Your message dated Sat, 26 Mar 2005 01:47:47 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#296905: fixed in kernel-source-2.4.27 2.4.27-9
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 25 Feb 2005 14:16:59 +0000
>From [EMAIL PROTECTED] Fri Feb 25 06:16:59 2005
Return-path: <[EMAIL PROTECTED]>
Received: from mail-out.m-online.net [212.18.0.9]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1D4gH5-0003Oc-00; Fri, 25 Feb 2005 06:16:59 -0800
Received: from mail.m-online.net (svr20.m-online.net [192.168.3.148])
by mail-out.m-online.net (Postfix) with ESMTP id 2E53C5BA2
for <[EMAIL PROTECTED]>; Fri, 25 Feb 2005 15:16:58 +0100 (CET)
Received: from k.local (ppp-82-135-14-157.mnet-online.de [82.135.14.157])
by mail.m-online.net (Postfix) with ESMTP id 1D8B256E77
for <[EMAIL PROTECTED]>; Fri, 25 Feb 2005 15:16:58 +0100 (CET)
Received: from stf by k.local with local (Exim 4.44)
id 1D4gH4-0005ay-8m
for [EMAIL PROTECTED]; Fri, 25 Feb 2005 15:16:58 +0100
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Stefan Fritsch <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: CAN-2005-0531: Buffer overflow in atm_get_addr
X-Mailer: reportbug 3.8
Date: Fri, 25 Feb 2005 15:16:58 +0100
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: kernel-source-2.6.8
Version: 2.6.8-13
Severity: critical
Tags: security
Justification: root security hole
Cite:
"The atm_get_addr function in addr.c for Linux kernel 2.6.10 and 2.6.11 before
2.6.11-rc4
may allow local users to trigger a buffer overflow via negative arguments."
The offending code is also in 2.6.8 and 2.4.27.
Fix:
http://linux.bkbits.net:8080/linux-2.6/[EMAIL PROTECTED]
Advisory:
http://marc.theaimsgroup.com/?l=full-disclosure&m=110846727602817&w=2
Please fix also 2.6.9 and 2.6.10
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
---------------------------------------
Received: (at 296905-close) by bugs.debian.org; 26 Mar 2005 06:54:03 +0000
>From [EMAIL PROTECTED] Fri Mar 25 22:54:03 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DF5BK-0002cz-00; Fri, 25 Mar 2005 22:54:02 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1DF55H-0002FW-00; Sat, 26 Mar 2005 01:47:47 -0500
From: Simon Horman <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#296905: fixed in kernel-source-2.4.27 2.4.27-9
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Sat, 26 Mar 2005 01:47:47 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
X-CrossAssassin-Score: 3
Source: kernel-source-2.4.27
Source-Version: 2.4.27-9
We believe that the bug you reported is fixed in the latest version of
kernel-source-2.4.27, which is due to be installed in the Debian FTP archive:
kernel-doc-2.4.27_2.4.27-9_all.deb
to pool/main/k/kernel-source-2.4.27/kernel-doc-2.4.27_2.4.27-9_all.deb
kernel-patch-debian-2.4.27_2.4.27-9_all.deb
to
pool/main/k/kernel-source-2.4.27/kernel-patch-debian-2.4.27_2.4.27-9_all.deb
kernel-source-2.4.27_2.4.27-9.diff.gz
to pool/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-9.diff.gz
kernel-source-2.4.27_2.4.27-9.dsc
to pool/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-9.dsc
kernel-source-2.4.27_2.4.27-9_all.deb
to pool/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-9_all.deb
kernel-tree-2.4.27_2.4.27-9_all.deb
to pool/main/k/kernel-source-2.4.27/kernel-tree-2.4.27_2.4.27-9_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Simon Horman <[EMAIL PROTECTED]> (supplier of updated kernel-source-2.4.27
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 25 Mar 2005 10:42:50 +0900
Source: kernel-source-2.4.27
Binary: kernel-tree-2.4.27 kernel-source-2.4.27 kernel-patch-debian-2.4.27
kernel-doc-2.4.27
Architecture: source all
Version: 2.4.27-9
Distribution: unstable
Urgency: low
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Simon Horman <[EMAIL PROTECTED]>
Description:
kernel-doc-2.4.27 - Linux kernel specific documentation for version 2.4.27
kernel-patch-debian-2.4.27 - Debian patches to Linux 2.4.27
kernel-source-2.4.27 - Linux kernel source for version 2.4.27 with Debian
patches
kernel-tree-2.4.27 - Linux kernel source tree for building Debian kernel images
Closes: 291536 296639 296700 296905
Changes:
kernel-source-2.4.27 (2.4.27-9) unstable; urgency=low
.
* There was a stray file in 2.4.27-8. Don't include it this time.
(Simon Horman) (closes: Bug#291536)
.
* Updated kernel-tree description from Martin F Krafft
(Simon Horman)
.
* Updated apply script so it can handle point versions
(Simon Horman)
.
* 134_skb_reset_ip_summed.diff: [CAN-2005-0209] resolve checksumming
exploit in fragmented packet forwarding (Joshua Kwan)
.
* 135_fix_ip_options_leak.diff: [CAN-2004-1335] fix leak of IP options
data. (Joshua Kwan)
.
* 136_vc_resizing_overflow.diff: [CAN-2004-1333] make sure VC resizing
fits in 16 bits. (Joshua Kwan)
.
* 137_io_edgeport_overflow.diff: [CAN-2004-1017] fix buffer overflow
(underflow, really) that opens multiple attack vectors. (Joshua Kwan)
.
* 138_amd64_syscall_vuln.diff: [CAN-2004-1144] fix the "int 0x80 hole"
that allowed overflow of the system call table. (Joshua Kwan)
.
* 139_sparc_context_switch.diff: fix FPU context switching dirtiness on
sparc32 SMP. (Joshua Kwan)
.
* 140_VM_IO.diff: [CAN-2004-1057] fix possible DoS from accessing freed
kernel pages by flagging VM_IO where necessary.
.
* 141_acpi_noirq.patch:
[ACPI] Enhanced PCI probe, CONFIG_HPET_TIMER build warning fix
(Simon Horman)
.
* 142_acpi_skip_timer_override-1.diff, 142_acpi_skip_timer_override-2.diff,
142_acpi_skip_timer_override-3.diff, 142_acpi_skip_timer_override-4.diff:
[ACPI] skip_timer_override including early PCI bridge detection.
(closes: #296639) (Simon Horman)
.
* 121_drm-locking-checks-3.diff: LOCK_TEST_WITH_RETURN build cleanup
(Simon Horman)
.
* 143_outs.diff:
[SECURITY]: AMD64, allows local users to write to privileged
IO ports via OUTS instruction (CAN-2005-0204) (Simon Horman)
(closes: #296700)
.
* 144_sparc64-sb1500-clock-2.4.diff by David Miller: enable recognition
of the clock chip on SunBlade 1500, it won't boot otherwise.
(Jurij Smakov).
.
* 145_insert_vm_struct-no-BUG.patch:
[SECURITY] make insert_vm_struct return an error rather than BUG().
See CAN-2005-0003. (dann frazier)
.
* 146_ip6_copy_metadata_leak.diff 147_ip_copy_metadata_leak.diff:
[SECURITY] Do not leak dst entries in ip_copy_metadata()
See CAN-2005-0210. (Simon Horman)
.
* 148_ip_evitor_smp_loop.diff:
Fix theoretical loop on SMP in ip_evictor().
(Simon Horman, Andres Salomon)
.
* 149_fragment_queue_flush.diff:
Flush fragment queue on conntrack unload. (Simon Horman, Andres Salomon)
.
* *** ABI Change! Notify D-I team or delay for future release
*** Omitted from release
*** 150_private_fragment_queues-1.diff, 150_private_fragment_queues-2.diff:
*** Keep fragment queues private to each user. See CAN-2005-0449 and
*** http://oss.sgi.com/archives/netdev/2005-01/msg01048.html
*** (Simon Horman, Andres Salomon)
.
* 151_atm_get_addr_signedness_fix.diff:
[SECURITY] Fix ATM copy-to-user usage. See: CAN-2005-0531.
See: http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html
(closes: #296905) (Simon Horman)
.
* 153_ppp_async_dos.diff:
[SECURITY] remote Linux DoS on ppp servers. See: CAN-2005-0384
(Simon Horman)
.
* 111-smb-client-overflow-fix-2.diff, 111-smb-client-overflow-fix-1.diff:
[SECURITY] The above patches, included in 2.4.27-6 resolve:
local information leak caused by race in SMP systems with
more than 4GB of memory. remote information leak cansed by
handling of TRANS2 packets handling in smbfs. See CAN-2004-1191.
(see: #300163) (Simon Horman)
.
* 154_cmsg_compat_signedness_fix.diff:
Fix CMSG32_OK macros. (Dann Frazier, Simon Horman)
Files:
c1b495a855629746033b7672ca5a9415 886 devel optional
kernel-source-2.4.27_2.4.27-9.dsc
9cc9dbdfe3f53e4c45c331ea303de95d 678025 devel optional
kernel-source-2.4.27_2.4.27-9.diff.gz
d258368f37be562ec6f373c7a7a1f767 614256 devel optional
kernel-patch-debian-2.4.27_2.4.27-9_all.deb
5ab1e1bf82d64c245283466f81731701 3575462 doc optional
kernel-doc-2.4.27_2.4.27-9_all.deb
88a703faebb4e68fef18da39865dd42b 31019488 devel optional
kernel-source-2.4.27_2.4.27-9_all.deb
d282f3ac6f6d5b98a74415bc355b82e6 22754 devel optional
kernel-tree-2.4.27_2.4.27-9_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCQ3fvdu+M6Iexz7URAqDlAJ9wbMFNFWUJi+Wh0RLR1RecI3MmQACgu/XD
R+PXjmy/ZXFfp3lZ61QsURM=
=vIso
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
