[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: drafting a DSA for 2.6.8

Hey,

Horms wrote:
> On Fri, Oct 07, 2005 at 12:21:38AM -0600, dann frazier wrote:
> 
>>In order to hopefully help kickstart the security update process, I've
>>drafted some DSA text for our sarge/2.6.8 kernels (attached).  Thanks to
>>Micah, we have CAN IDs assigned for a number of things we just had
>>marked as security.  I tried to map all of the patches to CANs, but

I have approximately 11 more of these pending, I just need help drafting
the text and finding reference URIs, ping me on IRC if you are available
to help.

>>these are the ones remaining.  Does anyone know if there is a CAN ID for
>>any of the following?
>>
>>arch-ia64-ptrace-getregs-putregs.dpatch
Need description and URI for CVE

>>arch-x86_64-kernel-smp-boot-race.dpatch
Horms and I discussed this and decided it was *not* a reasonable
security problem as it requires you to be at the machine rebooting it,
which means you've got root already

>>fs-exec-posix-timers-leak-1.dpatch
>>fs-exec-posix-timers-leak-2.dpatch
Need description and URI to submit for CVE

>>net-bridge-forwarding-poison-1.dpatch
>>net-bridge-forwarding-poison-2.dpatch
Need description and URIs to submit for CVE (note: I've only got
poison-2 listed)

>>net-bridge-mangle-oops-1.dpatch
>>net-bridge-mangle-oops-2.dpatch
According to the 2.6.8-16sarge1 changelog:
  Excluded from security-only release
  * net-bridge-mangle-oops-1.dpatch, net-bridge-mangle-oops-2.dpatch
    Fix oops when mangling and brouting and tcpdumping packets
    Needed for net-bridge-forwarding-poison-1.dpatch

This meant to me that this is not a security patch and I was not
tracking this, has this changed?

>>net-bridge-netfilter-etables-smp-race.dpatch
> 
> 
> CAN-2005-3110 ?
Yes, CAN-2005-3110 fixed in 2.6.8-16sarge1

>>net-ipv4-ipvs-conn_tab-race.dpatch
Need description and URIs to submit for CVE

>>net-netlink-autobind-return.dpatch
This one is not in any changelog or in any of my notes, however it is in
svn:
./releases/kernel/source/kernel-source-2.6.8-2.6.8/2.6.8-16sarge1/debian/patches/net-netlink-autobind-return.dpatch
./dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/net-netlink-autobind-return.dpatch
./dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/net-netlink-autobind-return.dpatch

I do see in 2.6.8-16sarge1 the following patch that is similar, but I
dont think its the same:
  * asm-i386-mem-clobber.dpatch:
    Make sure netlink_autobind() propagates the error return from
    netlink_insert().  Otherwise, callers will not see the error as they
    should and thus try to operate on a socket with a zero pid, which is
    very bad.

I wanted to get a CVE for this, but wasn't certain if it was a security
problem?

>>net-rose-ndigis-verify.dpatch
Need description and URIs to submit for CVE

>>netfilter-NAT-memory-corruption.dpatch
Need description and URIs to submit for CVE

>>netfilter-ip_conntrack_untracked-refcount.dpatch
Need description and URIs to submit for CVE

>>ppc32-time_offset-misuse.dpatch
Need description and URIs to submit for CVE

>>sound-usb-usbaudio-unplug-oops.dpatch
Need description and URIs to submit for CVE

>>sys_get_thread_area-leak.dpatch
Need description and URIs to submit for CVE

Others that we need CVEs for:
dannf: CONFIG_PREEMPT on ia64

* fs_ext2_ext3_xattr-sharing.dpatch
    [Security] Xattr sharing bug
    See http://lists.debian.org/debian-kernel/2005/08/msg00238.html

Thats it...
Reply to: