Bug#299865: marked as done (CAN-2005-0736: Boundary condition error in sys_epoll_wait)
Your message dated Thu, 17 Mar 2005 12:02:03 +0100
with message-id <200503171202.04172.sfritsch@ph.tum.de>
and subject line vulnerabilites fixed in kernel-source-2.6.8 (2.6.8-14)
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 17 Mar 2005 00:32:02 +0000
>From geoffc@strategicdata.com.au Wed Mar 16 16:32:01 2005
Return-path: <geoffc@strategicdata.com.au>
Received: from sdcarl02.strategicdata.com.au (sd01.mel.strategicdata.com.au) [203.214.67.82]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DBivh-0003Lw-00; Wed, 16 Mar 2005 16:32:01 -0800
Received: from sd01 (localhost [127.0.0.1])
by mail-int.strategicdata.com.au (Postfix) with ESMTP id 7B058C000D65
for <submit@bugs.debian.org>; Thu, 17 Mar 2005 11:31:58 +1100 (EST)
Received:
from sd01.mel.strategicdata.com.au (localhost [])
by localhost ([127.0.0.1]);
Thu, 17 Mar 2005 00:31:58 +0000
Received: from carthanach.mel.strategicdata.com.au (carthanach.mel.strategicdata.com.au [192.168.1.99])
by sd01.mel.strategicdata.com.au (Postfix) with SMTP id 4EE43C000D65
for <submit@bugs.debian.org>; Thu, 17 Mar 2005 11:31:58 +1100 (EST)
Received: by carthanach.mel.strategicdata.com.au (sSMTP sendmail emulation); Thu, 17 Mar 2005 11:31:58 +1100
From: "Geoff Crompton" <geoffc@strategicdata.com.au>
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CAN-2005-0736: Boundary condition error in sys_epoll_wait
X-Mailer: reportbug 3.8
Date: Thu, 17 Mar 2005 11:31:58 +1100
Message-Id: <[🔎] 20050317003158.4EE43C000D65@sd01.mel.strategicdata.com.au>
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: kernel-source-2.6.8
Version: 2.6.8-13
Severity: critical
Justification: root security hole
There is a local integer overflow vulnerability in the sys_epoll_wait()
call. See following for detail:
http://www.securityfocus.com/bid/12763/
Apologies if already reported.
---------------------------------------
Received: (at 299865-done) by bugs.debian.org; 17 Mar 2005 11:02:41 +0000
>From sfritsch@ph.tum.de Thu Mar 17 03:02:41 2005
Return-path: <sfritsch@ph.tum.de>
Received: from neo.t30.physik.tu-muenchen.de [129.187.137.8]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DBslz-00012r-00; Thu, 17 Mar 2005 03:02:39 -0800
Received: from neo.t30.physik.tu-muenchen.de ([129.187.137.8] helo=localhost)
by neo.t30.physik.tu-muenchen.de with esmtp (Exim 3.35 #1 (Debian))
id 1DBslR-0004Ww-00; Thu, 17 Mar 2005 12:02:05 +0100
From: Stefan Fritsch <sfritsch@ph.tum.de>
To: Andres Salomon <dilinger@voxel.net>
Subject: vulnerabilites fixed in kernel-source-2.6.8 (2.6.8-14)
Date: Thu, 17 Mar 2005 12:02:03 +0100
User-Agent: KMail/1.7.2
Cc: 299865-done@bugs.debian.org,
296900-done@bugs.debian.org,
296901-done@bugs.debian.org,
296897-done@bugs.debian.org,
296899-done@bugs.debian.org
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200503171202.04172.sfritsch@ph.tum.de>
Delivered-To: 299865-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-2.5 required=4.0 tests=BAYES_00,SUSPICIOUS_RECIPS
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
X-CrossAssassin-Score: 5
Hi!
Some of the fixes in 2.6.8-14 are missing CAN- and bug numbers. Maybe
you can add the CAN-numbers to the changelog?
Cheers,
Stefan
==============================
* 2.6.11.2 [SECURITY] epoll: return proper error on overflow
condition
(Maximilian Attems)
#299865: CAN-2005-0736: Boundary condition error in sys_epoll_wait
* [SECURITY] 115-proc_file_read_nbytes_signedness_fix.dpatch
Heap overflow fix in /proc; WDYBTGT3-1 on
http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html
No CAN# assigned yet, afaik (Andres Salomon).
#296900: CAN-2005-0529: Buffer overflow in proc_file_read
* [SECURITY] 116-n_tty_copy_from_read_buf_signedness_fixes.dpatch
copy_from_read_buf() fix; WDYBTGT3-2 on
http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html
No CAN#, yet (Andres Salomon).
#296901: CAN-2005-0530: information disclosure because of signedness
error in copy_from_read_buf
* [SECURITY] 117-reiserfs_file_64bit_size_t_fixes.dpatch
reiserfs integer fixes; WDYBTGT3-4 on
http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html
(Andres Salomon).
#296897: CAN-2005-0532: Buffer overflow in reiserfs_copy_from_user...
on 64bit arches
* [SECURITY] 123-atm_get_addr_signedness_fix.dpatch
Fix atm_get_addr()'s usage of its size arg, by making it
unsigned. WDYBTGT3-3 on
http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html
(Andres Salomon).
#296899: CAN-2005-0531: Buffer overflow in atm_get_addr
Reply to: