Re: drafting a DSA for 2.6.8
Hey,
Horms wrote:
> On Fri, Oct 07, 2005 at 12:21:38AM -0600, dann frazier wrote:
>
>>In order to hopefully help kickstart the security update process, I've
>>drafted some DSA text for our sarge/2.6.8 kernels (attached). Thanks to
>>Micah, we have CAN IDs assigned for a number of things we just had
>>marked as security. I tried to map all of the patches to CANs, but
I have approximately 11 more of these pending, I just need help drafting
the text and finding reference URIs, ping me on IRC if you are available
to help.
>>these are the ones remaining. Does anyone know if there is a CAN ID for
>>any of the following?
>>
>>arch-ia64-ptrace-getregs-putregs.dpatch
Need description and URI for CVE
>>arch-x86_64-kernel-smp-boot-race.dpatch
Horms and I discussed this and decided it was *not* a reasonable
security problem as it requires you to be at the machine rebooting it,
which means you've got root already
>>fs-exec-posix-timers-leak-1.dpatch
>>fs-exec-posix-timers-leak-2.dpatch
Need description and URI to submit for CVE
>>net-bridge-forwarding-poison-1.dpatch
>>net-bridge-forwarding-poison-2.dpatch
Need description and URIs to submit for CVE (note: I've only got
poison-2 listed)
>>net-bridge-mangle-oops-1.dpatch
>>net-bridge-mangle-oops-2.dpatch
According to the 2.6.8-16sarge1 changelog:
Excluded from security-only release
* net-bridge-mangle-oops-1.dpatch, net-bridge-mangle-oops-2.dpatch
Fix oops when mangling and brouting and tcpdumping packets
Needed for net-bridge-forwarding-poison-1.dpatch
This meant to me that this is not a security patch and I was not
tracking this, has this changed?
>>net-bridge-netfilter-etables-smp-race.dpatch
>
>
> CAN-2005-3110 ?
Yes, CAN-2005-3110 fixed in 2.6.8-16sarge1
>>net-ipv4-ipvs-conn_tab-race.dpatch
Need description and URIs to submit for CVE
>>net-netlink-autobind-return.dpatch
This one is not in any changelog or in any of my notes, however it is in
svn:
./releases/kernel/source/kernel-source-2.6.8-2.6.8/2.6.8-16sarge1/debian/patches/net-netlink-autobind-return.dpatch
./dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/net-netlink-autobind-return.dpatch
./dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/net-netlink-autobind-return.dpatch
I do see in 2.6.8-16sarge1 the following patch that is similar, but I
dont think its the same:
* asm-i386-mem-clobber.dpatch:
Make sure netlink_autobind() propagates the error return from
netlink_insert(). Otherwise, callers will not see the error as they
should and thus try to operate on a socket with a zero pid, which is
very bad.
I wanted to get a CVE for this, but wasn't certain if it was a security
problem?
>>net-rose-ndigis-verify.dpatch
Need description and URIs to submit for CVE
>>netfilter-NAT-memory-corruption.dpatch
Need description and URIs to submit for CVE
>>netfilter-ip_conntrack_untracked-refcount.dpatch
Need description and URIs to submit for CVE
>>ppc32-time_offset-misuse.dpatch
Need description and URIs to submit for CVE
>>sound-usb-usbaudio-unplug-oops.dpatch
Need description and URIs to submit for CVE
>>sys_get_thread_area-leak.dpatch
Need description and URIs to submit for CVE
Others that we need CVEs for:
dannf: CONFIG_PREEMPT on ia64
* fs_ext2_ext3_xattr-sharing.dpatch
[Security] Xattr sharing bug
See http://lists.debian.org/debian-kernel/2005/08/msg00238.html
Thats it...
Reply to: