Re: 2.4 kernels

To: debian-kernel@lists.debian.org
Subject: Re: 2.4 kernels
From: "Francesco P. Lovergine" <frankie@debian.org>
Date: Wed, 7 Jul 2004 15:17:37 +0200
Message-id: <[🔎] 20040707131737.GA17016@ba.issia.cnr.it>
Mail-followup-to: debian-kernel@lists.debian.org
In-reply-to: <[🔎] 20040707102948.GE21066@holomorphy.com>
References: <[🔎] 20040706232649.GA4482@deprecation.cyrius.com> <[🔎] 20040707024405.GA11396@verge.net.au> <[🔎] 20040707102948.GE21066@holomorphy.com>

On Wed, Jul 07, 2004 at 03:29:48AM -0700, William Lee Irwin III wrote:
> On Wed, Jul 07, 2004 at 11:44:06AM +0900, Horms wrote:
> > What needs to be done?
> 
> Basically, update cvs to the current 2.4 in order to get security fixes
> from newer mainline 2.4, and send out packages.
> 

Just a comment: there's not a single CVE# reference in the changelog for the
whole year 2004. That's a bad habit, because it causes nightmare when 
security patches need to be verified. What follows are issues to be
checked for 2.4.26 and 2.6.7, AFAIK.

* CAN-2004-0133: The XFS file system in 2.4 series kernels has an
   information leak by which data in the memory can be written to the
   device hosting the file system, allowing users to obtain portions of
   kernel memory by reading the raw block device.

* CAN-2004-0181: The JFS file system in 2.4 series kernels has an
   information leak by which data in the memory can be written to the
   device hosting the file system, allowing users to obtain portions of
   kernel memory by reading the raw device.

* CAN-2004-0228: Due to an integer signedness error in the CPUFreq
   /proc handler code in 2.6 series Linux kernels, local users can
   escalate their privileges.

* CAN-2004-0229: The framebuffer driver in 2.6 series kernel drivers
   does not use the fb_copy_cmap method of copying structures. The
   impact of this issue is unknown, however.

* CAN-2004-0394: A buffer overflow in the panic() function of 2.4
   series Linux kernels exists, but it may not be exploitable under
   normal circumstances due to its functionality.

* CAN-2004-0427: The do_fork() function in both 2.4 and 2.6 series
   Linux kernels does not properly decrement the mm_count counter when
   an error occurs, triggering a memory leak that allows local users to
   cause a Denial of Service by exhausting other applications of memory;
   causing the kernel to panic or to kill services.

* CAN-2004-0495: Multiple vulnerabilities found by the Sparse source
   checker in the kernel allow local users to escalate their privileges
   or gain access to kernel memory.

* CAN-2004-0535: The e1000 NIC driver does not properly initialize
   memory structures before using them, allowing users to read kernel
   memory.

* CAN-2004-0554: 2.4 and 2.6 series kernels running on an x86 or an
   AMD64 architecture allow local users to cause a Denial of Service by
   a total system hang, due to an infinite loop that triggers a signal
   handler with a certain sequence of fsave and frstor instructions.

-- 
Francesco P. Lovergine

Reply to:

Follow-Ups:
- Re: 2.4 kernels
  - From: Horms <horms@debian.org>

References:
- 2.4 kernels
  - From: Martin Michlmayr <tbm@cyrius.com>
- Re: 2.4 kernels
  - From: Horms <horms@verge.net.au>
- Re: 2.4 kernels
  - From: William Lee Irwin III <wli@holomorphy.com>

Prev by Date: Bug#258061: kernel-source-2.6.7: ACPI initialization hangs on Compaq Presario 2100
Next by Date: Re: preparations for 2.6.7-3
Previous by thread: Re: 2.4 kernels
Next by thread: Re: 2.4 kernels
Index(es):
- Date
- Thread