ATM subsystem that can
@@ -28,10 +33,34 @@ CVE-2008-5079
     twice on the same socket and reading /proc/net/atm/*vc.
 
 CVE-2008-5395
+
+    Helge Deller discovered a denial of service condition that allows
+    local users on PA-RISC systems to crash a system by attempting
+    to unwind a stack contiaining userspace addresses.
+
 CVE-2008-5700
+
+    Alan Cox discovered a lack of minimum timeouts on SG_IO requests,
+    which allows local users of systems using ATA to cause a denial
+    of service by forcing drives into PIO mode.
+    
 CVE-2008-5701
+
+    Vlad Malov reported an issue on 64-bit MIPS systems where a local user
+    could cause a system crash by crafing a malicious binary which makes
+    o32 syscalls with a number less than 4000.
+
 CVE-2008-5702
+
+    Zvonimir Rakamaric reported an off-by-one error in the ib700wdt watchdog
+    driver which allows local users to cause a buffer underflow by making
+    a specially crafted WDIOC_SETTIMEOUT ioctl call.
+
 CVE-2009-0028
+
+    Chris Evans discovered a situation in which a child process can send
+    an arbitrary signal to its parent.
+
 CVE-2009-0029
 
     Christian Borntraeger discovered an issue effecting the alpha,
@@ -69,7 +98,7 @@ CVE-2009-0675
 
 CVE-2009-0676
 
-    Clément LECIGNE discovered a bug in the sock_getsockopt function
+    Clement LECIGNE discovered a bug in the sock_getsockopt function
     that may result in leaking sensitive kernel memory.
 
 CVE-2009-0745
@@ -79,15 +108,59 @@ CVE-2009-0745
     during a resize operation.
 
 CVE-2009-0834
+
+    Roland McGrath discovered an issue on amd64 kernels that allows local
+    users to circumvent system call audit configurations which filter
+    based on the syscall numbers or argument details.
+
 CVE-2009-0859
+
+    Jiri Olsa discovered that a local user can cause a denial of service
+    (system hang) using a SHM_INFO shmctl call on kernels compiled with
+    CONFIG_SHMEM disabled. This issue does not affect prebuilt Debian
+    kernels.
+
 CVE-2009-1046
+
+    Mikulas Patocka reported an issue in the console subsystem that allows
+    a local user to cause memory corruption by selecting a small number of
+    3-byte UTF-8 characters.
+
 CVE-2009-1192
+
+    Shaohua Li reported an issue in the AGP subsystem they may allow local
+    users to read sensitive kernel memory due to a leak of uninitialized
+    memory.
+
 CVE-2009-1242
+
+    Benjamin Gilbert reported a local denial of service vulnerability in the
+    KVM VMX implementation that allows local users to trigger an oops.
+
 CVE-2009-1265
+
+    Thomas Pollet reported an overflow in the af_rose implementation that
+    allows remote attackers to retrieve uninitialized kernel memory that
+    may contain sensitive data.
+
 CVE-2009-1337
+
+    Oleg Nesterov discovered an issue in the exit_notify function that allows
+    local users to send an arbitrary signal to a process by running a program
+    that modifies the exit_signal field and then uses an exec system call to
+    launch a setuid application. 
+
 CVE-2009-1338
+
+    Daniel Hokka Zakrisson discovered that a kill(-1) is permitted to reach
+    processes outside of the current process namespace.
+   
 CVE-2009-1439
 
+    Pavan Naregundi reported an issue in the CIFS filesystem code that
+    allows remote users to overwrite memory via a long nativeFileSystem
+    field in a Tree Connect response during mount.
+
 For the stable distribution (etch), these problems have been fixed in
 version 2.6.24-6~etchnhalf.8etch1.