diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2010-03-04 23:30:06 +0000 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2010-03-04 23:30:06 +0000 |
commit | 8b89b4be7cf2cf2a85f2e5521046e5a53d6a90dc (patch) | |
tree | 0decae468ee0fa9b8f7e02de08dd13641f90fb2d /retired | |
parent | 24f2bb5a17a5d17d4346de3a08e222f5d7791003 (diff) |
retire issues
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1759 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired')
-rw-r--r-- | retired/CVE-2009-2691 | 14 | ||||
-rw-r--r-- | retired/CVE-2009-2695 | 21 | ||||
-rw-r--r-- | retired/CVE-2009-3080 | 13 | ||||
-rw-r--r-- | retired/CVE-2009-3613 | 14 | ||||
-rw-r--r-- | retired/CVE-2009-3726 | 13 | ||||
-rw-r--r-- | retired/CVE-2009-3889 | 18 | ||||
-rw-r--r-- | retired/CVE-2009-4005 | 14 | ||||
-rw-r--r-- | retired/CVE-2009-4020 | 14 | ||||
-rw-r--r-- | retired/CVE-2009-4021 | 14 | ||||
-rw-r--r-- | retired/CVE-2009-4138 | 14 | ||||
-rw-r--r-- | retired/CVE-2009-4141 | 19 | ||||
-rw-r--r-- | retired/CVE-2009-4308 | 13 | ||||
-rw-r--r-- | retired/CVE-2009-4536 | 16 | ||||
-rw-r--r-- | retired/CVE-2009-4538 | 16 | ||||
-rw-r--r-- | retired/CVE-2010-0003 | 14 | ||||
-rw-r--r-- | retired/CVE-2010-0006 | 17 | ||||
-rw-r--r-- | retired/CVE-2010-0007 | 13 |
17 files changed, 257 insertions, 0 deletions
diff --git a/retired/CVE-2009-2691 b/retired/CVE-2009-2691 new file mode 100644 index 00000000..6069194d --- /dev/null +++ b/retired/CVE-2009-2691 @@ -0,0 +1,14 @@ +Candidate: CVE-2009-2691 +Description: + The mm_for_maps function in fs/proc/base.c in the Linux kernel 2.6.30.4 and earlier + allows local users to read (1) maps and (2) smaps files under proc/ via vectors + related to ELF loading, a setuid process, and a race condition. +References: +Ubuntu-Description: +Notes: +Bugs: +upstream: released (2.6.31-rc6) [13f0fea, 00f89d2, 704b836], released (2.6.30.5) [95d7e670e3158b6a52a8279290a0d6f7047250b4, 17dc3e97d6d51df33cb6e35fabb62b91ef14cf2c, c6d59cb0341e2c3aed3eb65cbf166a686c3443aa] +linux-2.6: released (2.6.30-7) +2.6.18-etch-security: ignored (end of life) +2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/maps-visible-during-initial-setuid-ELF-loading.patch] +2.6.26-lenny-security: released (2.6.26-21) [bugfix/all/maps-visible-during-initial-setuid-ELF-loading.patch] diff --git a/retired/CVE-2009-2695 b/retired/CVE-2009-2695 new file mode 100644 index 00000000..307fc3b4 --- /dev/null +++ b/retired/CVE-2009-2695 @@ -0,0 +1,21 @@ +Candidate: CVE-2009-2695 +Description: + The Linux kernel before 2.6.31-rc7 does not properly prevent mmap operations that + target page zero and other low memory addresses, which allows local users to gain + privileges by exploiting NULL pointer dereference vulnerabilities, related to (1) + the default configuration of the allow_unconfined_mmap_low boolean in SELinux on + Red Hat Enterprise Linux (RHEL) 5, (2) an error that causes + allow_unconfined_mmap_low to be ignored in the unconfined_t domain, (3) lack of a + requirement for the CAP_SYS_RAWIO capability for these mmap operations, and (4) + interaction between the mmap_min_addr protection mechanism and certain application + programs. +References: + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2695 +Ubuntu-Description: +Notes: +Bugs: +upstream: released (2.6.31-rc7) +linux-2.6: released (2.6.31-1) +2.6.18-etch-security: N/A "no mmap_min_addr" +2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/security-use-mmap_min_addr-independently-of-security-models.patch, bugfix/all/selinux-call-cap_file_mmap-in-selinux_file_mmap.patch, bugfix/all/capabilities-move-cap_file_mmap-to-commoncap.c.patch, bugfix/all/security-seperate-lsm-specific-mmap_min_addr.patch, bugfix/all/security-define-round_hint_to_min-when-CONFIG_SECURITY-is-off.patch] +2.6.26-lenny-security: released (2.6.26-19lenny1) [bugfix/all/security-use-mmap_min_addr-independently-of-security-models.patch, bugfix/all/selinux-call-cap_file_mmap-in-selinux_file_mmap.patch, bugfix/all/capabilities-move-cap_file_mmap-to-commoncap.c.patch, bugfix/all/security-seperate-lsm-specific-mmap_min_addr.patch, bugfix/all/security-define-round_hint_to_min-when-CONFIG_SECURITY-is-off.patch] diff --git a/retired/CVE-2009-3080 b/retired/CVE-2009-3080 new file mode 100644 index 00000000..b72f4281 --- /dev/null +++ b/retired/CVE-2009-3080 @@ -0,0 +1,13 @@ +Candidate: CVE-2009-3080 +Description: + index error in gdth_read_event +References: + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3080 +Notes: +Bugs: +upstream: released (2.6.32-rc8) [690e7448] +2.6.31-upstream-stable: released (2.6.31.7) [17438898] +linux-2.6: released (2.6.32-1) +2.6.18-etch-security: released (2.6.18.dfsg.1-26etch2) [bugfix/all/gdth-prevent-negative-offsets-in-ioctl.patch] +2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/gdth-prevent-negative-offsets-in-ioctl.patch] +2.6.26-lenny-security: released (2.6.26-21) [bugfix/all/gdth-prevent-negative-offsets-in-ioctl.patch] diff --git a/retired/CVE-2009-3613 b/retired/CVE-2009-3613 new file mode 100644 index 00000000..423241ee --- /dev/null +++ b/retired/CVE-2009-3613 @@ -0,0 +1,14 @@ +Candidate: CVE-2009-3613 +Description: +References: + http://git.kernel.org/linus/a866bbf6aacf95f849810079442a20be118ce905 + http://git.kernel.org/linus/97d477a914b146e7e6722ded21afa79886ae8ccd + http://bugzilla.kernel.org/show_bug.cgi?id=9468 + https://bugzilla.redhat.com/show_bug.cgi?id=529137 +Notes: +Bugs: +upstream: released (2.6.29) [a866bbf, 97d477a] +linux-2.6: released (2.6.29-1) +2.6.18-etch-security: ignored (EOL) +2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch1) [bugfix/all/r8169-balance-pci_map-pci_unmap-pair.patch, bugfix/all/r8169-use-hardware-auto-padding.patch] +2.6.26-lenny-security: released (2.6.26-19lenny1) [bugfix/all/r8169-use-hardware-auto-padding.patch] diff --git a/retired/CVE-2009-3726 b/retired/CVE-2009-3726 new file mode 100644 index 00000000..f03e2464 --- /dev/null +++ b/retired/CVE-2009-3726 @@ -0,0 +1,13 @@ +Candidate: CVE-2009-3726 +Description: + null ptr dereference in nfs4_proc_lock +References: + http://www.openwall.com/lists/oss-security/2009/11/05/1 + http://xorl.wordpress.com/2009/11/07/cve-2009-3726-linux-kernel-nfsv4-null-pointer-dereference/ +Notes: +Bugs: +upstream: released (2.6.31) [d953126a28f97ec965d23c69fd5795854c048f30] +linux-2.6: released (2.6.31-1) +2.6.18-etch-security: released (2.6.18.dfsg.1-26etch2) [bugfix/all/nfsv4-buggy-server-oops.patch] +2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/nfsv4-buggy-server-oops.patch] +2.6.26-lenny-security: released (2.6.26-21) [bugfix/all/nfsv4-buggy-server-oops.patch] diff --git a/retired/CVE-2009-3889 b/retired/CVE-2009-3889 new file mode 100644 index 00000000..cea67afa --- /dev/null +++ b/retired/CVE-2009-3889 @@ -0,0 +1,18 @@ +Candidate: CVE-2009-3889 +Description: + The dbg_lvl file for the megaraid_sas driver in the Linux kernel before + 2.6.27 has world-writable permissions, which allows local users to change + the (1) behavior and (2) logging level of the driver by modifying this file. +References: + http://www.openwall.com/lists/oss-security/2009/11/13/1 + https://bugzilla.redhat.com/show_bug.cgi?id=526068 +Notes: + poll_mode_io aspect of this issue got its own id, CVE-2009-3939 +Bugs: +upstream: released (2.6.27) [66dca9b8] +linux-2.6: released (2.6.27-1) +2.6.18-etch-security: N/A (Vulnerable code not present) +2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/megaraid_sas-fix-sysfs-dbg_lvl-permissions.patch] +2.6.26-lenny-security: released (2.6.26-21) [bugfix/all/megaraid_sas-fix-sysfs-dbg_lvl-permissions.patch] + + diff --git a/retired/CVE-2009-4005 b/retired/CVE-2009-4005 new file mode 100644 index 00000000..2577d111 --- /dev/null +++ b/retired/CVE-2009-4005 @@ -0,0 +1,14 @@ +Candidate: CVE-2009-4005 +Description: + buffer overflow in hfc_usb +References: + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4005 +Notes: +Bugs: +upstream: released (2.6.32-rc7) [286e633e] +2.6.31-upstream-stable: N/A +linux-2.6: released (2.6.32-1) +2.6.18-etch-security: released (2.6.18.dfsg.1-26etch2) [bugfix/all/isdn-hfc_usb-fix-read-buffer-overflow.patch] +2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/isdn-hfc_usb-fix-read-buffer-overflow.patch] +2.6.26-lenny-security: released (2.6.26-21) [bugfix/all/isdn-hfc_usb-fix-read-buffer-overflow.patch] +2.6.32-squeeze-security: released (2.6.32-1) diff --git a/retired/CVE-2009-4020 b/retired/CVE-2009-4020 new file mode 100644 index 00000000..270085ba --- /dev/null +++ b/retired/CVE-2009-4020 @@ -0,0 +1,14 @@ +Candidate: CVE-2009-4020 +Description: + hfs buffer overflow +References: + http://www.openwall.com/lists/oss-security/2009/12/04/1 +Notes: +Bugs: +upstream: released (2.6.33-rc1) [ec81aecb] +2.6.32-upstream-stable: released (2.6.32.2) [037b7867] +linux-2.6: released (2.6.32-3) +2.6.18-etch-security: released (2.6.18.dfsg.1-26etch2) [bugfix/all/hfs-fix-a-potential-buffer-overflow.patch] +2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/hfs-fix-a-potential-buffer-overflow.patch] +2.6.26-lenny-security: released (2.6.26-21) [bugfix/all/hfs-fix-a-potential-buffer-overflow.patch] +2.6.32-squeeze-security: released (2.6.32-3) diff --git a/retired/CVE-2009-4021 b/retired/CVE-2009-4021 new file mode 100644 index 00000000..fbf0a0c5 --- /dev/null +++ b/retired/CVE-2009-4021 @@ -0,0 +1,14 @@ +Candidate: CVE-2009-4021 +Description: + fuse null ptr dereference +References: + http://www.openwall.com/lists/oss-security/2009/11/19/1 +Notes: + introduced in 2.6.14 +Bugs: +upstream: released (2.6.32-rc7) [f60311d5] +linux-2.6: released (2.6.32-1) +2.6.18-etch-security: released (2.6.18.dfsg.1-26etch2) [bugfix/all/fuse-prevent-fuse_put_request-on-invalid-pointer.patch] +2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/fuse-prevent-fuse_put_request-on-invalid-pointer.patch] +2.6.26-lenny-security: released (2.6.26-21) [bugfix/all/fuse-prevent-fuse_put_request-on-invalid-pointer.patch] +2.6.32-squeeze-security: released (2.6.32-1) diff --git a/retired/CVE-2009-4138 b/retired/CVE-2009-4138 new file mode 100644 index 00000000..668226de --- /dev/null +++ b/retired/CVE-2009-4138 @@ -0,0 +1,14 @@ +Candidate: CVE-2009-4138 +Description: + firewire: ohci: handle receive packets with a data length of zero +References: + http://www.openwall.com/lists/oss-security/2009/12/15/1 +Notes: +Bugs: +upstream: released (2.6.33-rc1) [8c0c0cc2] +2.6.32-upstream-stable: released (2.6.32.2) [e39b7b49] +linux-2.6: released (2.6.32-3) +2.6.18-etch-security: N/A "ohci introduced in 2.6.22" +2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/firewire-ohci-handle-receive-packets-with-a-data-length-of-zero.patch] +2.6.26-lenny-security: released (2.6.26-21) [bugfix/all/firewire-ohci-handle-receive-packets-with-a-data-length-of-zero.patch] +2.6.32-squeeze-security: released (2.6.32-3) diff --git a/retired/CVE-2009-4141 b/retired/CVE-2009-4141 new file mode 100644 index 00000000..2bc82b31 --- /dev/null +++ b/retired/CVE-2009-4141 @@ -0,0 +1,19 @@ +Candidate: CVE-2009-4141 +Description: + fasync issue +References: + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4141 + http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=53281b6d3 +Notes: + Believed to have been introduced in 233e70f in 2.6.28-rc3. + Might make sense to backport to stable as a precaution. +Bugs: +jmm> Commit 53281b6d +upstream: released (2.6.32.4) +2.6.32-upstream-stable: released (2.6.32.4) +linux-2.6: released (2.6.32-6) [bugfix/all/fasync-split-fasync_helper.patch] +2.6.18-etch-security: N/A +2.6.24-etch-security: N/A +2.6.26-lenny-security: N/A +2.6.32-squeeze-security: released (2.6.32-6) [bugfix/all/fasync-split-fasync_helper.patch] + diff --git a/retired/CVE-2009-4308 b/retired/CVE-2009-4308 new file mode 100644 index 00000000..fc6270fd --- /dev/null +++ b/retired/CVE-2009-4308 @@ -0,0 +1,13 @@ +Candidate: CVE-2009-4308 +Description: +References: + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4308 +Notes: +Bugs: +upstream: released (2.6.32) [78f1ddbb] +2.6.31-upstream-stable: released (2.6.31.8) [4ef61f0a] +linux-2.6: released (2.6.32-1) +2.6.18-etch-security: N/A "ext4 introduced in 2.6.19" +2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/ext4-avoid-null-pointer-deref-when-decoding-EROFS-wo-a-journal.patch] +2.6.26-lenny-security: released (2.6.26-21) [bugfix/all/ext4-avoid-null-pointer-deref-when-decoding-EROFS-wo-a-journal.patch] +2.6.32-squeeze-security: released (2.6.32-1) diff --git a/retired/CVE-2009-4536 b/retired/CVE-2009-4536 new file mode 100644 index 00000000..a1f3b11a --- /dev/null +++ b/retired/CVE-2009-4536 @@ -0,0 +1,16 @@ +Candidate: CVE-2009-4536 +Description: + regression in e1000 driver +References: + http://www.openwall.com/lists/oss-security/2009/12/31/1 +Notes: + jmm> Commit 40a14deaf411592b57cb0720f0e8004293ab9865 + jmm> Submitted for 2.6.32 stable +Bugs: +upstream: released (2.6.33-rc6) [40a14dea] +2.6.32-upstream-stable: +linux-2.6: released (2.6.32-6) [bugfix/all/e1000-enhance-frame-fragment-detection.patch] +2.6.18-etch-security: released (2.6.18.dfsg.1-26etch2) [bugfix/all/e1000-enhance-frame-fragment-detection.patch] +2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/e1000-enhance-frame-fragment-detection.patch] +2.6.26-lenny-security: released (2.6.26-21lenny1) [bugfix/all/e1000-enhance-frame-fragment-detection.patch] +2.6.32-squeeze-security: released (2.6.32-6) [bugfix/all/e1000-enhance-frame-fragment-detection.patch] diff --git a/retired/CVE-2009-4538 b/retired/CVE-2009-4538 new file mode 100644 index 00000000..adbcddc9 --- /dev/null +++ b/retired/CVE-2009-4538 @@ -0,0 +1,16 @@ +Candidate:CVE-2009-4538 +Description: + regression in e1000e driver +References: + http://www.openwall.com/lists/oss-security/2009/12/31/1 +Notes: + jmm> commit b94b50289622e816adc9f94111cfc2679c80177c + jmm> Submitted for 2.6.32 stable +Bugs: +upstream: released (2.6.33-rc6) [b94b5028] +2.6.32-upstream-stable: +linux-2.6: released (2.6.32-6) [bugfix/all/e1000e-enhance-fragment-detection.patch] +2.6.18-etch-security: N/A "no e1000e" +2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/e1000e-enhance-frame-fragment-detection.patch] +2.6.26-lenny-security: released (2.6.26-21lenny1) [bugfix/all/e1000e-enhance-frame-fragment-detection.patch] +2.6.32-squeeze-security: released (2.6.32-6) [bugfix/all/e1000e-enhance-fragment-detection.patch] diff --git a/retired/CVE-2010-0003 b/retired/CVE-2010-0003 new file mode 100644 index 00000000..e29ae9b6 --- /dev/null +++ b/retired/CVE-2010-0003 @@ -0,0 +1,14 @@ +Candidate: CVE-2010-0003 +Description: + kernel info leak if print-fatal-signals=1 +References: + http://www.openwall.com/lists/oss-security/2010/01/12/1 +Notes: +Bugs: +upstream: released (2.6.33-rc4) [b45c6e76bc] +2.6.32-upstream-stable: released (2.6.32.4) +linux-2.6: released (2.6.32-6) [bugfix/all/stable/2.6.32.4.patch] +2.6.18-etch-security: N/A "print-fatal-signals didn't exist yet" +2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/signal-fix-information-leak-with-print-fatal-signals.patch] +2.6.26-lenny-security: released (2.6.26-21lenny1) [bugfix/all/signal-fix-information-leak-with-print-fatal-signals.patch] +2.6.32-squeeze-security: released (2.6.32-6) [bugfix/all/stable/2.6.32.4.patch] diff --git a/retired/CVE-2010-0006 b/retired/CVE-2010-0006 new file mode 100644 index 00000000..baab029d --- /dev/null +++ b/retired/CVE-2010-0006 @@ -0,0 +1,17 @@ +Candidate: CVE-2010-0006 +Description: + ipv6: skb_dst() null ptr dereference +References: + http://www.openwall.com/lists/oss-security/2010/01/14/2 +Notes: + oss-sec posting says that this codebase is not turned + on in most cases in oss-sec posting, so likely not a + very high urgency issue +Bugs: +upstream: released (2.6.33) (2570a4f5428bcdb1077622342181755741e7fa60) +2.6.32-upstream-stable: released (2.6.32.4) +linux-2.6: released (2.6.32-6) +2.6.18-etch-security: N/A "introduced in 2.6.28 commit 483a47d2" +2.6.24-etch-security: N/A "introduced in 2.6.28 commit 483a47d2" +2.6.26-lenny-security: N/A "introduced in 2.6.28 commit 483a47d2" +2.6.32-squeeze-security: released (2.6.32-6) diff --git a/retired/CVE-2010-0007 b/retired/CVE-2010-0007 new file mode 100644 index 00000000..4febf548 --- /dev/null +++ b/retired/CVE-2010-0007 @@ -0,0 +1,13 @@ +Candidate: CVE-2010-0007 +Description: + normal users can modify etables rules +References: +Notes: +Bugs: +upstream: released (2.6.33-rc4) [dce766a] +2.6.32-upstream-stable: released (2.6.32.4) +linux-2.6: released (2.6.32-6) [bugfix/all/stable/2.6.32.4.patch] +2.6.18-etch-security: released (2.6.18.dfsg.1-26etch2) [bugfix/all/netfilter-ebtables-enforce-CAP_NET_ADMIN.patch] +2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/netfilter-ebtables-enforce-CAP_NET_ADMIN.patch] +2.6.26-lenny-security: released (2.6.26-21lenny1) [bugfix/all/netfilter-ebtables-enforce-CAP_NET_ADMIN.patch] +2.6.32-squeeze-security: released (2.6.32-6) [bugfix/all/stable/2.6.32.4.patch] |