diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2011-11-08 09:10:51 +0000 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2011-11-08 09:10:51 +0000 |
| commit | 2139ae806ed3c8a5f26253579e4b15447b907e10 (patch) | |
| tree | 4922ae6d9932b48624cfa494a4266afc382fa68b /retired | |
| parent | f8525c88099df81c721f35e1c4f83f6149bc3f26 (diff) | |
retire
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@2541 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired')
| -rw-r--r-- | retired/CVE-2010-4249 | 42 | ||||
| -rw-r--r-- | retired/CVE-2011-2491 | 9 | ||||
| -rw-r--r-- | retired/CVE-2011-2492 | 10 | ||||
| -rw-r--r-- | retired/CVE-2011-2496 | 13 | ||||
| -rw-r--r-- | retired/CVE-2011-2517 | 10 | ||||
| -rw-r--r-- | retired/CVE-2011-2525 | 9 | ||||
| -rw-r--r-- | retired/CVE-2011-3191 | 11 |
7 files changed, 104 insertions, 0 deletions
diff --git a/retired/CVE-2010-4249 b/retired/CVE-2010-4249 new file mode 100644 index 00000000..162465c1 --- /dev/null +++ b/retired/CVE-2010-4249 @@ -0,0 +1,42 @@ +Candidate: CVE-2010-4249 +Description: +References: + http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commit;h=9915672d41273f5b77f1b3c29b391ffb7732b84b + http://thread.gmane.org/gmane.linux.network/179049/focus=179051 + http://www.spinics.net/lists/netdev/msg147946.html + > From Eugene Teo: + > Reproducer: http://lkml.org/lkml/2010/11/23/395 + > Partial fix: http://lkml.org/lkml/2010/11/23/450 + > Reference: https://bugzilla.redhat.com/show_bug.cgi?id=656756 +Notes: + Note from Neil Horman in the RH bugtracker: + Note that9915672d41273f5b77f1b3c29b391ffb7732b84b is only part of the solution. + We also need bba14de98753cb6599a2dae0e520714b2153522d from net-next. + . + jmm> Looks like the following commits are needed from Linus git? + jmm> 25888e30319f8896fc656fc68643e6a078263060 + jmm> 9915672d41273f5b77f1b3c29b391ffb7732b84b + jmm> bba14de98753cb6599a2dae0e520714b2153522d (from net-next) + dannf> fyi, i have the last two queued up in my tree; it has an + dannf> abi change which i need to address properly before commit. + dannf> tests show this was sufficient to avoid OOM'ing w/ the reproducer in + dannf> http://lkml.org/lkml/2010/11/23/395. + dannf> The reproducer associated with 25888e303 + dannf> (https://lkml.org/lkml/2010/11/25/8) is different; and has + dannf> different symptoms (unkillable process vs. OOM) - perhaps it should + dannf> have a different CVE? + dannf> + dannf> I've added CVE-2010-af_unix-recursion to track that issue. + jmm> 2.6.32.40 is missing bba14, it was added in 2.6.32.47 +Bugs: +upstream: released (2.6.38) [25888e30319f8896fc656fc68643e6a078263060, 9915672d41273f5b77f1b3c29b391ffb7732b84b, bba14de98753cb6599a2dae0e520714b2153522d] +2.6.32-upstream-stable: released (2.6.32.47) +sid: released (2.6.32-30) [bugfix/all/af_unix-limit-unix_tot_inflight.patch, bugfix/all/scm-lower-SCM_MAX_FD.patch] +2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/af_unix-limit-unix_tot_inflight.patch, bugfix/all/scm-lower-SCM_MAX_FD.patch] +2.6.32-squeeze-security: released (2.6.32-30) [bugfix/all/af_unix-limit-unix_tot_inflight.patch, bugfix/all/scm-lower-SCM_MAX_FD.patch, bugfix/all/af_unix-limit-recursion-level.patch] + + + + + + diff --git a/retired/CVE-2011-2491 b/retired/CVE-2011-2491 new file mode 100644 index 00000000..0b803290 --- /dev/null +++ b/retired/CVE-2011-2491 @@ -0,0 +1,9 @@ +Description: NLM: Don't hang forever on NLM unlock requests +References: +Notes: +Bugs: +upstream: released (3.0-rc5) [0b760113a3a155269a3fba93a409c640031dd68f] +2.6.32-upstream-stable: released (2.6.32.47) +sid: released (3.0.0-1) +2.6.26-lenny-security: released (2.6.26-24lenny4) [bugfix/all/nlm-dont-hang-forever-on-nlm-unlock-requests.patch] +2.6.32-squeeze-security: released (2.6.32-35squeeze1) [bugfix/all/nlm-dont-hang-forever-on-nlm-unlock-requests.patch] diff --git a/retired/CVE-2011-2492 b/retired/CVE-2011-2492 new file mode 100644 index 00000000..478ec9f3 --- /dev/null +++ b/retired/CVE-2011-2492 @@ -0,0 +1,10 @@ +Description: bluetooth leaks to userspace +References: + http://permalink.gmane.org/gmane.linux.bluez.kernel/12909 +Notes: +Bugs: +upstream: released (3.0-rc4) [8d03e971cf403305217b8e62db3a2e5ad2d6263f] +2.6.32-upstream-stable: released (2.6.32.47) +sid: released (3.0.0-1) +2.6.26-lenny-security: released (2.6.26-26lenny4) [bugfix/all/CVE-2011-2492.patch] +2.6.32-squeeze-security: released (2.6.32-35squeeze1) [bugfix/all/bluetooth-l2cap-and-rfcomm-fix-1-byte-infoleak-to-userspace.patch] diff --git a/retired/CVE-2011-2496 b/retired/CVE-2011-2496 new file mode 100644 index 00000000..db165ce8 --- /dev/null +++ b/retired/CVE-2011-2496 @@ -0,0 +1,13 @@ +Description: CVE-2011-2496 +References: + http://www.spinics.net/lists/stable-commits/msg11385.html + http://www.spinics.net/lists/linux-mm/msg17093.html + http://groups.google.com/group/fa.linux.kernel/msg/9e43ab898c5e6d16 +Notes: + jmm> Only 9821 was merged in 2.6.32.37, the other two only added in 2.6.32.47 +Bugs: +upstream: released (2.6.39) [982134ba62618c2d69fbbbd166d0a11ee3b7e3d8, a626ca6a656450e9f4df91d0dda238fff23285f4, 42c36f63ac1366ab0ecc2d5717821362c259f517] +2.6.32-upstream-stable: released (2.6.32.47) +sid: released (2.6.39-1) +2.6.26-lenny-security: released (2.6.26-26lenny4) [bugfix/all/mm-avoid-wrapping-vm_pgoff-in-mremap.patch, bugfix/all/vm-fix-vm_pgoff-wrap-in-stack-expansion.patch, bugfix/all/vm-fix-vm_pgoff-wrap-in-upward-expansion.patch] +2.6.32-squeeze-security: released (2.6.32-35squeeze1) [bugfix/all/stable/2.6.32.37.patch, bugfix/all/vm-fix-vm_pgoff-wrap-in-stack-expansion.patch, bugfix/all/vm-fix-vm_pgoff-wrap-in-upward-expansion.patch] diff --git a/retired/CVE-2011-2517 b/retired/CVE-2011-2517 new file mode 100644 index 00000000..82c78526 --- /dev/null +++ b/retired/CVE-2011-2517 @@ -0,0 +1,10 @@ +Description: nl80211: missing check for valid SSID size in scan operations +References: +Notes: + jmm> Requires CAP_NET_ADMIN +Bugs: +upstream: released (3.0-rc3) [208c72f4fe44fe09577e7975ba0e7fa0278f3d03 , 57a27e1d6a3bb9ad4efeebd3a8c71156d6207536] +2.6.32-upstream-stable: released (2.6.32.47) +sid: released (2.6.39-3) +2.6.26-lenny-security: N/A "Introduced in 2.6.29" +2.6.32-squeeze-security: released (2.6.32-35squeeze1) [bugfix/all/nl80211-fix-check-for-valid-SSID-size-in-scan-operations.patch, bugfix/all/nl80211-fix-overflow-in-ssid_len.patch] diff --git a/retired/CVE-2011-2525 b/retired/CVE-2011-2525 new file mode 100644 index 00000000..cf5d4ff9 --- /dev/null +++ b/retired/CVE-2011-2525 @@ -0,0 +1,9 @@ +Description: net_sched: fix qdisc_notify() +References: +Notes: +Bugs: +upstream: released (2.6.35) [53b0f08042f04813cd1a7473dacd3edfacb28eb3] +2.6.32-upstream-stable: released (2.6.32.47) +sid: released (2.6.35-1) +2.6.26-lenny-security: released (2.6.26-26lenny4) [bugfix/all/net_sched-Fix-qdisc_notify.patch] +2.6.32-squeeze-security: released (2.6.32-35squeeze1) [bugfix/all/net_sched-Fix-qdisc_notify.patch] diff --git a/retired/CVE-2011-3191 b/retired/CVE-2011-3191 new file mode 100644 index 00000000..59145cf5 --- /dev/null +++ b/retired/CVE-2011-3191 @@ -0,0 +1,11 @@ +Description: cifs: signedness issue in CIFSFindNext() +References: + http://www.spinics.net/lists/linux-cifs/msg03950.html + https://bugzilla.redhat.com/show_bug.cgi?id=732869 +Notes: +Bugs: +upstream: released (3.1-rc7) [9438fabb73eb48055b58b89fc51e0bc4db22fabd] +2.6.32-upstream-stable: released (2.6.32.47) +sid: released (3.0.0-5) [bugfix/all/stable/3.0.5.patch] +2.6.26-lenny-security: released (2.6.26-26lenny4) [bugfix/all/cifs-fix-possible-memory-corruption-in-CIFSFindNext.patch] +2.6.32-squeeze-security: released (2.6.32-35squeeze1) [bugfix/all/cifs-fix-possible-memory-corruption-in-CIFSFindNext.patch] |