Author: micah Date: 2005-10-24 17:09:18 +0000 (Mon, 24 Oct 2005) New Revision: 2558 Modified: data/CVE/list Log: Updated kernel CVEs Modified: data/CVE/list ==================================================================--- data/CVE/list 2005-10-24 15:34:14 UTC (rev 2557) +++ data/CVE/list 2005-10-24 17:09:18 UTC (rev 2558) @@ -59,16 +59,24 @@ NOTE: see http://www.apsis.ch/pound/pound_list/archive/2005/2005-10/1129827166000/index_html?fullMode=1#1129827166000 CVE-2005-3276 (The sys_get_thread_area function in process.c in Linux 2.6 before ...) - linux-2.6 2.6.12-2 + - kernel-source-2.6.8 2.6.8-16sarge1 CVE-2005-3275 (The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c in ...) - linux-2.6 2.6.13-1 + - kernel-source-2.6.8 2.6.8-16sarge1 + - kernel-source-2.4.27 2.4.27-10sarge1 CVE-2005-3274 (Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 ...) - linux-2.6 2.6.13-1 + - kernel-source-2.6.8 2.6.8-16sarge1 + - kernel-source-2.4.27 2.4.27-10sarge1 CVE-2005-3273 (The rose_rt_ioctl function in rose_route.c for ROSE in Linux 2.6 ...) - linux-2.6 2.6.12-1 + - kernel-source-2.6.8 2.6.8-16sarge1 CVE-2005-3272 (Linux kernel before 2.6.12 allows remote attackers to poison the ...) - linux-2.6 2.6.12-1 + - kernel-source-2.6.8 2.6.8-16sarge1 CVE-2005-3271 (Exec in Linux kernel 2.6 does not properly clear posix-timers in ...) - linux-2.6 <not-affected> (Fixed before linux-2.6 was introduced) + - kernel-source-2.6.8 2.6.8-16sarge1 CVE-2005-3270 (Untrusted search path vulnerability in DiskMountNotify for Symantec ...) NOT-FOR-US: Symantec Antivirus CVE-2005-3269 (Unspecified "security exposure" in the HTTP Admin interface for Sun ...) @@ -1506,8 +1514,9 @@ {DSA-793-1} - courier 0.47-8 (medium; bug #325631) CVE-2005-2801 (xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6 ...) - - kernel-source-2.4.27 2.4.27-11 (medium) - TODO: check what version of linux-2.6 fixed this. (See bug #328395) + - kernel-source-2.6.8 2.6.8-16sarge1 (medium) + - kernel-source-2.4.27 2.4.27-10sarge1 + NOTE: this was fixed upstream in 2.6.11 (See bug #328395) NOTE: http://lists.debian.org/debian-kernel/2005/08/msg00238.html CVE-2005-2873 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel 2.6.12 and ...) - kernel-source-2.4.27 <unfixed> (bug #332228; low) @@ -2242,7 +2251,7 @@ CVE-2005-2554 (The web server for Network Associates ePolicy Orchestrator Agent 3.5.0 ...) NOT-FOR-US: Network Associated ePolicy Orchestrator Agent CVE-2005-2553 (The find_target function in ptrace32.c in the Linux kernel 2.4.x ...) - - kernel-source-2.4.27 2.4.27-10sarge2 (bug #323363; medium) + - kernel-source-2.4.27 2.4.27-10sarge1 (bug #323363; medium) - kernel-source-2.4.27 2.4.27-12 (medium) CVE-2005-2552 (Unknown vulnerability in HP ProLiant DL585 servers running Integrated ...) NOT-FOR-US: Integrated Light Out in HP servers