retire more issues

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1530 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 24 insertions, 0 deletions

diff --git a/retired/CVE-2008-5029 b/retired/CVE-2008-5029
new file mode 100644
index 00000000..043cf3ab
--- /dev/null
+++ b/retired/CVE-2008-5029
@@ -0,0 +1,24 @@
+Candidate: CVE-2008-5029
+Description:
+ The __scm_destroy function in net/core/scm.c in the Linux kernel
+ 2.6.27.4, 2.6.26, and earlier makes indirect recursive calls to itself
+ through calls to the fput function, which allows local users to cause
+ a denial of service (panic) via vectors related to sending an
+ SCM_RIGHTS message through a UNIX domain socket and closing file
+ descriptors.
+References:
+ http://marc.info/?l=linux-netdev&m=122593044330973&w=2
+ http://www.openwall.com/lists/oss-security/2008/11/06/1
+ https://bugzilla.redhat.com/show_bug.cgi?id=470201
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.26.8)
+linux-2.6: released (2.6.26-11) [bugfix/all/stable/2.6.26.8.patch]
+2.6.18-etch-security: released (2.6.18.dfsg.1-23etch1) [bugfix/af_unix-fix-garbage-collector-races.patch, bugfix/af_unix-convert-socks-to-unix_socks.patch, bugfix/net-unix-fix-inflight-counting-bug-in-garbage-collector.patch, bugfix/net-fix-recursive-descent-in-__scm_destroy.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.7) [bugfix/unix-domain-counting-gc.patch, bugfix/unix-domain-recursive-descent.patch, bugfix/unix-domain-recursive-descent-abi-ignore.patch]
+2.6.26-lenny-security: released (2.6.26-11) [bugfix/all/stable/2.6.26.8.patch]
+2.6.15-dapper-security: needed
+2.6.22-gutsy-security: needed
+2.6.24-hardy-security: needed
+2.6.27-intrepid-security: needed