Bug#302705: marked as done (CAN-2005-0749: Potential DOS in elf_load_library())

[Debian Bug Tracking System]

Your message dated Thu, 19 May 2005 06:47:46 -0400
with message-id <[EMAIL PROTECTED]>
and subject line Bug#302705: fixed in kernel-source-2.4.27 2.4.27-10
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 2 Apr 2005 13:03:57 +0000
>From [EMAIL PROTECTED] Sat Apr 02 05:03:57 2005
Return-path: <[EMAIL PROTECTED]>
Received: from gluck.debian.org [192.25.206.10] 
        by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1DHiI9-0007aH-00; Sat, 02 Apr 2005 05:03:57 -0800
Received: from inutil.org (vserver151.vserver151.serverflex.de) 
[193.22.164.111] 
        by gluck.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1DHiI7-0007Rs-00; Sat, 02 Apr 2005 06:03:55 -0700
Received: from wlan-client-010.informatik.uni-bremen.de ([134.102.116.11] 
helo=localhost.localdomain)
        by vserver151.vserver151.serverflex.de with esmtpsa 
(TLS-1.0:RSA_AES_256_CBC_SHA:32)
        (Exim 4.50)
        id 1DHiI1-0003bh-NG
        for [EMAIL PROTECTED]; Sat, 02 Apr 2005 15:03:49 +0200
Received: from jmm by localhost.localdomain with local (Exim 4.50)
        id 1DHiI5-0004Ge-QT; Sat, 02 Apr 2005 15:03:53 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Moritz Muehlenhoff <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: CAN-2005-0749: Potential DOS in elf_load_library()
X-Mailer: reportbug 3.9
Date: Sat, 02 Apr 2005 15:03:53 +0200
Message-Id: <[EMAIL PROTECTED]>
X-SA-Exim-Connect-IP: 134.102.116.11
X-SA-Exim-Mail-From: [EMAIL PROTECTED]
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond 
expanded to false
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: kernel-source-2.4.27
Severity: important
Tags: security

Yichen Xie found out that load_elf_library can modify `elf_phdata' before
freeing it, resulting in a local Denial-of-Service vulnerability.

A fix is available at:
http://linux.bkbits.net:8080/linux-2.4/[EMAIL PROTECTED]

Cheers,
        Moritz 

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)

---------------------------------------
Received: (at 302705-close) by bugs.debian.org; 19 May 2005 10:50:36 +0000
>From [EMAIL PROTECTED] Thu May 19 03:50:36 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
        by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1DYibr-0006wO-00; Thu, 19 May 2005 03:50:35 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
        id 1DYiZ8-0006ph-00; Thu, 19 May 2005 06:47:46 -0400
From: Simon Horman <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#302705: fixed in kernel-source-2.4.27 2.4.27-10
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Thu, 19 May 2005 06:47:46 -0400
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Source: kernel-source-2.4.27
Source-Version: 2.4.27-10

We believe that the bug you reported is fixed in the latest version of
kernel-source-2.4.27, which is due to be installed in the Debian FTP archive:

kernel-doc-2.4.27_2.4.27-10_all.deb
  to pool/main/k/kernel-source-2.4.27/kernel-doc-2.4.27_2.4.27-10_all.deb
kernel-patch-debian-2.4.27_2.4.27-10_all.deb
  to 
pool/main/k/kernel-source-2.4.27/kernel-patch-debian-2.4.27_2.4.27-10_all.deb
kernel-source-2.4.27_2.4.27-10.diff.gz
  to pool/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-10.diff.gz
kernel-source-2.4.27_2.4.27-10.dsc
  to pool/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-10.dsc
kernel-source-2.4.27_2.4.27-10_all.deb
  to pool/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-10_all.deb
kernel-tree-2.4.27_2.4.27-10_all.deb
  to pool/main/k/kernel-source-2.4.27/kernel-tree-2.4.27_2.4.27-10_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Simon Horman <[EMAIL PROTECTED]> (supplier of updated kernel-source-2.4.27 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 16 May 2005 14:48:47 +0900
Source: kernel-source-2.4.27
Binary: kernel-tree-2.4.27 kernel-source-2.4.27 kernel-patch-debian-2.4.27 
kernel-doc-2.4.27
Architecture: source all
Version: 2.4.27-10
Distribution: unstable
Urgency: low
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Simon Horman <[EMAIL PROTECTED]>
Description: 
 kernel-doc-2.4.27 - Linux kernel specific documentation for version 2.4.27
 kernel-patch-debian-2.4.27 - Debian patches to Linux 2.4.27
 kernel-source-2.4.27 - Linux kernel source for version 2.4.27 with Debian 
patches
 kernel-tree-2.4.27 - Linux kernel source tree for building Debian kernel images
Closes: 302704 302705 302864 305655 308757
Changes: 
 kernel-source-2.4.27 (2.4.27-10) unstable; urgency=low
 .
   * 155_net-bluetooth-signdness-fix.diff:
     [Security] Fix signedness problem at socket creation in bluetooth
     which can lead to local root exploit. See CAN-2005-0750
     (Simon Horman) (closes: Bug#302704)
 .
   * 156_fs-ext2-info-leak.diff:
     [Security] Fix information leak in ext2 which leads to
     a local information leak. See CAN-2005-0400
     (Simon Horman)
 .
   * 157_fs-isofs-range-check-1.diff, 157_fs-isofs-range-check-2.diff,
     157_fs-isofs-range-check-3.diff:
     [Security] Fix range checking in isofs which leads to a local crash
     and arbitary code execution.  See CAN-2005-0815
     (Simon Horman) (closes: #302864)
 .
   * 158_fs-binfmt_elf-dos.diff:
     Potential DOS in load_elf_library. See CAN-2005-0749
     (Simon Horman) (closes: #302705)
 .
   * 159_fs-cramfs-stat.diff
     Fix to stat output for cramfs
     (Simon Horman)
 .
   * 160_drivers-net-sis900-oops.diff
      sis900 kernel oops fix
     (Simon Horman)
 .
   * 161_drivers-net-amd8111e-irq.diff
     AMD8111e driver was releasing an irq in some error situations
     (Simon Horman)
 .
   * 162_drivers-net-via-rhine-irq.diff
     VIA Rhine driver was releasing an irq in some error situations
     (Simon Horman)
 .
   * 165_VM_IO.diff added, 140_VM_IO.diff removed:
     [CAN-2004-1057] Updated fix for DoS from accessing freed kernel pages.
     The previous fix seems to have cuased some problems and this
     is the one that is upstream.
     (Simon Horman, Dann Frazier)
 .
   * 164_net-ipv4-icmp-quench.diff:
      [CAN-2004-0790] Just silently ignore ICMP Source Quench messages.
      (Simon Horman)  (closes: #305655)
 .
   * 165_arch-ia64-kernel-missing-sysctl.diff:
      [CAN-2005-0137] Add missing sysctl slot for ia64 resolving
      local DoS. (Simon Horman)
 .
   * fs-binfmt_elf-dump-privelage.diff:
     Linux kernel ELF core dump privilege elevation
     See CAN-2005-1263. (closes: #308757). (Simon Horman)
Files: 
 59d9aeb90e71e4b6369a6b4986da690b 888 devel optional 
kernel-source-2.4.27_2.4.27-10.dsc
 0ccc5c9df0130e5da099cd1a7c8a7f64 688010 devel optional 
kernel-source-2.4.27_2.4.27-10.diff.gz
 157b883cbfb91812912c16728eb61fa0 633228 devel optional 
kernel-patch-debian-2.4.27_2.4.27-10_all.deb
 9478d7f77b06c30454ef7864d9487fd4 3576196 doc optional 
kernel-doc-2.4.27_2.4.27-10_all.deb
 3ae3d29a6b8a3de23a860627f3b440c3 31022934 devel optional 
kernel-source-2.4.27_2.4.27-10_all.deb
 15394d1f0d96b07955178f05296929e0 23348 devel optional 
kernel-tree-2.4.27_2.4.27-10_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCjGuZdu+M6Iexz7URAnSkAJ9SWaRWL1fYfJzpqtV+TXQ3LhkidgCgynIE
FHrCSlUvvU/NhZxzmELwM+0=
=kbKC
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]