From f011f50cc5b65699b9e55c7e54ab9d7050adf932 Mon Sep 17 00:00:00 2001 From: dann frazier Date: Thu, 17 Aug 2006 04:01:21 +0000 Subject: retire a few issues git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@555 e094ebfe-e918-0410-adfb-c712417f3574 --- active/CVE-2004-0997 | 25 ------------------------- active/CVE-2004-1074 | 39 --------------------------------------- active/CVE-2005-0124 | 22 ---------------------- active/CVE-2005-0179 | 20 -------------------- active/CVE-2005-0489 | 22 ---------------------- active/CVE-2006-0454 | 17 ----------------- retired/CVE-2004-0997 | 25 +++++++++++++++++++++++++ retired/CVE-2004-1074 | 39 +++++++++++++++++++++++++++++++++++++++ retired/CVE-2005-0124 | 22 ++++++++++++++++++++++ retired/CVE-2005-0179 | 20 ++++++++++++++++++++ retired/CVE-2005-0489 | 22 ++++++++++++++++++++++ retired/CVE-2006-0454 | 17 +++++++++++++++++ 12 files changed, 145 insertions(+), 145 deletions(-) delete mode 100644 active/CVE-2004-0997 delete mode 100644 active/CVE-2004-1074 delete mode 100644 active/CVE-2005-0124 delete mode 100644 active/CVE-2005-0179 delete mode 100644 active/CVE-2005-0489 delete mode 100644 active/CVE-2006-0454 create mode 100644 retired/CVE-2004-0997 create mode 100644 retired/CVE-2004-1074 create mode 100644 retired/CVE-2005-0124 create mode 100644 retired/CVE-2005-0179 create mode 100644 retired/CVE-2005-0489 create mode 100644 retired/CVE-2006-0454 diff --git a/active/CVE-2004-0997 b/active/CVE-2004-0997 deleted file mode 100644 index 219a27c37..000000000 --- a/active/CVE-2004-0997 +++ /dev/null @@ -1,25 +0,0 @@ -Candidate: CVE-2004-0997 -References: -Description: -Notes: - Still marked **RESERVED** - this is from the kernel-source-2.4.19 changelog: - * Applied patch by Thiemo Seufer to fix local ptrace root in the MIPS - ptrace implementation [arch/mips/kernel/scall_o32.S, - arch/mips/tools/offset.c, arch/mips64/kernel/scall_64.S, - arch/mips64/kernel/scall_o32.S, CAN-2004-0997] - ths: do you know if CVE-2004-0997 is fixed in 2.6? code is very - different from the 2.4.19 patch i have - dannf: Fixed long ago. -Bugs: -upstream: released -linux-2.6.16: N/A -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: ignored (2.4.27-10sarge3) -2.4.19-woody-security: released (2.4.19-4.woody3) -2.4.18-woody-security: released (2.4.18-14.4) -2.4.17-woody-security: released (2.4.17-1woody4) -2.4.16-woody-security: released (2.4.16-1woody3) -2.4.17-woody-security-hppa: released (32.5) -2.4.17-woody-security-ia64: released (011226.18) -2.4.18-woody-security-hppa: released (62.4) diff --git a/active/CVE-2004-1074 b/active/CVE-2004-1074 deleted file mode 100644 index 028b1dfe7..000000000 --- a/active/CVE-2004-1074 +++ /dev/null @@ -1,39 +0,0 @@ -Candidate: CVE-2004-1074 -References: - MLIST:[linux-kernel] 20041111 a.out issue - URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=110021173607372&w=2 - CONECTIVA:CLA-2005:930 - URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930 - FEDORA:FLSA:2336 - URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336 - MANDRAKE:MDKSA-2005:022 - URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022 - TRUSTIX:2005-0001 - URL:http://www.trustix.org/errata/2005/0001/ - BUGTRAQ:20041216 [USN-39-1] Linux amd64 kernel vulnerability - URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110322596918807&w=2 - XF:linux-aout-binary-dos(18290) - URL:http://xforce.iss.net/xforce/xfdb/18290 -Description: - The binfmt functionality in the Linux kernel, when "memory overcommit" is - enabled, allows local users to cause a denial of service (kernel oops) via a - malformed a.out binary. -Notes: - From Joey's 2.4.18-14.4 changelog: - * Applied patch by Chris Wright to not insert overlapping regions in - setup_arg_pages() [fs/exec.c, associated to CAN-2004-1074] - * Applied patch by Chris Wright to fix error handling in do_brk() when - setting up bss in a.out [fs/binfmt_aout.c, CAN-2004-1074] -Bugs: -upstream: released (2.6.10) -linux-2.6.16: N/A -linux-2.6: N/A -2.6.8-sarge-security: released (2.6.8-11) [binfmt-huge-vma-dos.dpatch, binfmt-huge-vma-dos2.dpatch] -2.4.27-sarge-security: released (2.4.27-7) [114-binfmt_aout-CVE-2004-1074.diff] -2.4.19-woody-security: released (2.4.19-4.woody3) -2.4.18-woody-security: released (2.4.18-14.4) -2.4.17-woody-security: released (2.4.17-1woody4) -2.4.16-woody-security: released (2.4.16-1woody3) -2.4.17-woody-security-hppa: released (32.5) -2.4.17-woody-security-ia64: released (011226.18) -2.4.18-woody-security-hppa: released (62.4) diff --git a/active/CVE-2005-0124 b/active/CVE-2005-0124 deleted file mode 100644 index 20ee77c94..000000000 --- a/active/CVE-2005-0124 +++ /dev/null @@ -1,22 +0,0 @@ -Candidate: CVE-2005-0124 -References: - MLIST:[linux-kernel] 20041216 [Coverity] Untrusted user data in kernel - URL:http://seclists.org/lists/linux-kernel/2004/Dec/3914.html - MLIST:[linux-kernel] 20050105 Re: [Coverity] Untrusted user data in kernel - URL:http://seclists.org/lists/linux-kernel/2005/Jan/1089.html - MLIST:[linux-kernel] 20050107 [PATCH 2.4.29-pre3-bk4] fs/coda Re: [Coverity] Untrusted user data in kernel - URL:http://seclists.org/lists/linux-kernel/2005/Jan/2018.html - MLIST:[linux-kernel] 20050107 [PATCH 2.6.10-mm2] fs/coda Re: [Coverity] Untrusted user data in kernel - URL:http://seclists.org/lists/linux-kernel/2005/Jan/2020.html -Description: - The coda_pioctl function in the coda functionality (pioctl.c) for Linux - kernel 2.6.9 and 2.4.x before 2.4.29 may allow local users to cause a denial - of service (crash) or execute arbitrary code via negative vi.in_size or - vi.out_size values, which may trigger a buffer overflow. -Notes: -Bugs: -upstream: released (2.6.11) -linux-2.6.16: N/A -linux-2.6: N/A -2.6.8-sarge-security: released (2.6.8-16sarge2) [fs_coda_coverty.dpatch] -2.4.27-sarge-security: released (2.4.27-8) diff --git a/active/CVE-2005-0179 b/active/CVE-2005-0179 deleted file mode 100644 index 323bf2c78..000000000 --- a/active/CVE-2005-0179 +++ /dev/null @@ -1,20 +0,0 @@ -Candidate: CVE-2005-0179 -References: - http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030660.html - http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930 - http://www.redhat.com/support/errata/RHSA-2005-092.html -Description: - Linux kernel 2.4.x and 2.6.x allows local users to cause a denial - of service (CPU and memory consumption) and bypass RLIM_MEMLOCK - limits via the mlockall call. -Notes: - jmm> The vulnerable code was only introduced in 2.6.9 - dannf> I believe this is fixed in: - http://linux.bkbits.net:8080/linux-2.6/cset@41e2d63eQyYc3q3MPkKLhEktFoqfUw?nav=index.html|src/|src/mm|related/mm/mmap.c - dannf> and since that was in 2.6.11, i'll mark upstream as such -Bugs: -upstream: released (2.6.11) -linux-2.6.16: N/A -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A diff --git a/active/CVE-2005-0489 b/active/CVE-2005-0489 deleted file mode 100644 index 3732e13bd..000000000 --- a/active/CVE-2005-0489 +++ /dev/null @@ -1,22 +0,0 @@ -Candidate: CVE-2005-0489 -References: -Description: - Applied patch by Marcelo Tosatti to fix - potential memory access to free memory in /proc handling -Notes: - still marked **RESERVED** - But it looks like Joey used this patch for his kernel-source-2.4.18 update: - http://linux.bkbits.net:8080/linux-2.4/cset@1.1359.1.22?nav=index.html|src/|src/fs|src/fs/proc|related/fs/proc/base.c -Bugs: -upstream: released (2.4.27-pre1) -linux-2.6.16: N/A -linux-2.6: N/A -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A -2.4.19-woody-security: released (2.4.19-4.woody3) -2.4.18-woody-security: released (2.4.18-14.4) -2.4.17-woody-security: released (2.4.17-1woody4) -2.4.16-woody-security: released (2.4.16-1woody3) -2.4.17-woody-security-hppa: released (32.5) -2.4.17-woody-security-ia64: released (011226.18) -2.4.18-woody-security-hppa: released (62.4) diff --git a/active/CVE-2006-0454 b/active/CVE-2006-0454 deleted file mode 100644 index e6dd533ff..000000000 --- a/active/CVE-2006-0454 +++ /dev/null @@ -1,17 +0,0 @@ -Candidate: CVE-2006-0454 -References: http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=fa60cf7f64a00c16e95717e8dccdb128877e342a -Description: Fix extra dst release when ip_options_echo fails - When two ip_route_output_key lookups in icmp_send were combined I - forgot to change the error path for ip_options_echo to not drop the - dst reference since it now sits before the dst lookup. To fix it we - simply jump past the ip_rt_put call. -Notes: - horms> appears to have been added by the following patch which was - horms> included in 2.6.12 - horms> http://www.kernel.org/git/?p=linux/kernel/git/tglx/history.git;a=commitdiff;h=2c7ec2528b5776bd64a7c1240879087198e57da9 -Bugs: -upstream: released (2.6.15.3) -linux-2.6.16: N/A -linux-2.6: released (2.6.16-5) [2.6.15.3.patch] -2.6.8-sarge-security: N/A -2.4.27-sarge-security: N/A diff --git a/retired/CVE-2004-0997 b/retired/CVE-2004-0997 new file mode 100644 index 000000000..219a27c37 --- /dev/null +++ b/retired/CVE-2004-0997 @@ -0,0 +1,25 @@ +Candidate: CVE-2004-0997 +References: +Description: +Notes: + Still marked **RESERVED** - this is from the kernel-source-2.4.19 changelog: + * Applied patch by Thiemo Seufer to fix local ptrace root in the MIPS + ptrace implementation [arch/mips/kernel/scall_o32.S, + arch/mips/tools/offset.c, arch/mips64/kernel/scall_64.S, + arch/mips64/kernel/scall_o32.S, CAN-2004-0997] + ths: do you know if CVE-2004-0997 is fixed in 2.6? code is very + different from the 2.4.19 patch i have + dannf: Fixed long ago. +Bugs: +upstream: released +linux-2.6.16: N/A +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: ignored (2.4.27-10sarge3) +2.4.19-woody-security: released (2.4.19-4.woody3) +2.4.18-woody-security: released (2.4.18-14.4) +2.4.17-woody-security: released (2.4.17-1woody4) +2.4.16-woody-security: released (2.4.16-1woody3) +2.4.17-woody-security-hppa: released (32.5) +2.4.17-woody-security-ia64: released (011226.18) +2.4.18-woody-security-hppa: released (62.4) diff --git a/retired/CVE-2004-1074 b/retired/CVE-2004-1074 new file mode 100644 index 000000000..028b1dfe7 --- /dev/null +++ b/retired/CVE-2004-1074 @@ -0,0 +1,39 @@ +Candidate: CVE-2004-1074 +References: + MLIST:[linux-kernel] 20041111 a.out issue + URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=110021173607372&w=2 + CONECTIVA:CLA-2005:930 + URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930 + FEDORA:FLSA:2336 + URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336 + MANDRAKE:MDKSA-2005:022 + URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022 + TRUSTIX:2005-0001 + URL:http://www.trustix.org/errata/2005/0001/ + BUGTRAQ:20041216 [USN-39-1] Linux amd64 kernel vulnerability + URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110322596918807&w=2 + XF:linux-aout-binary-dos(18290) + URL:http://xforce.iss.net/xforce/xfdb/18290 +Description: + The binfmt functionality in the Linux kernel, when "memory overcommit" is + enabled, allows local users to cause a denial of service (kernel oops) via a + malformed a.out binary. +Notes: + From Joey's 2.4.18-14.4 changelog: + * Applied patch by Chris Wright to not insert overlapping regions in + setup_arg_pages() [fs/exec.c, associated to CAN-2004-1074] + * Applied patch by Chris Wright to fix error handling in do_brk() when + setting up bss in a.out [fs/binfmt_aout.c, CAN-2004-1074] +Bugs: +upstream: released (2.6.10) +linux-2.6.16: N/A +linux-2.6: N/A +2.6.8-sarge-security: released (2.6.8-11) [binfmt-huge-vma-dos.dpatch, binfmt-huge-vma-dos2.dpatch] +2.4.27-sarge-security: released (2.4.27-7) [114-binfmt_aout-CVE-2004-1074.diff] +2.4.19-woody-security: released (2.4.19-4.woody3) +2.4.18-woody-security: released (2.4.18-14.4) +2.4.17-woody-security: released (2.4.17-1woody4) +2.4.16-woody-security: released (2.4.16-1woody3) +2.4.17-woody-security-hppa: released (32.5) +2.4.17-woody-security-ia64: released (011226.18) +2.4.18-woody-security-hppa: released (62.4) diff --git a/retired/CVE-2005-0124 b/retired/CVE-2005-0124 new file mode 100644 index 000000000..20ee77c94 --- /dev/null +++ b/retired/CVE-2005-0124 @@ -0,0 +1,22 @@ +Candidate: CVE-2005-0124 +References: + MLIST:[linux-kernel] 20041216 [Coverity] Untrusted user data in kernel + URL:http://seclists.org/lists/linux-kernel/2004/Dec/3914.html + MLIST:[linux-kernel] 20050105 Re: [Coverity] Untrusted user data in kernel + URL:http://seclists.org/lists/linux-kernel/2005/Jan/1089.html + MLIST:[linux-kernel] 20050107 [PATCH 2.4.29-pre3-bk4] fs/coda Re: [Coverity] Untrusted user data in kernel + URL:http://seclists.org/lists/linux-kernel/2005/Jan/2018.html + MLIST:[linux-kernel] 20050107 [PATCH 2.6.10-mm2] fs/coda Re: [Coverity] Untrusted user data in kernel + URL:http://seclists.org/lists/linux-kernel/2005/Jan/2020.html +Description: + The coda_pioctl function in the coda functionality (pioctl.c) for Linux + kernel 2.6.9 and 2.4.x before 2.4.29 may allow local users to cause a denial + of service (crash) or execute arbitrary code via negative vi.in_size or + vi.out_size values, which may trigger a buffer overflow. +Notes: +Bugs: +upstream: released (2.6.11) +linux-2.6.16: N/A +linux-2.6: N/A +2.6.8-sarge-security: released (2.6.8-16sarge2) [fs_coda_coverty.dpatch] +2.4.27-sarge-security: released (2.4.27-8) diff --git a/retired/CVE-2005-0179 b/retired/CVE-2005-0179 new file mode 100644 index 000000000..323bf2c78 --- /dev/null +++ b/retired/CVE-2005-0179 @@ -0,0 +1,20 @@ +Candidate: CVE-2005-0179 +References: + http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030660.html + http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930 + http://www.redhat.com/support/errata/RHSA-2005-092.html +Description: + Linux kernel 2.4.x and 2.6.x allows local users to cause a denial + of service (CPU and memory consumption) and bypass RLIM_MEMLOCK + limits via the mlockall call. +Notes: + jmm> The vulnerable code was only introduced in 2.6.9 + dannf> I believe this is fixed in: + http://linux.bkbits.net:8080/linux-2.6/cset@41e2d63eQyYc3q3MPkKLhEktFoqfUw?nav=index.html|src/|src/mm|related/mm/mmap.c + dannf> and since that was in 2.6.11, i'll mark upstream as such +Bugs: +upstream: released (2.6.11) +linux-2.6.16: N/A +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A diff --git a/retired/CVE-2005-0489 b/retired/CVE-2005-0489 new file mode 100644 index 000000000..3732e13bd --- /dev/null +++ b/retired/CVE-2005-0489 @@ -0,0 +1,22 @@ +Candidate: CVE-2005-0489 +References: +Description: + Applied patch by Marcelo Tosatti to fix + potential memory access to free memory in /proc handling +Notes: + still marked **RESERVED** + But it looks like Joey used this patch for his kernel-source-2.4.18 update: + http://linux.bkbits.net:8080/linux-2.4/cset@1.1359.1.22?nav=index.html|src/|src/fs|src/fs/proc|related/fs/proc/base.c +Bugs: +upstream: released (2.4.27-pre1) +linux-2.6.16: N/A +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: released (2.4.19-4.woody3) +2.4.18-woody-security: released (2.4.18-14.4) +2.4.17-woody-security: released (2.4.17-1woody4) +2.4.16-woody-security: released (2.4.16-1woody3) +2.4.17-woody-security-hppa: released (32.5) +2.4.17-woody-security-ia64: released (011226.18) +2.4.18-woody-security-hppa: released (62.4) diff --git a/retired/CVE-2006-0454 b/retired/CVE-2006-0454 new file mode 100644 index 000000000..e6dd533ff --- /dev/null +++ b/retired/CVE-2006-0454 @@ -0,0 +1,17 @@ +Candidate: CVE-2006-0454 +References: http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=fa60cf7f64a00c16e95717e8dccdb128877e342a +Description: Fix extra dst release when ip_options_echo fails + When two ip_route_output_key lookups in icmp_send were combined I + forgot to change the error path for ip_options_echo to not drop the + dst reference since it now sits before the dst lookup. To fix it we + simply jump past the ip_rt_put call. +Notes: + horms> appears to have been added by the following patch which was + horms> included in 2.6.12 + horms> http://www.kernel.org/git/?p=linux/kernel/git/tglx/history.git;a=commitdiff;h=2c7ec2528b5776bd64a7c1240879087198e57da9 +Bugs: +upstream: released (2.6.15.3) +linux-2.6.16: N/A +linux-2.6: released (2.6.16-5) [2.6.15.3.patch] +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A -- cgit v1.2.3