retire more issues

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1142 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 31 insertions, 0 deletions

diff --git a/retired/CVE-2007-3739 b/retired/CVE-2007-3739
new file mode 100644
index 00000000..e06a758f
--- /dev/null
+++ b/retired/CVE-2007-3739
@@ -0,0 +1,31 @@
+Candidate: CVE-2007-3739
+References: 
+ MLIST:[lkml] 20070129 [PATCH] Don't allow the stack to grow into hugetlb reserved regions
+ URL:http://lkml.org/lkml/2007/1/29/180
+ MISC:https://bugzilla.redhat.com/show_bug.cgi?id=253313
+ REDHAT:RHSA-2007:0705
+ URL:http://www.redhat.com/support/errata/RHSA-2007-0705.html
+ SECUNIA:26760
+ URL:http://secunia.com/advisories/26760
+ XF:kernel-stack-expansion-dos(36592)
+ URL:http://xforce.iss.net/xforce/xfdb/36592 
+Description: 
+ mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does
+ not prevent stack expansion from entering into reserved kernel page
+ memory, which allows local users to cause a denial of service (OOPS)
+ via unspecified vectors.
+Ubuntu-Description: 
+ It was discovered that hugetlb kernels on PowerPC systems did not prevent
+ the stack from colliding with reserved kernel memory.  Local attackers
+ could exploit this and crash the system, causing a denial of service.
+Notes: 
+ jmm> 68589bc353037f233fe510ad9ff432338c95db66
+Bugs: 
+upstream: released (2.6.20)
+linux-2.6: released (2.6.20)
+2.6.18-etch-security: released (2.6.18.dfsg.1-13etch3) [bugfix/prevent-stack-growth-into-hugetlb-region.patch]
+2.6.8-sarge-security: released (2.6.8-17sarge1) [prevent-stack-growth-into-hugetlb-region.dpatch]
+2.4.27-sarge-security: N/A "files/functions non-existant in 2.4"
+2.6.15-dapper-security: released (2.6.15-29.59)
+2.6.17-edgy-security: released (2.6.17.1-12.41 ae30f170a8c2988179b2b34c7e562f57eb0556bc)
+2.6.20-feisty-security: released (2.6.20-16.32 e84eef7bd84cb46ae573e21d4047fa2a65072294)