retire issues

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@2178 e094ebfe-e918-0410-adfb-c712417f3574
author: Moritz Muehlenhoff <jmm@debian.org> 2011-01-30 11:29:31 +0000
committer: Moritz Muehlenhoff <jmm@debian.org> 2011-01-30 11:29:31 +0000
commit: d3f3145fd890f6769590bc132bb0d7edf80fafd5 (patch)
tree: b1a9e417ea6b5d8bd58e49ada34a9c384232c03d /retired
parent: 7196d474f645fb167632797b8734e11993260232 (diff)
10 files changed, 116 insertions, 0 deletions
diff --git a/retired/CVE-2010-0435 b/retired/CVE-2010-0435
new file mode 100644
index 00000000..a03973d0
--- /dev/null
+++ b/retired/CVE-2010-0435
@@ -0,0 +1,15 @@
+Candidate: CVE-2010-0435
+Description:
+ kvm null ptr dereference
+References:
+ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0435
+Notes:
+ jmm> RHEL patch commited as patches/CVE-2010-0435-kvm-kernel-fix-null-pointer-dereference.patch
+ jmm> The kernel.org version is quite different, though. Maybe it's only exploitable in 
+ jmm> combination with the plethora of KVM patches added by Red Hat?
+Bugs:
+upstream: released (2.6.34)
+2.6.32-upstream-stable: released (2.6.32.27)
+linux-2.6: released (2.6.32-29) [bugfix/all/stable/2.6.32.27.patch]
+2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/x86/kvm-vmx-fix-vmx-null-pointer-dereference-on-debug-register-access.patch]
+2.6.32-squeeze-security: released (2.6.32-29) [bugfix/all/stable/2.6.32.27.patch]
diff --git a/retired/CVE-2010-4162 b/retired/CVE-2010-4162
new file mode 100644
index 00000000..e8b94afe
--- /dev/null
+++ b/retired/CVE-2010-4162
@@ -0,0 +1,11 @@
+Candidate: CVE-2010-4162
+Description: DoS in block layer
+References:
+ http://git.kernel.org/?p=linux/kernel/git/axboe/linux-2.6-block.git;a=commitdiff;h=cb4644cac4a2797afc847e6c92736664d4b0ea34;hp=f3f63c1c28bc861a931fac283b5bc3585efb8967
+Notes:
+Bugs:
+upstream: released (2.6.37) [cb4644cac4a2797afc847e6c92736664d4b0ea34]
+2.6.32-upstream-stable: released (2.6.32.27)
+linux-2.6: released (2.6.32-29) [bugfix/all/stable/2.6.32.27.patch]
+2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/bio-take-care-not-overflow-page-count-when-mapping-copying-user-data.patch]
+2.6.32-squeeze-security: released (2.6.32-29) [bugfix/all/stable/2.6.32.27.patch]
diff --git a/retired/CVE-2010-4163 b/retired/CVE-2010-4163
new file mode 100644
index 00000000..4e52b1b7
--- /dev/null
+++ b/retired/CVE-2010-4163
@@ -0,0 +1,12 @@
+Candidate: CVE-2010-4163
+Description:
+References:
+ http://git.kernel.org/?p=linux/kernel/git/axboe/linux-2.6-block.git;a=commit;h=9284bcf4e335e5f18a8bc7b26461c33ab60d0689
+Notes:
+ Also needs https://patchwork.kernel.org/patch/363282/
+Bugs:
+upstream: released (2.6.37) [9284bcf4e335e5f18a8bc7b26461c33ab60d0689, 5478755616ae2ef1ce144dded589b62b2a50d575]
+2.6.32-upstream-stable: released (2.6.32.27)
+linux-2.6: released (2.6.32-29) [debian/patches/bugfix/all/stable/2.6.32.27.patch]
+2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/block-check-for-proper-length-of-iov-entries-in-blk_rq_map_user_iov.patch]
+2.6.32-squeeze-security: released (2.6.32-29) [bugfix/all/stable/2.6.32.27.patch]
diff --git a/retired/CVE-2010-4242 b/retired/CVE-2010-4242
new file mode 100644
index 00000000..c76ad8d7
--- /dev/null
+++ b/retired/CVE-2010-4242
@@ -0,0 +1,12 @@
+Candidate: CVE-2010-4242
+Description: missing tty ops write function presence check in hci_uart_tty_open()
+References: 
+ https://bugzilla.redhat.com/show_bug.cgi?id=641410
+ http://git.kernel.org/linus/c19483cc5e56ac5e22dd19cf25ba210ab1537773
+Notes:
+Bugs:
+upstream: released (2.6.37) [c19483cc5e56ac5e22dd19cf25ba210ab1537773]
+2.6.32-upstream-stable: released (2.6.36.26)
+linux-2.6: released (2.6.32-28) [bugfix/all/stable/2.6.32.26.patch]
+2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/bluetooth-fix-missing-NULL-check.patch]
+2.6.32-squeeze-security: released (2.6.32-28) [bugfix/all/stable/2.6.32.26.patch]
diff --git a/retired/CVE-2010-4258 b/retired/CVE-2010-4258
new file mode 100644
index 00000000..11284735
--- /dev/null
+++ b/retired/CVE-2010-4258
@@ -0,0 +1,12 @@
+Candidate: CVE-2010-4258
+Description: failure to revert address limit override in OOPS error path
+References:
+ http://marc.info/?l=linux-kernel&m=129117048916957&w=2
+Notes:
+ exploit released -> high urgency: http://seclists.org/fulldisclosure/2010/Dec/85
+Bugs:
+upstream: released (2.6.37-rc4) [33dd94ae1ccbfb7bf0fb6c692bc3d1c4269e6177]
+2.6.32-upstream-stable: released (2.6.32.27)
+linux-2.6: released (2.6.32-29) [bugfix/all/stable/2.6.32.27.patch]
+2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/do_exit-make-sure-that-we-run-with-get_fs-USER_DS.patch]
+2.6.32-squeeze-security: released (2.6.32-29) [bugfix/all/stable/2.6.32.27.patch]
diff --git a/retired/CVE-2010-4346 b/retired/CVE-2010-4346
new file mode 100644
index 00000000..250fc268
--- /dev/null
+++ b/retired/CVE-2010-4346
@@ -0,0 +1,12 @@
+Candidate: CVE-2010-4346
+Description:
+References:
+ https://lkml.org/lkml/2010/12/9/222
+ https://bugzilla.redhat.com/show_bug.cgi?id=662189
+Notes:
+Bugs:
+upstream: released (2.6.37) [462e635e5b73ba9a4c03913b77138cd57ce4b050]
+2.6.32-upstream-stable: released (2.6.32.28)
+linux-2.6: released (2.6.32-30)
+2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/install_special_mapping-skips-security_file_mmap_check.patch]
+2.6.32-squeeze-security: released (2.6.32-30)
diff --git a/retired/CVE-2010-4526 b/retired/CVE-2010-4526
new file mode 100644
index 00000000..26970564
--- /dev/null
+++ b/retired/CVE-2010-4526
@@ -0,0 +1,10 @@
+Candidate: CVE-2010-4526
+Description: sctp: a race between ICMP protocol unreachable and connect()
+References:
+Notes:
+Bugs:
+upstream: released (2.6.34) [50b5d6ad63821cea324a5a7a19854d4de1a0a819]
+2.6.32-upstream-stable: released (2.6.32.28)
+linux-2.6: released (2.6.32-30)
+2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/CVE-2010-4526]
+2.6.32-squeeze-security: released (2.6.32-30)
diff --git a/retired/CVE-2010-4527 b/retired/CVE-2010-4527
new file mode 100644
index 00000000..b16a42b7
--- /dev/null
+++ b/retired/CVE-2010-4527
@@ -0,0 +1,10 @@
+Candidate: CVE-2010-4527
+Description: buffer overflow in OSS load_mixer_volumes
+References: 
+Notes:
+Bugs:
+upstream: released (2.6.37) [d81a12bc29ae4038770e05dce4ab7f26fd5880fb]
+2.6.32-upstream-stable: released (2.6.32.28)
+linux-2.6: released (2.6.32-30)
+2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/CVE-2010-4527.patch]
+2.6.32-squeeze-security: released (2.6.32-30)
diff --git a/retired/CVE-2010-4649 b/retired/CVE-2010-4649
new file mode 100644
index 00000000..34813498
--- /dev/null
+++ b/retired/CVE-2010-4649
@@ -0,0 +1,10 @@
+Candidate: CVE-2010-4649
+Description: IB/uverbs: Handle large number of entries in poll CQ
+References:
+Notes:
+Bugs:
+upstream: released (2.6.37) [7182afea8d1afd432a17c18162cc3fd441d0da93]
+2.6.32-upstream-stable: released (2.6.32.28)
+linux-2.6: released (2.6.32-30)
+2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/ib-uverbs-handle-large-number-of-entries-in-poll-CQ.patch]
+2.6.32-squeeze-security: released (2.6.32-30)
diff --git a/retired/CVE-2010-4668 b/retired/CVE-2010-4668
new file mode 100644
index 00000000..1ef491c1
--- /dev/null
+++ b/retired/CVE-2010-4668
@@ -0,0 +1,12 @@
+Candidate: CVE-2010-4668
+Description:
+References:
+Notes:
+ jmm> This ID is about the fact that the initial fix for CVE-2010-4163
+ jmm> was incomplete
+Bugs:
+upstream: released (2.6.37) [5478755616ae2ef1ce144dded589b62b2a50d575]
+2.6.32-upstream-stable: released (2.6.32.27)
+linux-2.6: released (2.6.32-29)
+2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/block-check-for-proper-length-of-iov-entries-earlier-in-blk_rq_map_user_iov.patch]
+2.6.32-squeeze-security: released (2.6.32.27)
author	Moritz Muehlenhoff <jmm@debian.org>	2011-01-30 11:29:31 +0000
committer	Moritz Muehlenhoff <jmm@debian.org>	2011-01-30 11:29:31 +0000
commit	d3f3145fd890f6769590bc132bb0d7edf80fafd5 (patch)
tree	b1a9e417ea6b5d8bd58e49ada34a9c384232c03d /retired
parent	7196d474f645fb167632797b8734e11993260232 (diff)