retire

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@2762 e094ebfe-e918-0410-adfb-c712417f3574

15 files changed, 169 insertions, 0 deletions

diff --git a/retired/CVE-2011-4077 b/retired/CVE-2011-4077
new file mode 100644
index 00000000..a40c17e2
--- /dev/null
+++ b/retired/CVE-2011-4077
@@ -0,0 +1,14 @@
+Description: xfs: potential buffer overflow in xfs_readlink()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=749156
+ http://oss.sgi.com/archives/xfs/2011-10/msg00345.html
+Notes:
+ Proposed patch doesn't seem to fix the bug, due to possible integer
+ overflow.
+Bugs:
+upstream: released (3.2-rc2) [b52a360b2aa1c59ba9970fb0f52bbb093fcc7a24]
+2.6.32-upstream-stable: released (2.6.32.60)
+sid: released (3.0.0-6) [bugfix/all/xfs-fix-memory-corruption-in-xfs_readlink.patch, bugfix/all/xfs-fix-memory-corruption-in-xfs_readlink-2.patch]
+2.6.26-lenny-security: released (2.6.26-28) [bugfix/all/xfs-fix-possible-memory-corruption-in-xfs_readlink.patch]
+2.6.32-squeeze-security: released (2.6.32-39squeeze1) [bugfix/all/xfs-fix-possible-memory-corruption-in-xfs_readlink.patch]
+3.2-upstream-stable: N/A
diff --git a/retired/CVE-2011-4086 b/retired/CVE-2011-4086
new file mode 100644
index 00000000..ca91aa55
--- /dev/null
+++ b/retired/CVE-2011-4086
@@ -0,0 +1,9 @@
+Description: 
+References:
+Notes:
+Bugs:
+upstream: released (3.2) [15291164b22a357cb211b618adfef4fa82fc0de3]
+2.6.32-upstream-stable: released (2.6.32.60)
+sid: released (3.2-1)
+2.6.32-squeeze-security: released (2.6.32-44) [bugfix/all/jbd2-clear-BH_Delay-BH_Unwritten-in-journal_unmap_buffer.patch]
+3.2-upstream-stable: N/A
diff --git a/retired/CVE-2011-4347 b/retired/CVE-2011-4347
new file mode 100644
index 00000000..d872db71
--- /dev/null
+++ b/retired/CVE-2011-4347
@@ -0,0 +1,16 @@
+Description: kvm: device assignment DoS
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=756084
+ http://thread.gmane.org/gmane.comp.emulators.kvm.devel/82043
+Notes:
+ <dannf> was 3d27e23b17010c668db311140b17bbbb70c78fb9 meant do address
+ CVE-2011-4347?
+ <aw> yes.  you can include the one before it too
+ 423873736b78f549fbfa2f715f2e4de7e6c5e1e9
+Bugs:
+upstream: released (3.2) [423873736b78f549fbfa2f715f2e4de7e6c5e1e9, 3d27e23b17010c668db311140b17bbbb70c78fb9]
+2.6.32-upstream-stable: released (2.6.32.60)
+sid: released (3.2.1-1)
+2.6.26-lenny-security: N/A "code not present"
+2.6.32-squeeze-security: released (2.6.32-41squeeze1) [bugfix/all/KVM-Remove-ability-to-assign-a-device-without-iommu-support.patch, bugfix/all/KVM-Device-assignment-permission-checks.patch
+3.2-upstream-stable: N/A
diff --git a/retired/CVE-2011-4622 b/retired/CVE-2011-4622
new file mode 100644
index 00000000..0ad314f2
--- /dev/null
+++ b/retired/CVE-2011-4622
@@ -0,0 +1,11 @@
+Description: kvm: pit timer with no irqchip crashes the system
+References:
+ http://permalink.gmane.org/gmane.comp.emulators.kvm.devel/83564
+Notes:
+Bugs:
+upstream: released (3.2) [0924ab2cfa98b1ece26c033d696651fd62896c69]
+2.6.32-upstream-stable: released (2.6.32.60)
+sid: released (3.1.8-1)
+2.6.26-lenny-security: released (2.6.26-28) [bugfix/x86/kvm-prevent-starting-pit-timers-in-the-absence-of-irqchip-support.patch]
+2.6.32-squeeze-security: released (2.6.32-39squeeze1) [bugfix/x86/kvm-prevent-starting-pit-timers-in-the-absence-of-irqchip-support.patch]
+3.2-upstream-stable: N/A
diff --git a/retired/CVE-2011-4914 b/retired/CVE-2011-4914
new file mode 100644
index 00000000..ef0a51bc
--- /dev/null
+++ b/retired/CVE-2011-4914
@@ -0,0 +1,13 @@
+Candidate:
+Description: rose: Add length checks to CALL_REQUEST parsing
+References:
+ http://marc.info/?l=linux-netdev&m=130063972406389&w=2
+Notes:
+ dannf> mitre decided this should be separate than CVE-2010-1493
+Bugs:
+upstream: released (2.6.39-rc1) [e0bccd315db0c2f919e7fcf9cb60db21d9986f52]
+2.6.32-upstream-stable: released (2.6.32.60)
+sid: released (2.6.39-1)
+2.6.26-lenny-security: released (2.6.26-28) [bugfix/all/rose-add-length-checks-to-CALL_REQUEST-parsing.patch]
+2.6.32-squeeze-security: released (2.6.32-39squeeze1) [bugfix/all/rose-add-length-checks-to-CALL_REQUEST-parsing.patch]
+3.2-upstream-stable: N/A
diff --git a/retired/CVE-2012-0045 b/retired/CVE-2012-0045
new file mode 100644
index 00000000..d24ecd45
--- /dev/null
+++ b/retired/CVE-2012-0045
@@ -0,0 +1,13 @@
+Description: kvm: syscall instruction induced guest panic
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=773370
+ https://lkml.org/lkml/2011/12/28/170
+ http://www.spinics.net/lists/kvm/msg66633.html
+Notes:
+Bugs:
+upstream: released (3.3) [bdb42f5afebe208eae90406959383856ae2caf2b, c2226fc9e87ba3da060e47333657cd6616652b84]
+2.6.32-upstream-stable: released (2.6.32.60)
+sid: released (3.2.2-1) [bugfix/x86/KVM-x86-extend-struct-x86_emulate_ops-with-get_cpuid.patch, bugfix/x86/KVM-x86-fix-missing-checks-in-syscall-emulation.patch]
+2.6.26-lenny-security: N/A "Introduced in 2.6.32"
+2.6.32-squeeze-security: released (2.6.32-41squeeze1) [bugfix/x86/KVM-extend-struct-x86_emulate_ops-with-get_cpuid.patch, bugfix/x86/KVM-fix-missing-checks-in-syscall-emulation.patch]
+3.2-upstream-stable: released (3.2.14) [90509a557798a023b3f5c46bebae62aa00e5da2a, c401f604a75970a1e5c2718232b3c4c2060a3ee8]
diff --git a/retired/CVE-2012-0879 b/retired/CVE-2012-0879
new file mode 100644
index 00000000..96dc09f7
--- /dev/null
+++ b/retired/CVE-2012-0879
@@ -0,0 +1,11 @@
+Description: block: CLONE_IO io_context refcounting issues
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=796829
+ http://comments.gmane.org/gmane.linux.kernel/922519
+Notes:
+Bugs:
+upstream: released (2.6.33) [61cc74fbb87af6aa551a06a370590c9bc07e29d9, b69f2292063d2caf37ca9aec7d63ded203701bf3]
+2.6.32-upstream-stable: released (2.6.32.60)
+sid: released (2.6.33-1)
+2.6.32-squeeze-security: released (2.6.32-44) [bugfix/all/block-Fix-io_context-leak-after-clone-with-CLONE_IO.patch, bugfix/all/block-Fix-io_context-leak-after-failure-of-clone-with-CLONE_IO.patch]
+3.2-upstream-stable: N/A
diff --git a/retired/CVE-2012-1601 b/retired/CVE-2012-1601
new file mode 100644
index 00000000..4f3dd8f5
--- /dev/null
+++ b/retired/CVE-2012-1601
@@ -0,0 +1,11 @@
+Description: kvm: irqchip_in_kernel() and vcpu->arch.apic inconsistency
+References:
+ http://comments.gmane.org/gmane.comp.emulators.kvm.devel/86217
+ https://bugzilla.redhat.com/show_bug.cgi?id=808199
+Notes:
+Bugs:
+upstream: released (3.4-rc1) [3e515705a1f46beb1c942bb8043c16f8ac7b1e9e]
+2.6.32-upstream-stable: released (2.6.32.60)
+sid: released (3.2.17-1) [bugfix/all/kvm-ensure-all-vcpus-are-consistent-with-in-kernel-irqchip.patch]
+2.6.32-squeeze-security: released (2.6.32-44) [bugfix/x86/KVM-disallow-multiple-KVM_CREATE_IRQCHIP.patch, bugfix/x86/KVM-Ensure-all-vcpus-are-consistent-with-in-kernel-irqchip-settings.patch]
+3.2-upstream-stable: released (3.2.19) [645b177cbfce6b695bdbe0b4c131de584821840d]
diff --git a/retired/CVE-2012-2123 b/retired/CVE-2012-2123
new file mode 100644
index 00000000..0ffb1a08
--- /dev/null
+++ b/retired/CVE-2012-2123
@@ -0,0 +1,9 @@
+Description: fcaps: clear the same personality flags as suid when fcaps are used
+References:
+Notes:
+Bugs:
+upstream: released (3.4-rc4) [d52fc5dde171f030170a6cb78034d166b13c9445, 51b79bee627d526199b2f6a6bef8ee0c0739b6d1]
+2.6.32-upstream-stable: released (2.6.32.60)
+sid: released (3.2.16-1)
+2.6.32-squeeze-security: released (2.6.32-44) [bugfix/all/fcaps-clear-the-same-personality-flags-as-suid-when-fcaps-are-used.patch, bugfix/all/security-fix-compile-error-in-commoncap.c.patch]
+3.2-upstream-stable: released (3.2.16) [f2c309c36d0a433c88534082cb2c3a817d6bd409, fd18a0805b2b68228c0493337000f63c2573cc0c]
diff --git a/retired/CVE-2012-2133 b/retired/CVE-2012-2133
new file mode 100644
index 00000000..ec86deea
--- /dev/null
+++ b/retired/CVE-2012-2133
@@ -0,0 +1,10 @@
+Description: use after free bug in "quota" handling in hugetlb code
+References:
+Notes:
+ jmm> Introduced in 2.6.24
+Bugs:
+upstream: released (3.4-rc1) [90481622d75715bfcb68501280a917dbfe516029]
+2.6.32-upstream-stable: released (2.6.32.60)
+sid: released (3.2.19-1) [bugfix/all/hugepages-fix-use-after-free-bug-in-quota-handling.patch]
+2.6.32-squeeze-security: released (2.6.32-44) [bugfix/all/hugepages-fix-use-after-free-bug-in-quota-handling.patch]
+3.2-upstream-stable: released (3.2.24)
diff --git a/retired/CVE-2012-2136 b/retired/CVE-2012-2136
new file mode 100644
index 00000000..0f624e89
--- /dev/null
+++ b/retired/CVE-2012-2136
@@ -0,0 +1,11 @@
+Description:
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2136
+ http://thread.gmane.org/gmane.linux.network/232111
+Notes:
+Bugs:
+upstream: released (v3.5-rc1) [cc9b17ad29ecaa20bfe426a8d4dbfb94b13ff1cc]
+2.6.32-upstream-stable: released (2.6.32.60)
+sid: released (3.2.20-1)
+2.6.32-squeeze-security: released (2.6.32-46) [bugfix/all/net-sock-validate-data_len-before-allocating-skb-in-sock_alloc_send_pskb.patch]
+3.2-upstream-stable: released (3.2.23)
diff --git a/retired/CVE-2012-2313 b/retired/CVE-2012-2313
new file mode 100644
index 00000000..b1bcb8a6
--- /dev/null
+++ b/retired/CVE-2012-2313
@@ -0,0 +1,13 @@
+Description: more tight ioctl permissions in dl2k driver
+References:
+ References: http://www.spinics.net/lists/netdev/msg196365.html
+ http://www.spinics.net/lists/netdev/msg196381.html
+ http://www.spinics.net/lists/netdev/msg196382.html
+ https://bugzilla.novell.com/show_bug.cgi?id=758813
+Notes:
+Bugs:
+upstream: released (3.4-rc4) [1bb57e940e1958e40d51f2078f50c3a96a9b2d75]
+2.6.32-upstream-stable: released (2.6.32.60)
+sid: released (3.2.19-1)
+2.6.32-squeeze-security: released (2.6.32-46) [bugfix/all/dl2k-use-standard-defines-from-mii.h.patch, bugfix/all/dl2k-Clean-up-rio_ioctl.patch]
+3.2-upstream-stable: released (3.2.19) [bdd06be083b51fa7bdf04d8c8b699870f29bae69]
diff --git a/retired/CVE-2012-2319 b/retired/CVE-2012-2319
new file mode 100644
index 00000000..a943e25a
--- /dev/null
+++ b/retired/CVE-2012-2319
@@ -0,0 +1,9 @@
+Description: Buffer overflow in HFS
+Reference:s
+Notes:
+Bugs:
+upstream: released (3.4-rc6) [6f24f892871acc47b40dd594c63606a17c714f77]
+2.6.32-upstream-stable: released (2.6.32.60)
+sid: released (3.2.17-1)
+2.6.32-squeeze-security: released (2.6.32-46) [bugfix/all/hfsplus-Fix-potential-buffer-overflows.patch]
+3.2-upstream-stable: released (3.2.17) [d4af6eb924ce29b9e46037134ca69ce085b5c36c]
diff --git a/retired/CVE-2012-2745 b/retired/CVE-2012-2745
new file mode 100644
index 00000000..3c48658e
--- /dev/null
+++ b/retired/CVE-2012-2745
@@ -0,0 +1,10 @@
+Description: cred: copy_process() should clear child->replacement_session_keyring
+References:
+ https://rhn.redhat.com/errata/RHSA-2012-1064.html
+Notes:
+Bugs:
+upstream: released (3.4) [79549c6dfda0603dba9a70a53467ce62d9335c33]
+2.6.32-upstream-stable: released (2.6.32.60)
+sid: released (3.2.15-1)
+2.6.32-squeeze-security: released (2.6.32-46) [bugfix/all/cred-copy_process-should-clear-child-replacement_session_keyring.patch]
+3.2-upstream-stable: released (3.2.15)
diff --git a/retired/CVE-2012-3400 b/retired/CVE-2012-3400
new file mode 100644
index 00000000..f31f0a73
--- /dev/null
+++ b/retired/CVE-2012-3400
@@ -0,0 +1,9 @@
+Description: 
+References:
+Notes:
+Bugs:
+upstream: released (3.5-rc5) [1df2ae31c724e57be9d7ac00d78db8a5dabdd050, adee11b2085bee90bd8f4f52123ffb07882d6256]
+2.6.32-upstream-stable: released (2.6.32.60)
+sid: released (3.2.23-1)
+2.6.32-squeeze-security: released (2.6.32-46) [bugfix/all/udf-Fortify-loading-of-sparing-table.patch, bugfix/all/udf-Avoid-run-away-loop-when-partition-table-length-is-corrupted.patch]
+3.2-upstream-stable: released (3.2.23)