[kernel-sec-discuss] r2136 - active retired

Wed Jan 12 19:46:05 UTC 2011

Author: jmm
Date: 2011-01-12 19:45:55 +0000 (Wed, 12 Jan 2011)
New Revision: 2136

Added:
   retired/CVE-2010-4160
   retired/CVE-2010-4161
   retired/CVE-2010-4175
Removed:
   active/CVE-2010-4160
   active/CVE-2010-4161
   active/CVE-2010-4175
Log:
retire issues


Deleted: active/CVE-2010-4160
===================================================================

--- active/CVE-2010-4160	2011-01-12 19:32:35 UTC (rev 2135)
+++ active/CVE-2010-4160	2011-01-12 19:45:55 UTC (rev 2136)
@@ -1,12 +0,0 @@
-Candidate: CVE-2010-4160
-Description: L2TP send buffer allocation size overflows
-References:
-Notes:
- jmm> In earlier kernels the code resides in drivers/net/pppol2tp.c
- jmm> http://article.gmane.org/gmane.comp.security.oss.general/3775
-Bugs:
-upstream: released (2.6.37-rc1) [253eacc070b114c2ec1f81b067d2fed7305467b0 8acfe468b0384e834a303f08ebc4953d72fb690a]
-2.6.32-upstream-stable: released (2.6.32.27) [3543e68e, f342cb14f]
-linux-2.6: released (2.6.32-27)
-2.6.26-lenny-security: released (2.6.26-26lenny1) [bugfix/all/net-truncate-recvfrom-and-sendto-length-to-INT_MAX.patch, bugfix/all/net-limit-socket-io-iovec-total-length-to-INT_MAX.patch]
-2.6.32-squeeze-security: released (2.6.32-27)

Deleted: active/CVE-2010-4161
===================================================================
--- active/CVE-2010-4161	2011-01-12 19:32:35 UTC (rev 2135)
+++ active/CVE-2010-4161	2011-01-12 19:45:55 UTC (rev 2136)
@@ -1,18 +0,0 @@
-Candidate: CVE-2010-4161
-Description:
-References:
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4161
-Notes:
- jmm> The referenced patch ended up in 2.6.26.6, which was
- jmm> pulled into the Lenny package. I find the statement in
- jmm> https://bugzilla.redhat.com/show_bug.cgi?id=652534#c4
- jmm> a bit confusing, why should RHEL6 have backported 
- jmm> fda9ef5d, the commit is from 2006?
- jmm> Marking 2.6.27 as fixed upstream, since it includes
- jmm> 93821778 
-Bugs:
-upstream: released (2.6.27)
-2.6.32-upstream-stable: N/A
-linux-2.6: released (2.6.28-1)
-2.6.26-lenny-security: N/A "already have rcu protection; reproducer fails"
-2.6.32-squeeze-security: N/A

Deleted: active/CVE-2010-4175
===================================================================
--- active/CVE-2010-4175	2011-01-12 19:32:35 UTC (rev 2135)
+++ active/CVE-2010-4175	2011-01-12 19:45:55 UTC (rev 2136)
@@ -1,11 +0,0 @@
-Candidate: CVE-2010-4175
-Description:
-References:
- http://marc.info/?l=linux-netdev&m=129001184803080&w=2
-Notes:
-Bugs:
-upstream: released (2.6.37-rc3) [218854af84038d828a32f061858b1902ed2beec6]
-2.6.32-upstream-stable: released (2.6.32.27)
-linux-2.6: released (2.6.32-28) [bugfix/all/rds-Integer-overflow-in-RDS-cmsg-handling.patch]
-2.6.26-lenny-security: N/A "rds interface was introduced in 2.6.30"
-2.6.32-squeeze-security: released (2.6.32-28) [bugfix/all/rds-Integer-overflow-in-RDS-cmsg-handling.patch]

Copied: retired/CVE-2010-4160 (from rev 2133, active/CVE-2010-4160)
===================================================================
--- retired/CVE-2010-4160	                        (rev 0)
+++ retired/CVE-2010-4160	2011-01-12 19:45:55 UTC (rev 2136)
@@ -0,0 +1,12 @@
+Candidate: CVE-2010-4160
+Description: L2TP send buffer allocation size overflows
+References:
+Notes:
+ jmm> In earlier kernels the code resides in drivers/net/pppol2tp.c
+ jmm> http://article.gmane.org/gmane.comp.security.oss.general/3775
+Bugs:
+upstream: released (2.6.37-rc1) [253eacc070b114c2ec1f81b067d2fed7305467b0 8acfe468b0384e834a303f08ebc4953d72fb690a]
+2.6.32-upstream-stable: released (2.6.32.27) [3543e68e, f342cb14f]
+linux-2.6: released (2.6.32-27)
+2.6.26-lenny-security: released (2.6.26-26lenny1) [bugfix/all/net-truncate-recvfrom-and-sendto-length-to-INT_MAX.patch, bugfix/all/net-limit-socket-io-iovec-total-length-to-INT_MAX.patch]
+2.6.32-squeeze-security: released (2.6.32-27)

Copied: retired/CVE-2010-4161 (from rev 2133, active/CVE-2010-4161)
===================================================================
--- retired/CVE-2010-4161	                        (rev 0)
+++ retired/CVE-2010-4161	2011-01-12 19:45:55 UTC (rev 2136)
@@ -0,0 +1,18 @@
+Candidate: CVE-2010-4161
+Description:
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4161
+Notes:
+ jmm> The referenced patch ended up in 2.6.26.6, which was
+ jmm> pulled into the Lenny package. I find the statement in
+ jmm> https://bugzilla.redhat.com/show_bug.cgi?id=652534#c4
+ jmm> a bit confusing, why should RHEL6 have backported 
+ jmm> fda9ef5d, the commit is from 2006?
+ jmm> Marking 2.6.27 as fixed upstream, since it includes
+ jmm> 93821778 
+Bugs:
+upstream: released (2.6.27)
+2.6.32-upstream-stable: N/A
+linux-2.6: released (2.6.28-1)
+2.6.26-lenny-security: N/A "already have rcu protection; reproducer fails"
+2.6.32-squeeze-security: N/A

Copied: retired/CVE-2010-4175 (from rev 2133, active/CVE-2010-4175)
===================================================================
--- retired/CVE-2010-4175	                        (rev 0)
+++ retired/CVE-2010-4175	2011-01-12 19:45:55 UTC (rev 2136)
@@ -0,0 +1,11 @@
+Candidate: CVE-2010-4175
+Description:
+References:
+ http://marc.info/?l=linux-netdev&m=129001184803080&w=2
+Notes:
+Bugs:
+upstream: released (2.6.37-rc3) [218854af84038d828a32f061858b1902ed2beec6]
+2.6.32-upstream-stable: released (2.6.32.27)
+linux-2.6: released (2.6.32-28) [bugfix/all/rds-Integer-overflow-in-RDS-cmsg-handling.patch]
+2.6.26-lenny-security: N/A "rds interface was introduced in 2.6.30"
+2.6.32-squeeze-security: released (2.6.32-28) [bugfix/all/rds-Integer-overflow-in-RDS-cmsg-handling.patch]


