Your message dated Thu, 17 Mar 2005 12:02:03 +0100
with message-id <[EMAIL PROTECTED]>
and subject line vulnerabilites fixed in kernel-source-2.6.8 (2.6.8-14)
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 25 Feb 2005 14:06:01 +0000
>From [EMAIL PROTECTED] Fri Feb 25 06:06:01 2005
Return-path: <[EMAIL PROTECTED]>
Received: from mail-out.m-online.net [212.18.0.9]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1D4g6T-0001cw-00; Fri, 25 Feb 2005 06:06:01 -0800
Received: from mail.m-online.net (svr20.m-online.net [192.168.3.148])
by mail-out.m-online.net (Postfix) with ESMTP id B6F315A0D
for <[EMAIL PROTECTED]>; Fri, 25 Feb 2005 15:05:59 +0100 (CET)
Received: from k.local (ppp-82-135-14-157.mnet-online.de [82.135.14.157])
by mail.m-online.net (Postfix) with ESMTP id A277456E6A
for <[EMAIL PROTECTED]>; Fri, 25 Feb 2005 15:05:59 +0100 (CET)
Received: from stf by k.local with local (Exim 4.44)
id 1D4g6Q-0005ZB-JR
for [EMAIL PROTECTED]; Fri, 25 Feb 2005 15:05:58 +0100
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Stefan Fritsch <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: CAN-2005-0532: Buffer overflow in reiserfs_copy_from_user... on 64bit
arches
X-Mailer: reportbug 3.8
Date: Fri, 25 Feb 2005 15:05:58 +0100
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: kernel-source-2.6.8
Version: 2.6.8-13
Severity: critical
Tags: security
Justification: root security hole
Cite:
"The reiserfs_copy_from_user_to_file_region function in reiserfs/file.c for
Linux kernel
2.6.10 and 2.6.11 before 2.6.11-rc4, when running on 64-bit architectures, may
allow local
users to trigger a buffer overflow as a result of casting discrepancies between
size_t and
int data types."
The offending code is also in 2.6.8. A fix is at
http://linux.bkbits.net:8080/linux-2.6/[EMAIL PROTECTED]
The original advisory is at
http://marc.theaimsgroup.com/?l=full-disclosure&m=110846727602817&w=2
Please fix 2.6.9 and 2.6.10 as well. I have also looked at 2.4.27 but couldn't
find any
similar code.
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Versions of packages kernel-source-2.6.8 depends on:
ii binutils 2.15-5 The GNU assembler, linker and bina
ii bzip2 1.0.2-5 high-quality block-sorting file co
ii coreutils [fileutils] 5.2.1-2 The GNU core utilities
ii fileutils 5.2.1-2 The GNU file management utilities
-- no debconf information
---------------------------------------
Received: (at 296897-done) by bugs.debian.org; 17 Mar 2005 11:02:40 +0000
>From [EMAIL PROTECTED] Thu Mar 17 03:02:40 2005
Return-path: <[EMAIL PROTECTED]>
Received: from neo.t30.physik.tu-muenchen.de [129.187.137.8]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DBslz-00012r-00; Thu, 17 Mar 2005 03:02:39 -0800
Received: from neo.t30.physik.tu-muenchen.de ([129.187.137.8] helo=localhost)
by neo.t30.physik.tu-muenchen.de with esmtp (Exim 3.35 #1 (Debian))
id 1DBslR-0004Ww-00; Thu, 17 Mar 2005 12:02:05 +0100
From: Stefan Fritsch <[EMAIL PROTECTED]>
To: Andres Salomon <[EMAIL PROTECTED]>
Subject: vulnerabilites fixed in kernel-source-2.6.8 (2.6.8-14)
Date: Thu, 17 Mar 2005 12:02:03 +0100
User-Agent: KMail/1.7.2
Cc: [EMAIL PROTECTED],
[EMAIL PROTECTED],
[EMAIL PROTECTED],
[EMAIL PROTECTED],
[EMAIL PROTECTED]
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-2.5 required=4.0 tests=BAYES_00,SUSPICIOUS_RECIPS
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Hi!
Some of the fixes in 2.6.8-14 are missing CAN- and bug numbers. Maybe
you can add the CAN-numbers to the changelog?
Cheers,
Stefan
==============================
* 2.6.11.2 [SECURITY] epoll: return proper error on overflow
condition
(Maximilian Attems)
#299865: CAN-2005-0736: Boundary condition error in sys_epoll_wait
* [SECURITY] 115-proc_file_read_nbytes_signedness_fix.dpatch
Heap overflow fix in /proc; WDYBTGT3-1 on
http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html
No CAN# assigned yet, afaik (Andres Salomon).
#296900: CAN-2005-0529: Buffer overflow in proc_file_read
* [SECURITY] 116-n_tty_copy_from_read_buf_signedness_fixes.dpatch
copy_from_read_buf() fix; WDYBTGT3-2 on
http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html
No CAN#, yet (Andres Salomon).
#296901: CAN-2005-0530: information disclosure because of signedness
error in copy_from_read_buf
* [SECURITY] 117-reiserfs_file_64bit_size_t_fixes.dpatch
reiserfs integer fixes; WDYBTGT3-4 on
http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html
(Andres Salomon).
#296897: CAN-2005-0532: Buffer overflow in reiserfs_copy_from_user...
on 64bit arches
* [SECURITY] 123-atm_get_addr_signedness_fix.dpatch
Fix atm_get_addr()'s usage of its size arg, by making it
unsigned. WDYBTGT3-3 on
http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html
(Andres Salomon).
#296899: CAN-2005-0531: Buffer overflow in atm_get_addr
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
