diff options
| author | dann frazier <dannf@debian.org> | 2006-08-17 00:24:25 +0000 |
|---|---|---|
| committer | dann frazier <dannf@debian.org> | 2006-08-17 00:24:25 +0000 |
| commit | f3581ec9b2d48c6103c22fecb46f713217d834e8 (patch) | |
| tree | 16359328df8385089d75b771a15c849bc9d052ea /retired/CVE-2003-0984 | |
| parent | fcaf6d1f99829e04e46b5eb27e1aac3451308455 (diff) | |
move retired to the top level hierarchy so people can easily checkout just the active issues
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@548 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired/CVE-2003-0984')
| -rw-r--r-- | retired/CVE-2003-0984 | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/retired/CVE-2003-0984 b/retired/CVE-2003-0984 new file mode 100644 index 00000000..73760da7 --- /dev/null +++ b/retired/CVE-2003-0984 @@ -0,0 +1,46 @@ +Candidate: CVE-2003-0984 +References: + SUSE:SuSE-SA:2003:049 + URL:http://www.novell.com/linux/security/advisories/2003_049_kernel.html + CONECTIVA:CLA-2004:799 + URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000799 + ENGARDE:ESA-20040105-001 + URL:http://www.linuxsecurity.com/advisories/engarde_advisory-3904.html + REDHAT:RHSA-2003:417 + URL:http://www.redhat.com/support/errata/RHSA-2003-417.html + REDHAT:RHSA-2004:188 + URL:http://www.redhat.com/support/errata/RHSA-2004-188.html + MANDRAKE:MDKSA-2004:001 + URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:001 + BUGTRAQ:20040112 SmoothWall Project Security Advisory SWP-2004:001 + URL:http://marc.theaimsgroup.com/?l=bugtraq&m=107394143105081&w=2 + XF:linux-rtc-memory-leak(13943) + URL:http://xforce.iss.net/xforce/xfdb/13943 + OVAL:OVAL1013 + URL:http://oval.mitre.org/oval/definitions/data/oval1013.html + OVAL:OVAL859 + URL:http://oval.mitre.org/oval/definitions/data/oval859.html +Description: + Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not + properly initialize their structures, which could leak kernel data to user + space. +Notes: + backport from dilinger; though it isn't quite what appears to have gone + upstream: + http://linux.bkbits.net:8080/linux-2.4/cset@3fd7827aNFUTifwp7_u4babSUA8Bkg?nav=index.html|src/|src/drivers|src/drivers/sbus|src/drivers/sbus/char|related/drivers/sbus/char/rtc.c + http://linux.bkbits.net:8080/linux-2.4/cset@3ff8697bFIYfsvIbsqw27h6C_rbCEA?nav=index.html|src/|src/drivers|src/drivers/sbus|src/drivers/sbus/char|related/drivers/sbus/char/rtc.c + jmm> This was fixed upstream in 2.4.24-rc1: + jmm> | <trini:mvista.com>: + jmm> | o /dev/rtc can leak parts of kernel memory to unpriviledged users +Bugs: +upstream: released (2.4.24-rc1, 2.6.2) +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: released (2.4.19-4.woody3) +2.4.18-woody-security: released (2.4.18-14.4) +2.4.17-woody-security: released (2.4.17-1woody4) +2.4.16-woody-security: released (2.4.16-1woody3) +2.4.17-woody-security-hppa: released (32.5) +2.4.17-woody-security-ia64: released (011226.18) +2.4.18-woody-security-hppa: released (62.4) |