Horms wrote: > > I found three more security related reports/patches on linux-kernel. > > As mentioned elsewhere, the first (request_key_auth memleek) is CAN-2005-3119. > Can we get CAN numbers for the other two?
Here they are: > > From: Dave Jones <[EMAIL PROTECTED]> > > > > Please consider for next 2.6.13, it is a minor security issue allowing > > users to turn on drm debugging when they shouldn't... ====================================================== Candidate: CAN-2005-3179 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3179 Reference: CONFIRM:http://www.kernel.org/hg/linux-2.6/?cmd=changeset;node=d7067d7d1f92cba14963a430cfbd53098cbbc8fd Reference: CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=107893 drm.c in Linux kernel 2.6.13 and earlier creates a debug file in sysfs with world-readable and world-writable permissions, which allows local users to enable DRM debugging and obtain sensitive information. > > From: Pavel Roskin <[EMAIL PROTECTED]> > > > > The orinoco driver can send uninitialized data exposing random pieces of > > the system memory. This happens because data is not padded with zeroes > > when its length needs to be increased. ====================================================== Candidate: CAN-2005-3180 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3180 Reference: CONFIRM:http://www.kernel.org/hg/linux-2.6/?cmd=changeset;node=feecb2ffde28639e60ede769c6f817dc536c677b The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does not properly clear memory from a previously used packet whose length is increased, which allows remote attackers to obtain sensitive information. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
