Secure testing commits - Jul 2005 - r1488 - data/CAN

Author: micah
Date: 2005-07-29 17:55:27 +0000 (Fri, 29 Jul 2005)
New Revision: 1488

Modified:
   data/CAN/list
Log:
Updated some kernel information


Modified: data/CAN/list
==================================================================---
data/CAN/list	2005-07-29 17:00:49 UTC (rev 1487)
+++ data/CAN/list	2005-07-29 17:55:27 UTC (rev 1488)
@@ -2420,11 +2420,13 @@
 	- kernel-source-2.6.8 2.6.8-16sarge1
 	- linux-2.6 2.6.12-1 (medium)
 	NOTE: Fixed in the 2.6.11 stable series and merged into 2.6.12
+	NOTE: 2.6 only, not in 2.4
 CAN-2005-1764 [Unspecified DoS vulnerability on amd64]
+	NOTE: horms says not vulnerable in 2.4.27 or 2.6.8 as far as he can tell
 	NOTE: reserved
-	- kernel-source-2.6.8 (unfixed; unknown)
 CAN-2005-1763 (Buffer overflow in ptrace in the Linux Kernel for 64-bit
architectures ...)
-	- kernel-source-2.6.8 (unfixed; unknown)
+	- kernel-source-2.6.8 2.6.8-17
+	- kernel-source-2.6.8 2.6.8-16sarge1
 CAN-2005-1762 (The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the
AMD64 ...)
 	- linux-2.6 2.6.12-1 (medium)
 	NOTE: Fixed in the 2.6.11 stable series and merged into 2.6.12
@@ -2432,12 +2434,11 @@
 	- kernel-source-2.6.8 2.6.8-16sarge1
 	- kernel-source-2.4.27 2.4.27-11
 CAN-2005-1761 [Kernel changelog for 2.6.12.1: ia64 ptrace + sigrestore_context]
-	NOTE: reserved
 	- linux-2.6 2.6.12-1 (medium)
 	- kernel-source-2.6.11 2.6.11-6 (normal)
 	- kernel-source-2.6.8 2.6.8-17
 	- kernel-source-2.6.8 2.6.8-16sarge1
-	- kernel-source-2.4.27 2.4.27-11
+	- kernel-source-2.4.27 (unfixed; low)
 CAN-2005-1760 (sysreport 1.3.15 and earlier includes contents of the up2date
file in ...)
 	NOTE: not-for-us (sysreport)
 CAN-2005-1759 (Race condition in shtool 2.0.1 and earlier allows local users to
...)
@@ -5871,9 +5872,11 @@
 CAN-2005-0757 (The xattr file system code, as backported in Red Hat Enterprise
Linux ...)
 	- kernel-source-2.4.27 2.4.27-11
 	- kernel-source-2.6.8 2.6.8-17
+	- kernel-source-2.6.8 2.6.8-16sarge1
 CAN-2005-0756 (ptrace 2.6.8.1 does not properly verify addresses on the amd64
...)
 	- kernel-source.2.4.27 2.4.27-11 (medium)
 	- kernel-source-2.6.8 2.6.8-17 (medium)
+	- kernel-source-2.6.8 2.6.8-16sarge1 (medium)
 	- kernel-source-2.6.11 2.6.11-7 (medium)
 CAN-2005-0755 (Heap-based buffer overflow in RealPlayer 10 and earlier, Helix
Player ...)
 	- helix-player 1.0.4-1