[kernel-sec-discuss] r2178 - active retired
Moritz Muehlenhoff
jmm at alioth.debian.org
Sun Jan 30 11:29:48 UTC 2011
Author: jmm
Date: 2011-01-30 11:29:31 +0000 (Sun, 30 Jan 2011)
New Revision: 2178
Added:
retired/CVE-2010-0435
retired/CVE-2010-4162
retired/CVE-2010-4163
retired/CVE-2010-4242
retired/CVE-2010-4258
retired/CVE-2010-4346
retired/CVE-2010-4526
retired/CVE-2010-4527
retired/CVE-2010-4649
retired/CVE-2010-4668
Removed:
active/CVE-2010-0435
active/CVE-2010-4162
active/CVE-2010-4163
active/CVE-2010-4242
active/CVE-2010-4258
active/CVE-2010-4346
active/CVE-2010-4526
active/CVE-2010-4527
active/CVE-2010-4649
active/CVE-2010-4668
Log:
retire issues
Deleted: active/CVE-2010-0435
===================================================================
--- active/CVE-2010-0435 2011-01-30 11:26:46 UTC (rev 2177)
+++ active/CVE-2010-0435 2011-01-30 11:29:31 UTC (rev 2178)
@@ -1,15 +0,0 @@
-Candidate: CVE-2010-0435
-Description:
- kvm null ptr dereference
-References:
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0435
-Notes:
- jmm> RHEL patch commited as patches/CVE-2010-0435-kvm-kernel-fix-null-pointer-dereference.patch
- jmm> The kernel.org version is quite different, though. Maybe it's only exploitable in
- jmm> combination with the plethora of KVM patches added by Red Hat?
-Bugs:
-upstream: released (2.6.34)
-2.6.32-upstream-stable: released (2.6.32.27)
-linux-2.6: released (2.6.32-29) [bugfix/all/stable/2.6.32.27.patch]
-2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/x86/kvm-vmx-fix-vmx-null-pointer-dereference-on-debug-register-access.patch]
-2.6.32-squeeze-security: released (2.6.32-29) [bugfix/all/stable/2.6.32.27.patch]
Deleted: active/CVE-2010-4162
===================================================================
--- active/CVE-2010-4162 2011-01-30 11:26:46 UTC (rev 2177)
+++ active/CVE-2010-4162 2011-01-30 11:29:31 UTC (rev 2178)
@@ -1,11 +0,0 @@
-Candidate: CVE-2010-4162
-Description: DoS in block layer
-References:
- http://git.kernel.org/?p=linux/kernel/git/axboe/linux-2.6-block.git;a=commitdiff;h=cb4644cac4a2797afc847e6c92736664d4b0ea34;hp=f3f63c1c28bc861a931fac283b5bc3585efb8967
-Notes:
-Bugs:
-upstream: released (2.6.37) [cb4644cac4a2797afc847e6c92736664d4b0ea34]
-2.6.32-upstream-stable: released (2.6.32.27)
-linux-2.6: released (2.6.32-29) [bugfix/all/stable/2.6.32.27.patch]
-2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/bio-take-care-not-overflow-page-count-when-mapping-copying-user-data.patch]
-2.6.32-squeeze-security: released (2.6.32-29) [bugfix/all/stable/2.6.32.27.patch]
Deleted: active/CVE-2010-4163
===================================================================
--- active/CVE-2010-4163 2011-01-30 11:26:46 UTC (rev 2177)
+++ active/CVE-2010-4163 2011-01-30 11:29:31 UTC (rev 2178)
@@ -1,12 +0,0 @@
-Candidate: CVE-2010-4163
-Description:
-References:
- http://git.kernel.org/?p=linux/kernel/git/axboe/linux-2.6-block.git;a=commit;h=9284bcf4e335e5f18a8bc7b26461c33ab60d0689
-Notes:
- Also needs https://patchwork.kernel.org/patch/363282/
-Bugs:
-upstream: released (2.6.37) [9284bcf4e335e5f18a8bc7b26461c33ab60d0689, 5478755616ae2ef1ce144dded589b62b2a50d575]
-2.6.32-upstream-stable: released (2.6.32.27)
-linux-2.6: released (2.6.32-29) [debian/patches/bugfix/all/stable/2.6.32.27.patch]
-2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/block-check-for-proper-length-of-iov-entries-in-blk_rq_map_user_iov.patch]
-2.6.32-squeeze-security: released (2.6.32-29) [bugfix/all/stable/2.6.32.27.patch]
Deleted: active/CVE-2010-4242
===================================================================
--- active/CVE-2010-4242 2011-01-30 11:26:46 UTC (rev 2177)
+++ active/CVE-2010-4242 2011-01-30 11:29:31 UTC (rev 2178)
@@ -1,12 +0,0 @@
-Candidate: CVE-2010-4242
-Description: missing tty ops write function presence check in hci_uart_tty_open()
-References:
- https://bugzilla.redhat.com/show_bug.cgi?id=641410
- http://git.kernel.org/linus/c19483cc5e56ac5e22dd19cf25ba210ab1537773
-Notes:
-Bugs:
-upstream: released (2.6.37) [c19483cc5e56ac5e22dd19cf25ba210ab1537773]
-2.6.32-upstream-stable: released (2.6.36.26)
-linux-2.6: released (2.6.32-28) [bugfix/all/stable/2.6.32.26.patch]
-2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/bluetooth-fix-missing-NULL-check.patch]
-2.6.32-squeeze-security: released (2.6.32-28) [bugfix/all/stable/2.6.32.26.patch]
Deleted: active/CVE-2010-4258
===================================================================
--- active/CVE-2010-4258 2011-01-30 11:26:46 UTC (rev 2177)
+++ active/CVE-2010-4258 2011-01-30 11:29:31 UTC (rev 2178)
@@ -1,12 +0,0 @@
-Candidate: CVE-2010-4258
-Description: failure to revert address limit override in OOPS error path
-References:
- http://marc.info/?l=linux-kernel&m=129117048916957&w=2
-Notes:
- exploit released -> high urgency: http://seclists.org/fulldisclosure/2010/Dec/85
-Bugs:
-upstream: released (2.6.37-rc4) [33dd94ae1ccbfb7bf0fb6c692bc3d1c4269e6177]
-2.6.32-upstream-stable: released (2.6.32.27)
-linux-2.6: released (2.6.32-29) [bugfix/all/stable/2.6.32.27.patch]
-2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/do_exit-make-sure-that-we-run-with-get_fs-USER_DS.patch]
-2.6.32-squeeze-security: released (2.6.32-29) [bugfix/all/stable/2.6.32.27.patch]
Deleted: active/CVE-2010-4346
===================================================================
--- active/CVE-2010-4346 2011-01-30 11:26:46 UTC (rev 2177)
+++ active/CVE-2010-4346 2011-01-30 11:29:31 UTC (rev 2178)
@@ -1,12 +0,0 @@
-Candidate: CVE-2010-4346
-Description:
-References:
- https://lkml.org/lkml/2010/12/9/222
- https://bugzilla.redhat.com/show_bug.cgi?id=662189
-Notes:
-Bugs:
-upstream: released (2.6.37) [462e635e5b73ba9a4c03913b77138cd57ce4b050]
-2.6.32-upstream-stable: released (2.6.32.28)
-linux-2.6: released (2.6.32-30)
-2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/install_special_mapping-skips-security_file_mmap_check.patch]
-2.6.32-squeeze-security: released (2.6.32-30)
Deleted: active/CVE-2010-4526
===================================================================
--- active/CVE-2010-4526 2011-01-30 11:26:46 UTC (rev 2177)
+++ active/CVE-2010-4526 2011-01-30 11:29:31 UTC (rev 2178)
@@ -1,10 +0,0 @@
-Candidate: CVE-2010-4526
-Description: sctp: a race between ICMP protocol unreachable and connect()
-References:
-Notes:
-Bugs:
-upstream: released (2.6.34) [50b5d6ad63821cea324a5a7a19854d4de1a0a819]
-2.6.32-upstream-stable: released (2.6.32.28)
-linux-2.6: released (2.6.32-30)
-2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/CVE-2010-4526]
-2.6.32-squeeze-security: released (2.6.32-30)
Deleted: active/CVE-2010-4527
===================================================================
--- active/CVE-2010-4527 2011-01-30 11:26:46 UTC (rev 2177)
+++ active/CVE-2010-4527 2011-01-30 11:29:31 UTC (rev 2178)
@@ -1,10 +0,0 @@
-Candidate: CVE-2010-4527
-Description: buffer overflow in OSS load_mixer_volumes
-References:
-Notes:
-Bugs:
-upstream: released (2.6.37) [d81a12bc29ae4038770e05dce4ab7f26fd5880fb]
-2.6.32-upstream-stable: released (2.6.32.28)
-linux-2.6: released (2.6.32-30)
-2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/CVE-2010-4527.patch]
-2.6.32-squeeze-security: released (2.6.32-30)
Deleted: active/CVE-2010-4649
===================================================================
--- active/CVE-2010-4649 2011-01-30 11:26:46 UTC (rev 2177)
+++ active/CVE-2010-4649 2011-01-30 11:29:31 UTC (rev 2178)
@@ -1,10 +0,0 @@
-Candidate: CVE-2010-4649
-Description: IB/uverbs: Handle large number of entries in poll CQ
-References:
-Notes:
-Bugs:
-upstream: released (2.6.37) [7182afea8d1afd432a17c18162cc3fd441d0da93]
-2.6.32-upstream-stable: released (2.6.32.28)
-linux-2.6: released (2.6.32-30)
-2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/ib-uverbs-handle-large-number-of-entries-in-poll-CQ.patch]
-2.6.32-squeeze-security: released (2.6.32-30)
Deleted: active/CVE-2010-4668
===================================================================
--- active/CVE-2010-4668 2011-01-30 11:26:46 UTC (rev 2177)
+++ active/CVE-2010-4668 2011-01-30 11:29:31 UTC (rev 2178)
@@ -1,12 +0,0 @@
-Candidate: CVE-2010-4668
-Description:
-References:
-Notes:
- jmm> This ID is about the fact that the initial fix for CVE-2010-4163
- jmm> was incomplete
-Bugs:
-upstream: released (2.6.37) [5478755616ae2ef1ce144dded589b62b2a50d575]
-2.6.32-upstream-stable: released (2.6.32.27)
-linux-2.6: released (2.6.32-29)
-2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/block-check-for-proper-length-of-iov-entries-earlier-in-blk_rq_map_user_iov.patch]
-2.6.32-squeeze-security: released (2.6.32.27)
Copied: retired/CVE-2010-0435 (from rev 2177, active/CVE-2010-0435)
===================================================================
--- retired/CVE-2010-0435 (rev 0)
+++ retired/CVE-2010-0435 2011-01-30 11:29:31 UTC (rev 2178)
@@ -0,0 +1,15 @@
+Candidate: CVE-2010-0435
+Description:
+ kvm null ptr dereference
+References:
+ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0435
+Notes:
+ jmm> RHEL patch commited as patches/CVE-2010-0435-kvm-kernel-fix-null-pointer-dereference.patch
+ jmm> The kernel.org version is quite different, though. Maybe it's only exploitable in
+ jmm> combination with the plethora of KVM patches added by Red Hat?
+Bugs:
+upstream: released (2.6.34)
+2.6.32-upstream-stable: released (2.6.32.27)
+linux-2.6: released (2.6.32-29) [bugfix/all/stable/2.6.32.27.patch]
+2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/x86/kvm-vmx-fix-vmx-null-pointer-dereference-on-debug-register-access.patch]
+2.6.32-squeeze-security: released (2.6.32-29) [bugfix/all/stable/2.6.32.27.patch]
Copied: retired/CVE-2010-4162 (from rev 2177, active/CVE-2010-4162)
===================================================================
--- retired/CVE-2010-4162 (rev 0)
+++ retired/CVE-2010-4162 2011-01-30 11:29:31 UTC (rev 2178)
@@ -0,0 +1,11 @@
+Candidate: CVE-2010-4162
+Description: DoS in block layer
+References:
+ http://git.kernel.org/?p=linux/kernel/git/axboe/linux-2.6-block.git;a=commitdiff;h=cb4644cac4a2797afc847e6c92736664d4b0ea34;hp=f3f63c1c28bc861a931fac283b5bc3585efb8967
+Notes:
+Bugs:
+upstream: released (2.6.37) [cb4644cac4a2797afc847e6c92736664d4b0ea34]
+2.6.32-upstream-stable: released (2.6.32.27)
+linux-2.6: released (2.6.32-29) [bugfix/all/stable/2.6.32.27.patch]
+2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/bio-take-care-not-overflow-page-count-when-mapping-copying-user-data.patch]
+2.6.32-squeeze-security: released (2.6.32-29) [bugfix/all/stable/2.6.32.27.patch]
Copied: retired/CVE-2010-4163 (from rev 2177, active/CVE-2010-4163)
===================================================================
--- retired/CVE-2010-4163 (rev 0)
+++ retired/CVE-2010-4163 2011-01-30 11:29:31 UTC (rev 2178)
@@ -0,0 +1,12 @@
+Candidate: CVE-2010-4163
+Description:
+References:
+ http://git.kernel.org/?p=linux/kernel/git/axboe/linux-2.6-block.git;a=commit;h=9284bcf4e335e5f18a8bc7b26461c33ab60d0689
+Notes:
+ Also needs https://patchwork.kernel.org/patch/363282/
+Bugs:
+upstream: released (2.6.37) [9284bcf4e335e5f18a8bc7b26461c33ab60d0689, 5478755616ae2ef1ce144dded589b62b2a50d575]
+2.6.32-upstream-stable: released (2.6.32.27)
+linux-2.6: released (2.6.32-29) [debian/patches/bugfix/all/stable/2.6.32.27.patch]
+2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/block-check-for-proper-length-of-iov-entries-in-blk_rq_map_user_iov.patch]
+2.6.32-squeeze-security: released (2.6.32-29) [bugfix/all/stable/2.6.32.27.patch]
Copied: retired/CVE-2010-4242 (from rev 2177, active/CVE-2010-4242)
===================================================================
--- retired/CVE-2010-4242 (rev 0)
+++ retired/CVE-2010-4242 2011-01-30 11:29:31 UTC (rev 2178)
@@ -0,0 +1,12 @@
+Candidate: CVE-2010-4242
+Description: missing tty ops write function presence check in hci_uart_tty_open()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=641410
+ http://git.kernel.org/linus/c19483cc5e56ac5e22dd19cf25ba210ab1537773
+Notes:
+Bugs:
+upstream: released (2.6.37) [c19483cc5e56ac5e22dd19cf25ba210ab1537773]
+2.6.32-upstream-stable: released (2.6.36.26)
+linux-2.6: released (2.6.32-28) [bugfix/all/stable/2.6.32.26.patch]
+2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/bluetooth-fix-missing-NULL-check.patch]
+2.6.32-squeeze-security: released (2.6.32-28) [bugfix/all/stable/2.6.32.26.patch]
Copied: retired/CVE-2010-4258 (from rev 2177, active/CVE-2010-4258)
===================================================================
--- retired/CVE-2010-4258 (rev 0)
+++ retired/CVE-2010-4258 2011-01-30 11:29:31 UTC (rev 2178)
@@ -0,0 +1,12 @@
+Candidate: CVE-2010-4258
+Description: failure to revert address limit override in OOPS error path
+References:
+ http://marc.info/?l=linux-kernel&m=129117048916957&w=2
+Notes:
+ exploit released -> high urgency: http://seclists.org/fulldisclosure/2010/Dec/85
+Bugs:
+upstream: released (2.6.37-rc4) [33dd94ae1ccbfb7bf0fb6c692bc3d1c4269e6177]
+2.6.32-upstream-stable: released (2.6.32.27)
+linux-2.6: released (2.6.32-29) [bugfix/all/stable/2.6.32.27.patch]
+2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/do_exit-make-sure-that-we-run-with-get_fs-USER_DS.patch]
+2.6.32-squeeze-security: released (2.6.32-29) [bugfix/all/stable/2.6.32.27.patch]
Copied: retired/CVE-2010-4346 (from rev 2177, active/CVE-2010-4346)
===================================================================
--- retired/CVE-2010-4346 (rev 0)
+++ retired/CVE-2010-4346 2011-01-30 11:29:31 UTC (rev 2178)
@@ -0,0 +1,12 @@
+Candidate: CVE-2010-4346
+Description:
+References:
+ https://lkml.org/lkml/2010/12/9/222
+ https://bugzilla.redhat.com/show_bug.cgi?id=662189
+Notes:
+Bugs:
+upstream: released (2.6.37) [462e635e5b73ba9a4c03913b77138cd57ce4b050]
+2.6.32-upstream-stable: released (2.6.32.28)
+linux-2.6: released (2.6.32-30)
+2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/install_special_mapping-skips-security_file_mmap_check.patch]
+2.6.32-squeeze-security: released (2.6.32-30)
Copied: retired/CVE-2010-4526 (from rev 2177, active/CVE-2010-4526)
===================================================================
--- retired/CVE-2010-4526 (rev 0)
+++ retired/CVE-2010-4526 2011-01-30 11:29:31 UTC (rev 2178)
@@ -0,0 +1,10 @@
+Candidate: CVE-2010-4526
+Description: sctp: a race between ICMP protocol unreachable and connect()
+References:
+Notes:
+Bugs:
+upstream: released (2.6.34) [50b5d6ad63821cea324a5a7a19854d4de1a0a819]
+2.6.32-upstream-stable: released (2.6.32.28)
+linux-2.6: released (2.6.32-30)
+2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/CVE-2010-4526]
+2.6.32-squeeze-security: released (2.6.32-30)
Copied: retired/CVE-2010-4527 (from rev 2177, active/CVE-2010-4527)
===================================================================
--- retired/CVE-2010-4527 (rev 0)
+++ retired/CVE-2010-4527 2011-01-30 11:29:31 UTC (rev 2178)
@@ -0,0 +1,10 @@
+Candidate: CVE-2010-4527
+Description: buffer overflow in OSS load_mixer_volumes
+References:
+Notes:
+Bugs:
+upstream: released (2.6.37) [d81a12bc29ae4038770e05dce4ab7f26fd5880fb]
+2.6.32-upstream-stable: released (2.6.32.28)
+linux-2.6: released (2.6.32-30)
+2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/CVE-2010-4527.patch]
+2.6.32-squeeze-security: released (2.6.32-30)
Copied: retired/CVE-2010-4649 (from rev 2177, active/CVE-2010-4649)
===================================================================
--- retired/CVE-2010-4649 (rev 0)
+++ retired/CVE-2010-4649 2011-01-30 11:29:31 UTC (rev 2178)
@@ -0,0 +1,10 @@
+Candidate: CVE-2010-4649
+Description: IB/uverbs: Handle large number of entries in poll CQ
+References:
+Notes:
+Bugs:
+upstream: released (2.6.37) [7182afea8d1afd432a17c18162cc3fd441d0da93]
+2.6.32-upstream-stable: released (2.6.32.28)
+linux-2.6: released (2.6.32-30)
+2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/ib-uverbs-handle-large-number-of-entries-in-poll-CQ.patch]
+2.6.32-squeeze-security: released (2.6.32-30)
Copied: retired/CVE-2010-4668 (from rev 2177, active/CVE-2010-4668)
===================================================================
--- retired/CVE-2010-4668 (rev 0)
+++ retired/CVE-2010-4668 2011-01-30 11:29:31 UTC (rev 2178)
@@ -0,0 +1,12 @@
+Candidate: CVE-2010-4668
+Description:
+References:
+Notes:
+ jmm> This ID is about the fact that the initial fix for CVE-2010-4163
+ jmm> was incomplete
+Bugs:
+upstream: released (2.6.37) [5478755616ae2ef1ce144dded589b62b2a50d575]
+2.6.32-upstream-stable: released (2.6.32.27)
+linux-2.6: released (2.6.32-29)
+2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/block-check-for-proper-length-of-iov-entries-earlier-in-blk_rq_map_user_iov.patch]
+2.6.32-squeeze-security: released (2.6.32.27)
More information about the kernel-sec-discuss
mailing list