Author: jmm-guest Date: 2005-05-03 22:13:18 +0000 (Tue, 03 May 2005) New Revision: 973 Modified: sarge-checks/CAN/list Log: bugnums for kernel DoS issues. I don''t think the Postgres salt issue is a real problem, if anyone disgrees please file a bug. Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-05-03 21:44:38 UTC (rev 972) +++ sarge-checks/CAN/list 2005-05-03 22:13:18 UTC (rev 973) @@ -58,9 +58,9 @@ CAN-2005-1370 (Unknown vulnerability in Radia Management Agent (RMA) in HP OpenView ...) NOTE: not-for-us (HO OpenView) CAN-2005-1369 (The (1) it87 and (2) via686a drivers in I2C for Linux 2.6.x before ...) - - kernel-source-2.6.8 (unfixed; bug filed) + - kernel-source-2.6.8 (unfixed; bug #307552) CAN-2005-1368 (The key_user_lookup function in security/keys/key.c in Linux kernel ...) - - kernel-source-2.6.8 (unfixed; bug filed) + - kernel-source-2.6.8 (unfixed; bug #307553) CAN-2005-1367 NOTE: reserved CAN-2005-1366 @@ -401,7 +401,9 @@ CAN-2005-1205 NOTE: reserved CAN-2002-1657 (PostgreSQL uses the username for a salt when generating passwords, ...) - TODO: check + NOTE: This is not a real world problem; it''s only applicable in rare circurstances + NOTE: like someone analysing stolen user database information and even then the gain + NOTE: is slim. In that case SHA256 hashes would be more appropriate anyway. CAN-2005-XXXX [libpam-ssh: Inproper caching of pwd data with potential security implications] - libpam-ssh 1.91.0-9 CAN-2005-1204 (Desktop Rover 3.0, and possibly earlier versions, allows remote ...)