Secure testing commits - May 2005 - r1101 - sarge-checks/CAN

Author: jmm-guest
Date: 2005-05-19 13:01:43 +0000 (Thu, 19 May 2005)
New Revision: 1101

Modified:
   sarge-checks/CAN/list
Log:
Incorporate all info from the fixed 2.6.8-16 kernel upload.
We''ll have to check back for the 15sarge kernels.


Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list	2005-05-19 12:51:25 UTC (rev 1100)
+++ sarge-checks/CAN/list	2005-05-19 13:01:43 UTC (rev 1101)
@@ -1388,7 +1388,7 @@
 	NOTE: not-for-us (HP OpenView)
 CAN-2005-1369 (The (1) it87 and (2) via686a drivers in I2C for Linux 2.6.x
before ...)
 	NOTE: does not affect 2.4.27 per horms
-	- kernel-source-2.6.8 (unfixed; fix in svn; bug #307552)
+	- kernel-source-2.6.8 2.6.8-16
 	- kernel-source-2.6.11 (unfixed; fix in svn; bug #307552)
 CAN-2005-1368 (The key_user_lookup function in security/keys/key.c in Linux
kernel ...)
 	NOTE: does not affect 2.6.8, 2.4.27 per horms
@@ -1617,6 +1617,7 @@
 	NOTE: reserved
 CAN-2005-1264 [Local privilege escalation in the Linux kernel''s raw
ioctl]
 	- kernel-source-2.6.8 2.6.8-15sarge1
+	- kernel-source-2.6.8 2.6.8-16
 	- kernel-source-2.6.11 2.6.11-5
 CAN-2005-1263 [Linux kernel ELF core dump privilege escalation]
 	- kernel-source-2.6.11 2.6.11 2.6.11-4
@@ -2242,7 +2243,7 @@
 	- php4 4.3.10-10
 CAN-2005-1041 (The fib_seq_start function in fib_hash.c in Linux kernel allows
local ...)
 	- kernel-source-2.6.11 2.6.11-1
-	- kernel-source-2.6.8 (unfixed; fix in svn; bug #304548)
+	- kernel-source-2.6.8 2.6.8-16
 	NOTE: does not affect 2.4.27 per horms
 CAN-2005-1040 (Multiple unknown vulnerabilities in netapplet in Novell Linux
Desktop ...)
 	TODO: check whether Debian''s netapplet is vulnerable or whether this
is SuSE
@@ -2525,7 +2526,7 @@
 CAN-2005-0917 (PHP remote code injection vulnerability in index_header.php for
...)
 	NOTE: not-for-us (EncapsBB not in Debian)
 CAN-2005-0916 (AIO in the Linux kernel 2.6.11 on the PPC64 or IA64
architectures with ...)
-	- kernel-source-2.6.8-16
+	- kernel-source-2.6.8 2.6.8-16
 	NOTE: 2.4 doesn''t seem to be vulnerable
 CAN-2005-0915 (Webmasters-Debutants WD Guestbook 2.8 allows remote attackers to
...)
 	NOTE: not-for-us (Webmasters-Debutants WD Guestbook)
@@ -2883,7 +2884,7 @@
 	NOTE: not-for-us (Solaris)
 CAN-2005-0815 (Multiple "range checking flaws" in the ISO9660
filesystem handler in ...)
 	- kernel-source-2.6.8 2.6.8-16
-	- kernel-source-2.4.27-10
+	- kernel-source-2.4.27 2.4.27-10
 CAN-2005-0814 (Unknown vulnerability in lshd in Lysator LSH 1.x and 2.x before
2.0.1 ...)
 	{DSA-717-1}
 	- lsh-utils 2.0.1-1
@@ -3018,7 +3019,7 @@
 	- kernel-source-2.6.8 2.6.8-16
 CAN-2005-0749 [Linux kernel DoS vulnerability in elf_load_library()]
 	- kernel-source-2.6.8 2.6.8-16
-	- kernel-source-2.4.27-10
+	- kernel-source-2.4.27 2.4.27-10
 CAN-2003-1131 (PHP remote code injection vulnerability in index.php in ...)
 	NOTE: not-for-us (ActiveCampaign KnowledgeBuilder)
 CAN-2002-1601 (The Connectables feature in Adobe PhotoDeluxe 3.1 prepends the
Adobe ...)
@@ -6164,14 +6165,9 @@
 CAN-2004-1192 (Format string vulnerability in the lprintf function in
Citadel/UX 6.27 ...)
 	NOTE: not-for-us (Citadel/UX)
 CAN-2004-1191 (Race condition in SuSE Linux 8.1 through 9.2, when run on SMP
systems ...)
-	NOTE: joshk says he doesn''t understand this one
-	NOTE: 2.4.27 is ok, 2.6.8 is vulnerable, 2.6.10 is ok
-	NOTE: http://xforce.iss.net/xforce/xfdb/18137
-	NOTE: 2.6.8 needs this patch:
http://linux.bkbits.net:8080/linux-2.6/patch@1.1938.197.15?nav=cset@1.1938.197.15
-	NOTE: was bug #300163
-	NOTE: turns out that kernel-source-2.6.8 2.6.8-14 was incompletly fixed
-	kernel-source-2.6.8 2.6.8-16
-	kernel-source-2.4.27 2.4.27-6
+	NOTE: turned out that kernel-source-2.6.8 2.6.8-14 was incompletly fixed
+	- kernel-source-2.6.8 2.6.8-16
+	- kernel-source-2.4.27 2.4.27-6
 CAN-2004-1190 (SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9
do not ...)
 	NOTE: Response from Suse people reveals that
http://linux.bkbits.net:8080/linux-2.6/hist/drivers/block/scsi_ioctl.c
 	NOTE: has a misleading entry titled "Fix exploitable hole"
@@ -7126,8 +7122,8 @@
 	NOTE: All 2.4 and 2.6 kernels verify the TCP sequence numbering when errors
occur
 	NOTE: Kernel will never abort due to an ICMP packet
 CAN-2004-0790 (Multiple TCP/IP and ICMP implementations allow remote attackers
to ...)
-	- kernel-source-2.6.8-16
-	- kernel-source-2.4.27-10
+	- kernel-source-2.6.8 2.6.8-16
+	- kernel-source-2.4.27 2.4.27-10
 CAN-2004-0789
 	NOTE: reserved
 CAN-2004-0788 (Integer overflow in the ICO image decoder for (1) gdk-pixbuf
before ...)