retire more issues

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1530 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 25 insertions, 0 deletions

diff --git a/retired/CVE-2008-6107 b/retired/CVE-2008-6107
new file mode 100644
index 00000000..3c9eee54
--- /dev/null
+++ b/retired/CVE-2008-6107
@@ -0,0 +1,25 @@
+Candidate: CVE-2008-6107
+Description:
+ The (1) sys32_mremap function in arch/sparc64/kernel/sys_sparc32.c, the
+ (2) sparc_mmap_check function in arch/sparc/kernel/sys_sparc.c, and the
+ (3) sparc64_mmap_check function in arch/sparc64/kernel/sys_sparc.c, in
+ the Linux kernel before 2.6.25.4, omit some virtual-address range (aka
+ span) checks when the mremap MREMAP_FIXED bit is not set, which allows
+ local users to cause a denial of service (panic) via unspecified mremap
+ calls, a related issue to CVE-2008-2137. 
+References:
+ http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.4 
+ http://marc.info/?l=linux-kernel&m=121071103304610&w=2
+ 94d149c34cda933ff5096aca94bb23bf68602f4e
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.25.4, 2.6.26)
+linux-2.6: released (2.6.25-4)
+2.6.18-etch-security: released (2.6.18.dfsg.1-18etch5) [bugfix/sparc-fix-mremap-addr-range-validation.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.3) [bugfix/sparc-fix-mremap-addr-range-validation.patch]
+2.6.26-lenny-security: N/A
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security: