Debian updates; retire several issues

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1197 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 26 insertions, 0 deletions

diff --git a/retired/CVE-2007-4133 b/retired/CVE-2007-4133
new file mode 100644
index 00000000..e1c71246
--- /dev/null
+++ b/retired/CVE-2007-4133
@@ -0,0 +1,26 @@
+Candidate: CVE-2007-4133
+References: 
+ http://git.kernel.org/gitweb.cgi?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=856fc29505556cf263f3dcda2533cf3766c14ab6
+ https://bugzilla.redhat.com/show_bug.cgi?id=253926
+Description: 
+ The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions
+ in fs/hugetlbfs/inode.c in the Linux kernel before 2.6.19-rc4 perform
+ certain prio_tree calculations using HPAGE_SIZE instead of PAGE_SIZE
+ units, which allows local users to cause a denial of service (panic)
+ via unspecified vectors.
+Ubuntu-Description: 
+ Certain calculations in the hugetlb code were not correct.  A local
+ attacker could exploit this to cause a kernel panic, leading to a denial
+ of service.
+Notes: 
+ jmm> 2.4 doesn't contain hugetlbfs
+Bugs: 
+upstream: released (2.6.19)
+linux-2.6: released (2.6.20-1)
+2.6.18-etch-security: released (2.6.18.dfsg.1-13etch4) [bugfix/hugetlb-prio_tree-unit-fix.patch]
+2.6.8-sarge-security: released (2.6.8-17sarge1) [hugetlb-prio_tree-unit-fix.dpatch]
+2.4.27-sarge-security: N/A
+2.6.15-dapper-security: released (2.6.15-29.61)
+2.6.17-edgy-security: released (2.6.17.1-12.42)
+2.6.20-feisty-security: N/A
+2.6.22-gutsy-security: N/A