diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2011-01-30 11:29:31 +0000 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2011-01-30 11:29:31 +0000 |
commit | d3f3145fd890f6769590bc132bb0d7edf80fafd5 (patch) | |
tree | b1a9e417ea6b5d8bd58e49ada34a9c384232c03d /retired | |
parent | 7196d474f645fb167632797b8734e11993260232 (diff) |
retire issues
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@2178 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired')
-rw-r--r-- | retired/CVE-2010-0435 | 15 | ||||
-rw-r--r-- | retired/CVE-2010-4162 | 11 | ||||
-rw-r--r-- | retired/CVE-2010-4163 | 12 | ||||
-rw-r--r-- | retired/CVE-2010-4242 | 12 | ||||
-rw-r--r-- | retired/CVE-2010-4258 | 12 | ||||
-rw-r--r-- | retired/CVE-2010-4346 | 12 | ||||
-rw-r--r-- | retired/CVE-2010-4526 | 10 | ||||
-rw-r--r-- | retired/CVE-2010-4527 | 10 | ||||
-rw-r--r-- | retired/CVE-2010-4649 | 10 | ||||
-rw-r--r-- | retired/CVE-2010-4668 | 12 |
10 files changed, 116 insertions, 0 deletions
diff --git a/retired/CVE-2010-0435 b/retired/CVE-2010-0435 new file mode 100644 index 00000000..a03973d0 --- /dev/null +++ b/retired/CVE-2010-0435 @@ -0,0 +1,15 @@ +Candidate: CVE-2010-0435 +Description: + kvm null ptr dereference +References: + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0435 +Notes: + jmm> RHEL patch commited as patches/CVE-2010-0435-kvm-kernel-fix-null-pointer-dereference.patch + jmm> The kernel.org version is quite different, though. Maybe it's only exploitable in + jmm> combination with the plethora of KVM patches added by Red Hat? +Bugs: +upstream: released (2.6.34) +2.6.32-upstream-stable: released (2.6.32.27) +linux-2.6: released (2.6.32-29) [bugfix/all/stable/2.6.32.27.patch] +2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/x86/kvm-vmx-fix-vmx-null-pointer-dereference-on-debug-register-access.patch] +2.6.32-squeeze-security: released (2.6.32-29) [bugfix/all/stable/2.6.32.27.patch] diff --git a/retired/CVE-2010-4162 b/retired/CVE-2010-4162 new file mode 100644 index 00000000..e8b94afe --- /dev/null +++ b/retired/CVE-2010-4162 @@ -0,0 +1,11 @@ +Candidate: CVE-2010-4162 +Description: DoS in block layer +References: + http://git.kernel.org/?p=linux/kernel/git/axboe/linux-2.6-block.git;a=commitdiff;h=cb4644cac4a2797afc847e6c92736664d4b0ea34;hp=f3f63c1c28bc861a931fac283b5bc3585efb8967 +Notes: +Bugs: +upstream: released (2.6.37) [cb4644cac4a2797afc847e6c92736664d4b0ea34] +2.6.32-upstream-stable: released (2.6.32.27) +linux-2.6: released (2.6.32-29) [bugfix/all/stable/2.6.32.27.patch] +2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/bio-take-care-not-overflow-page-count-when-mapping-copying-user-data.patch] +2.6.32-squeeze-security: released (2.6.32-29) [bugfix/all/stable/2.6.32.27.patch] diff --git a/retired/CVE-2010-4163 b/retired/CVE-2010-4163 new file mode 100644 index 00000000..4e52b1b7 --- /dev/null +++ b/retired/CVE-2010-4163 @@ -0,0 +1,12 @@ +Candidate: CVE-2010-4163 +Description: +References: + http://git.kernel.org/?p=linux/kernel/git/axboe/linux-2.6-block.git;a=commit;h=9284bcf4e335e5f18a8bc7b26461c33ab60d0689 +Notes: + Also needs https://patchwork.kernel.org/patch/363282/ +Bugs: +upstream: released (2.6.37) [9284bcf4e335e5f18a8bc7b26461c33ab60d0689, 5478755616ae2ef1ce144dded589b62b2a50d575] +2.6.32-upstream-stable: released (2.6.32.27) +linux-2.6: released (2.6.32-29) [debian/patches/bugfix/all/stable/2.6.32.27.patch] +2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/block-check-for-proper-length-of-iov-entries-in-blk_rq_map_user_iov.patch] +2.6.32-squeeze-security: released (2.6.32-29) [bugfix/all/stable/2.6.32.27.patch] diff --git a/retired/CVE-2010-4242 b/retired/CVE-2010-4242 new file mode 100644 index 00000000..c76ad8d7 --- /dev/null +++ b/retired/CVE-2010-4242 @@ -0,0 +1,12 @@ +Candidate: CVE-2010-4242 +Description: missing tty ops write function presence check in hci_uart_tty_open() +References: + https://bugzilla.redhat.com/show_bug.cgi?id=641410 + http://git.kernel.org/linus/c19483cc5e56ac5e22dd19cf25ba210ab1537773 +Notes: +Bugs: +upstream: released (2.6.37) [c19483cc5e56ac5e22dd19cf25ba210ab1537773] +2.6.32-upstream-stable: released (2.6.36.26) +linux-2.6: released (2.6.32-28) [bugfix/all/stable/2.6.32.26.patch] +2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/bluetooth-fix-missing-NULL-check.patch] +2.6.32-squeeze-security: released (2.6.32-28) [bugfix/all/stable/2.6.32.26.patch] diff --git a/retired/CVE-2010-4258 b/retired/CVE-2010-4258 new file mode 100644 index 00000000..11284735 --- /dev/null +++ b/retired/CVE-2010-4258 @@ -0,0 +1,12 @@ +Candidate: CVE-2010-4258 +Description: failure to revert address limit override in OOPS error path +References: + http://marc.info/?l=linux-kernel&m=129117048916957&w=2 +Notes: + exploit released -> high urgency: http://seclists.org/fulldisclosure/2010/Dec/85 +Bugs: +upstream: released (2.6.37-rc4) [33dd94ae1ccbfb7bf0fb6c692bc3d1c4269e6177] +2.6.32-upstream-stable: released (2.6.32.27) +linux-2.6: released (2.6.32-29) [bugfix/all/stable/2.6.32.27.patch] +2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/do_exit-make-sure-that-we-run-with-get_fs-USER_DS.patch] +2.6.32-squeeze-security: released (2.6.32-29) [bugfix/all/stable/2.6.32.27.patch] diff --git a/retired/CVE-2010-4346 b/retired/CVE-2010-4346 new file mode 100644 index 00000000..250fc268 --- /dev/null +++ b/retired/CVE-2010-4346 @@ -0,0 +1,12 @@ +Candidate: CVE-2010-4346 +Description: +References: + https://lkml.org/lkml/2010/12/9/222 + https://bugzilla.redhat.com/show_bug.cgi?id=662189 +Notes: +Bugs: +upstream: released (2.6.37) [462e635e5b73ba9a4c03913b77138cd57ce4b050] +2.6.32-upstream-stable: released (2.6.32.28) +linux-2.6: released (2.6.32-30) +2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/install_special_mapping-skips-security_file_mmap_check.patch] +2.6.32-squeeze-security: released (2.6.32-30) diff --git a/retired/CVE-2010-4526 b/retired/CVE-2010-4526 new file mode 100644 index 00000000..26970564 --- /dev/null +++ b/retired/CVE-2010-4526 @@ -0,0 +1,10 @@ +Candidate: CVE-2010-4526 +Description: sctp: a race between ICMP protocol unreachable and connect() +References: +Notes: +Bugs: +upstream: released (2.6.34) [50b5d6ad63821cea324a5a7a19854d4de1a0a819] +2.6.32-upstream-stable: released (2.6.32.28) +linux-2.6: released (2.6.32-30) +2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/CVE-2010-4526] +2.6.32-squeeze-security: released (2.6.32-30) diff --git a/retired/CVE-2010-4527 b/retired/CVE-2010-4527 new file mode 100644 index 00000000..b16a42b7 --- /dev/null +++ b/retired/CVE-2010-4527 @@ -0,0 +1,10 @@ +Candidate: CVE-2010-4527 +Description: buffer overflow in OSS load_mixer_volumes +References: +Notes: +Bugs: +upstream: released (2.6.37) [d81a12bc29ae4038770e05dce4ab7f26fd5880fb] +2.6.32-upstream-stable: released (2.6.32.28) +linux-2.6: released (2.6.32-30) +2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/CVE-2010-4527.patch] +2.6.32-squeeze-security: released (2.6.32-30) diff --git a/retired/CVE-2010-4649 b/retired/CVE-2010-4649 new file mode 100644 index 00000000..34813498 --- /dev/null +++ b/retired/CVE-2010-4649 @@ -0,0 +1,10 @@ +Candidate: CVE-2010-4649 +Description: IB/uverbs: Handle large number of entries in poll CQ +References: +Notes: +Bugs: +upstream: released (2.6.37) [7182afea8d1afd432a17c18162cc3fd441d0da93] +2.6.32-upstream-stable: released (2.6.32.28) +linux-2.6: released (2.6.32-30) +2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/ib-uverbs-handle-large-number-of-entries-in-poll-CQ.patch] +2.6.32-squeeze-security: released (2.6.32-30) diff --git a/retired/CVE-2010-4668 b/retired/CVE-2010-4668 new file mode 100644 index 00000000..1ef491c1 --- /dev/null +++ b/retired/CVE-2010-4668 @@ -0,0 +1,12 @@ +Candidate: CVE-2010-4668 +Description: +References: +Notes: + jmm> This ID is about the fact that the initial fix for CVE-2010-4163 + jmm> was incomplete +Bugs: +upstream: released (2.6.37) [5478755616ae2ef1ce144dded589b62b2a50d575] +2.6.32-upstream-stable: released (2.6.32.27) +linux-2.6: released (2.6.32-29) +2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/block-check-for-proper-length-of-iov-entries-earlier-in-blk_rq_map_user_iov.patch] +2.6.32-squeeze-security: released (2.6.32.27) |