From cffb363c568e15bb95549d0c5746068cca9c94bf Mon Sep 17 00:00:00 2001
From: dann frazier <dannf@debian.org>
Date: Sun, 20 Jul 2008 21:58:00 +0000
Subject: Debian updates; retire several issues

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1197 e094ebfe-e918-0410-adfb-c712417f3574
---
 retired/CVE-2007-6694 | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 retired/CVE-2007-6694

(limited to 'retired/CVE-2007-6694')

diff --git a/retired/CVE-2007-6694 b/retired/CVE-2007-6694
new file mode 100644
index 00000000..15e09d05
--- /dev/null
+++ b/retired/CVE-2007-6694
@@ -0,0 +1,28 @@
+Candidate: CVE-2007-6694
+Description: 
+ The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21
+ through 2.6.18-53, when running on PowerPC, might allow local users
+ to cause a denial of service (crash) via unknown vectors that cause
+ the of_get_property function to fail, which triggers a NULL pointer
+ dereference. 
+References: 
+ http://marc.info/?l=linux-kernel&m=119576191029571&w=2
+Ubuntu-Description: 
+ It was discovered that PowerPC kernels did not correctly handle reporting
+ certain system details.  By requesting a specific set of information,
+ a local attacker could cause a system crash resulting in a denial
+ of service.
+Notes: 
+ jmm> This appears more of a regular bug with a specific piece of hw
+ jmm> than a security problem. Do we support the chrp POWER platform?
+Bugs: 
+upstream: 
+linux-2.6: 
+2.6.18-etch-security: released (2.6.18.dfsg.1-18etch2) [bugfix/powerpc-chrp-null-deref.patch]
+2.6.8-sarge-security: released (2.6.8-17sarge2) [powerpc-chrp-null-deref.dpatch]
+2.4.27-sarge-security: released (2.4.27-10sarge6) [265_powerpc-chrp-null-deref.diff]
+2.6.15-dapper-security: released (2.6.15-52.67)
+2.6.17-edgy-security: ignored (EOL)
+2.6.20-feisty-security: released (2.6.20-17.36)
+2.6.22-gutsy-security: released (2.6.22-15.54)
+2.6.24-hardy-security: released (2.6.24-19.34)
-- 
cgit v1.2.3