Author: micah Date: 2005-02-19 18:10:59 +0100 (Sat, 19 Feb 2005) New Revision: 451 Modified: sarge-checks/CAN/list Log: Resolved a few of the new kernel CANs Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-02-19 11:38:01 UTC (rev 450) +++ sarge-checks/CAN/list 2005-02-19 17:10:59 UTC (rev 451) @@ -998,13 +998,22 @@ - kernel-source-2.6.10 2.6.10-4 CAN-2005-0178 (Race condition in the setsid function in Linux before 2.6.8.1 has ...) NOTE: see USN-82-1 - NOTE: micah checking with kernel team + NOTE: <joshk> i don''t know anything about the tty layer...but i can tell that this is just trying to prevent a possible race + NOTE: <joshk> i''m going to have to run this by alan cox + TODO: Re-check with kernel team later about 2.4.27 + - kernel-source-2.6.8 2.6.8-14 + - kernel-source-2.6.9 2.6.9-6 + - kernel-source-2.6.10 2.6.10-6 CAN-2005-0177 (nls_ascii.c in Linux before 2.6.8.1 uses an incorrect table size, ...) + NOTE: According to joshk, doesn''t apply to 2.4.27 NOTE: see USN-82-1 - NOTE: micah checking with kernel team + - kernel-source-2.6.8 2.6.8-14 + - kernel-source-2.6.9 2.6.9-6 + - kernel-source-2.6.10 2.6.10-6 CAN-2005-0176 (The shmctl function in Linux before 2.6.8.1 allows local users to ...) NOTE: see USN-82-1 - NOTE: micah checking with kernel team + NOTE: only affects 2.6.9 + - kernel-source-2.6.9 2.6.9-6 CAN-2004-1392 (PHP 4.0 with cURL functions allows remote attackers to bypass the ...) - php4 4:4.3.10-3 CAN-2004-1391 (Untrusted execution path vulnerability in the PPPoE daemon (PPPoEd) in ...) @@ -1537,7 +1546,8 @@ NOTE: Fixed in upstream 2.6.10 - kernel-source-2.6.8 2.6.8-11 - kernel-source-2.6.9 2.6.9-4 - NOTE: micah checking with kernel team, what about 2.4? + - kernel-source-2.4.27 2.4.27-9 + NOTE: will be fixed in 2.4.27-9 CAN-2004-1332 (Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with ...) NOTE: not-for-us (hpux) CAN-2004-1331 (The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows ...)