Bug#284477: Same with IBM Thinkcentre A50
The same thing happens with the IBM Thinkcentre A50, MT-M 8089-74G. With 2.6.8-2-686 it seizes: the clock starts jumping forward and backwards (between 16:01 and 17:12, the time I discovered that), the screen blanks out (since, suddenly, the system has spent 1 hour and 11 minutes idle ;-)), and even simple commands take ages to execute. Finally, it hangs completely. Fun observation: if I launch a program from KDE's panel, the cursor gets the bouncing icon, but it doesn't bounce; when I press any key it advances a frame in its bouncing. These are the last messages in /var/log/syslog before starting with the poltergeist thing: [standard bootup messages] Mar 16 16:11:06 pitagoras kernel: lp0: using parport0 (interrupt-driven). Mar 16 16:11:06 pitagoras lpd[3107]: restarted Mar 16 16:11:08 pitagoras postfix/postfix-script: starting the Postfix mail system Mar 16 16:11:08 pitagoras postfix/master[3200]: daemon started -- version 2.1.5 Mar 16 16:11:08 pitagoras kernel: NET: Registered protocol family 10 Mar 16 16:11:08 pitagoras kernel: Disabled Privacy Extensions on device c02ff020(lo) Mar 16 16:11:08 pitagoras kernel: IPv6 over IPv4 tunneling driver Mar 16 16:11:09 pitagoras xfs: ignoring font path element /usr/lib/X11/fonts/cyrillic/ (unreadable) Mar 16 16:11:09 pitagoras /usr/sbin/cron[3347]: (CRON) INFO (pidfile fd = 3) Mar 16 16:11:09 pitagoras /usr/sbin/cron[3348]: (CRON) STARTUP (fork ok) Mar 16 16:11:09 pitagoras /usr/sbin/cron[3348]: (CRON) INFO (Running @reboot jobs) Mar 16 16:11:09 pitagoras xfs: ignoring font path element /usr/lib/X11/fonts/CID (unreadable) Mar 16 16:11:10 pitagoras Xprt_64: No matching visual for __GLcontextMode with visual class = 0 (32775), nplanes = 8 Mar 16 16:11:11 pitagoras kernel: [drm] Initialized i830 1.3.2 20021108 on minor 0: Intel Corp. 82865G Integrated Graphics Device Mar 16 16:11:11 pitagoras kernel: mtrr: base(0xf002) is not aligned on a size(0x80) boundary Mar 16 16:11:16 pitagoras kdm_greet[3512]: Can't open default user face Mar 16 16:11:19 pitagoras kernel: eth0: no IPv6 routers present Mar 16 16:12:02 pitagoras gconfd (jtarrio-3672): comenzando (versión 2.8.1), pid 3672 usuario jtarrio Mar 16 16:12:02 pitagoras gconfd (jtarrio-3672): Se resolvio la direccion xml:readonly:/etc/gconf/gconf.xml.mandatory a una fuente de configuracion de solo lectura en la posicion 0 Mar 16 16:12:02 pitagoras gconfd (jtarrio-3672): Se resolvio la direccion xml:readwrite:/home/jtarrio/.gconf a una fuente de configuracion escribible en la posicion 1 Mar 16 16:12:02 pitagoras gconfd (jtarrio-3672): Se resolvio la direccion xml:readonly:/etc/gconf/gconf.xml.defaults a una fuente de configuracion de solo lectura en la posicion 2 Mar 16 16:17:01 pitagoras /USR/SBIN/CRON[3682]: (root) CMD ( run-parts --report /etc/cron.hourly) Mar 16 16:31:05 pitagoras -- MARK -- Mar 16 16:51:05 pitagoras -- MARK -- I'd like to call your attention upon the messages at 16:11:10 and 16:11:11. I believe they appear when X is loaded (for kdm). However, another Thinkcentre we're temporarily using as a firewall, with no X, suffers from the same ailment (in fact, it is the first one we noticed it on). I haven't seen 2.4.27-1-386 exhibit this behaviour yet. The equivalent 686 version is to be tested today (will report). A BIOS update is useless since the version on IBM's support pages is the same one the computers came loaded with. -- Jacobo Tarrío | http://jacobo.tarrio.org/
Re: Bug#299875: ppp: out-of-memory 30min after LCP terminated by peer
reassign 299875 kernel
retitle 299875 CAN-2005-0384: Remote Linux DoS on ppp servers
tag 299875 patch security
thanks
Paul Mackerras says that this bug affects all kernels (2.4 and 2.6) and
can be easily triggered remotely, but is only a CPU DoS.
from 2.6.11.4:
diff -Nru a/drivers/net/ppp_async.c b/drivers/net/ppp_async.c
--- a/drivers/net/ppp_async.c 2005-03-15 16:09:59 -08:00
+++ b/drivers/net/ppp_async.c 2005-03-15 16:09:59 -08:00
@@ -1000,7 +1000,7 @@
data += 4;
dlen -= 4;
/* data[0] is code, data[1] is length */
- while (dlen = 2 dlen = data[1]) {
+ while (dlen = 2 dlen = data[1] data[1] = 2) {
switch (data[0]) {
case LCP_MRU:
val = (data[2] 8) + data[3];
--
ciao,
Marco
signature.asc
Description: Digital signature
Processed: Re: Bug#299875: ppp: out-of-memory 30min after LCP terminated by peer
Processing commands for [EMAIL PROTECTED]: reassign 299875 kernel Bug#299875: ppp: out-of-memory 30min after LCP terminated by peer Bug reassigned from package `ppp' to `kernel'. retitle 299875 CAN-2005-0384: Remote Linux DoS on ppp servers Bug#299875: ppp: out-of-memory 30min after LCP terminated by peer Changed Bug title. tag 299875 patch security Bug#299875: CAN-2005-0384: Remote Linux DoS on ppp servers There were no tags set. Tags added: patch, security thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: This bug is release critical IMO
Processing commands for [EMAIL PROTECTED]: severity 289690 serious Bug#289690: (no subject) Severity set to `serious'. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#289690: This bug is release critical IMO
severity 289690 serious thanks This bug should really be fixed for sarge... releasing with broken Samba support isn't an option. I also encountered the bug on my side (with version 2.6.8-13 of the kernel). You must be able to find out the relevant change in the kernel bitkeeper history, isn't it ? As a starting point, you may contact the guy who posted that mail : http://lwn.net/Articles/112514/?format=printable Regards, Raphaël.
Bug#296901: marked as done (CAN-2005-0530: information disclosure because of signedness error in copy_from_read_buf)
Your message dated Thu, 17 Mar 2005 12:02:03 +0100 with message-id [EMAIL PROTECTED] and subject line vulnerabilites fixed in kernel-source-2.6.8 (2.6.8-14) has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 25 Feb 2005 14:40:53 + From [EMAIL PROTECTED] Fri Feb 25 06:40:52 2005 Return-path: [EMAIL PROTECTED] Received: from mail-out.m-online.net [212.18.0.9] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1D4geC-0001ju-00; Fri, 25 Feb 2005 06:40:52 -0800 Received: from mail.m-online.net (svr20.m-online.net [192.168.3.148]) by mail-out.m-online.net (Postfix) with ESMTP id 930605DAD for [EMAIL PROTECTED]; Fri, 25 Feb 2005 15:40:51 +0100 (CET) Received: from k.local (ppp-82-135-14-157.mnet-online.de [82.135.14.157]) by mail.m-online.net (Postfix) with ESMTP id 8082056EB9 for [EMAIL PROTECTED]; Fri, 25 Feb 2005 15:40:51 +0100 (CET) Received: from stf by k.local with local (Exim 4.44) id 1D4geB-0005f5-Mb for [EMAIL PROTECTED]; Fri, 25 Feb 2005 15:40:51 +0100 Content-Type: text/plain; charset=us-ascii MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Stefan Fritsch [EMAIL PROTECTED] To: Debian Bug Tracking System [EMAIL PROTECTED] Subject: CAN-2005-0530: information disclosure because of signedness error in copy_from_read_buf X-Mailer: reportbug 3.8 Date: Fri, 25 Feb 2005 15:40:51 +0100 Message-Id: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Package: kernel-source-2.6.8 Version: 2.6.8-13 Severity: grave Tags: security Justification: user security hole Signedness error in the copy_from_read_buf function in n_tty.c for Linux kernel 2.6.10 and 2.6.11rc1 allows local users to read kernel memory via a negative argument. The offending code is also in 2.6.8 and 2.4.27. A fix is at http://linux.bkbits.net:8080/linux-2.6/[EMAIL PROTECTED] Advisory at http://marc.theaimsgroup.com/?l=full-disclosurem=110846727602817w=2 Please also fix 2.6.9 and 2.6.10 -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.10-as2-stf-k-1 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages kernel-source-2.6.8 depends on: ii binutils 2.15-5 The GNU assembler, linker and bina ii bzip2 1.0.2-5high-quality block-sorting file co ii coreutils [fileutils] 5.2.1-2The GNU core utilities ii fileutils 5.2.1-2The GNU file management utilities -- no debconf information --- Received: (at 296901-done) by bugs.debian.org; 17 Mar 2005 11:02:41 + From [EMAIL PROTECTED] Thu Mar 17 03:02:40 2005 Return-path: [EMAIL PROTECTED] Received: from neo.t30.physik.tu-muenchen.de [129.187.137.8] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1DBslz-00012r-00; Thu, 17 Mar 2005 03:02:39 -0800 Received: from neo.t30.physik.tu-muenchen.de ([129.187.137.8] helo=localhost) by neo.t30.physik.tu-muenchen.de with esmtp (Exim 3.35 #1 (Debian)) id 1DBslR-0004Ww-00; Thu, 17 Mar 2005 12:02:05 +0100 From: Stefan Fritsch [EMAIL PROTECTED] To: Andres Salomon [EMAIL PROTECTED] Subject: vulnerabilites fixed in kernel-source-2.6.8 (2.6.8-14) Date: Thu, 17 Mar 2005 12:02:03 +0100 User-Agent: KMail/1.7.2 Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-2.5 required=4.0 tests=BAYES_00,SUSPICIOUS_RECIPS autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: X-CrossAssassin-Score: 4 Hi! Some of the fixes in 2.6.8-14 are missing CAN- and bug numbers. Maybe you can add the CAN-numbers to the changelog? Cheers, Stefan == * 2.6.11.2 [SECURITY] epoll: return proper error on overflow
Bug#296897: marked as done (CAN-2005-0532: Buffer overflow in reiserfs_copy_from_user... on 64bit arches)
Your message dated Thu, 17 Mar 2005 12:02:03 +0100 with message-id [EMAIL PROTECTED] and subject line vulnerabilites fixed in kernel-source-2.6.8 (2.6.8-14) has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 25 Feb 2005 14:06:01 + From [EMAIL PROTECTED] Fri Feb 25 06:06:01 2005 Return-path: [EMAIL PROTECTED] Received: from mail-out.m-online.net [212.18.0.9] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1D4g6T-0001cw-00; Fri, 25 Feb 2005 06:06:01 -0800 Received: from mail.m-online.net (svr20.m-online.net [192.168.3.148]) by mail-out.m-online.net (Postfix) with ESMTP id B6F315A0D for [EMAIL PROTECTED]; Fri, 25 Feb 2005 15:05:59 +0100 (CET) Received: from k.local (ppp-82-135-14-157.mnet-online.de [82.135.14.157]) by mail.m-online.net (Postfix) with ESMTP id A277456E6A for [EMAIL PROTECTED]; Fri, 25 Feb 2005 15:05:59 +0100 (CET) Received: from stf by k.local with local (Exim 4.44) id 1D4g6Q-0005ZB-JR for [EMAIL PROTECTED]; Fri, 25 Feb 2005 15:05:58 +0100 Content-Type: text/plain; charset=us-ascii MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Stefan Fritsch [EMAIL PROTECTED] To: Debian Bug Tracking System [EMAIL PROTECTED] Subject: CAN-2005-0532: Buffer overflow in reiserfs_copy_from_user... on 64bit arches X-Mailer: reportbug 3.8 Date: Fri, 25 Feb 2005 15:05:58 +0100 Message-Id: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Package: kernel-source-2.6.8 Version: 2.6.8-13 Severity: critical Tags: security Justification: root security hole Cite: The reiserfs_copy_from_user_to_file_region function in reiserfs/file.c for Linux kernel 2.6.10 and 2.6.11 before 2.6.11-rc4, when running on 64-bit architectures, may allow local users to trigger a buffer overflow as a result of casting discrepancies between size_t and int data types. The offending code is also in 2.6.8. A fix is at http://linux.bkbits.net:8080/linux-2.6/[EMAIL PROTECTED] The original advisory is at http://marc.theaimsgroup.com/?l=full-disclosurem=110846727602817w=2 Please fix 2.6.9 and 2.6.10 as well. I have also looked at 2.4.27 but couldn't find any similar code. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Versions of packages kernel-source-2.6.8 depends on: ii binutils 2.15-5 The GNU assembler, linker and bina ii bzip2 1.0.2-5high-quality block-sorting file co ii coreutils [fileutils] 5.2.1-2The GNU core utilities ii fileutils 5.2.1-2The GNU file management utilities -- no debconf information --- Received: (at 296897-done) by bugs.debian.org; 17 Mar 2005 11:02:40 + From [EMAIL PROTECTED] Thu Mar 17 03:02:40 2005 Return-path: [EMAIL PROTECTED] Received: from neo.t30.physik.tu-muenchen.de [129.187.137.8] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1DBslz-00012r-00; Thu, 17 Mar 2005 03:02:39 -0800 Received: from neo.t30.physik.tu-muenchen.de ([129.187.137.8] helo=localhost) by neo.t30.physik.tu-muenchen.de with esmtp (Exim 3.35 #1 (Debian)) id 1DBslR-0004Ww-00; Thu, 17 Mar 2005 12:02:05 +0100 From: Stefan Fritsch [EMAIL PROTECTED] To: Andres Salomon [EMAIL PROTECTED] Subject: vulnerabilites fixed in kernel-source-2.6.8 (2.6.8-14) Date: Thu, 17 Mar 2005 12:02:03 +0100 User-Agent: KMail/1.7.2 Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-2.5 required=4.0 tests=BAYES_00,SUSPICIOUS_RECIPS autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Hi! Some of the fixes in 2.6.8-14 are missing CAN- and bug numbers. Maybe you can add the CAN-numbers to the changelog? Cheers, Stefan
Bug#296899: marked as done (CAN-2005-0531: Buffer overflow in atm_get_addr)
Your message dated Thu, 17 Mar 2005 12:02:03 +0100 with message-id [EMAIL PROTECTED] and subject line vulnerabilites fixed in kernel-source-2.6.8 (2.6.8-14) has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 25 Feb 2005 14:16:59 + From [EMAIL PROTECTED] Fri Feb 25 06:16:59 2005 Return-path: [EMAIL PROTECTED] Received: from mail-out.m-online.net [212.18.0.9] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1D4gH5-0003Oc-00; Fri, 25 Feb 2005 06:16:59 -0800 Received: from mail.m-online.net (svr20.m-online.net [192.168.3.148]) by mail-out.m-online.net (Postfix) with ESMTP id 2E53C5BA2 for [EMAIL PROTECTED]; Fri, 25 Feb 2005 15:16:58 +0100 (CET) Received: from k.local (ppp-82-135-14-157.mnet-online.de [82.135.14.157]) by mail.m-online.net (Postfix) with ESMTP id 1D8B256E77 for [EMAIL PROTECTED]; Fri, 25 Feb 2005 15:16:58 +0100 (CET) Received: from stf by k.local with local (Exim 4.44) id 1D4gH4-0005ay-8m for [EMAIL PROTECTED]; Fri, 25 Feb 2005 15:16:58 +0100 Content-Type: text/plain; charset=us-ascii MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Stefan Fritsch [EMAIL PROTECTED] To: Debian Bug Tracking System [EMAIL PROTECTED] Subject: CAN-2005-0531: Buffer overflow in atm_get_addr X-Mailer: reportbug 3.8 Date: Fri, 25 Feb 2005 15:16:58 +0100 Message-Id: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Package: kernel-source-2.6.8 Version: 2.6.8-13 Severity: critical Tags: security Justification: root security hole Cite: The atm_get_addr function in addr.c for Linux kernel 2.6.10 and 2.6.11 before 2.6.11-rc4 may allow local users to trigger a buffer overflow via negative arguments. The offending code is also in 2.6.8 and 2.4.27. Fix: http://linux.bkbits.net:8080/linux-2.6/[EMAIL PROTECTED] Advisory: http://marc.theaimsgroup.com/?l=full-disclosurem=110846727602817w=2 Please fix also 2.6.9 and 2.6.10 -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) --- Received: (at 296899-done) by bugs.debian.org; 17 Mar 2005 11:02:40 + From [EMAIL PROTECTED] Thu Mar 17 03:02:40 2005 Return-path: [EMAIL PROTECTED] Received: from neo.t30.physik.tu-muenchen.de [129.187.137.8] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1DBslz-00012r-00; Thu, 17 Mar 2005 03:02:39 -0800 Received: from neo.t30.physik.tu-muenchen.de ([129.187.137.8] helo=localhost) by neo.t30.physik.tu-muenchen.de with esmtp (Exim 3.35 #1 (Debian)) id 1DBslR-0004Ww-00; Thu, 17 Mar 2005 12:02:05 +0100 From: Stefan Fritsch [EMAIL PROTECTED] To: Andres Salomon [EMAIL PROTECTED] Subject: vulnerabilites fixed in kernel-source-2.6.8 (2.6.8-14) Date: Thu, 17 Mar 2005 12:02:03 +0100 User-Agent: KMail/1.7.2 Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-2.5 required=4.0 tests=BAYES_00,SUSPICIOUS_RECIPS autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: X-CrossAssassin-Score: 2 Hi! Some of the fixes in 2.6.8-14 are missing CAN- and bug numbers. Maybe you can add the CAN-numbers to the changelog? Cheers, Stefan == * 2.6.11.2 [SECURITY] epoll: return proper error on overflow condition (Maximilian Attems) #299865: CAN-2005-0736: Boundary condition error in sys_epoll_wait * [SECURITY] 115-proc_file_read_nbytes_signedness_fix.dpatch Heap overflow fix in /proc; WDYBTGT3-1 on http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html No CAN# assigned yet, afaik (Andres Salomon). #296900: CAN-2005-0529: Buffer overflow in proc_file_read * [SECURITY] 116-n_tty_copy_from_read_buf_signedness_fixes.dpatch copy_from_read_buf() fix; WDYBTGT3-2 on
Bug#299865: marked as done (CAN-2005-0736: Boundary condition error in sys_epoll_wait)
Your message dated Thu, 17 Mar 2005 12:02:03 +0100 with message-id [EMAIL PROTECTED] and subject line vulnerabilites fixed in kernel-source-2.6.8 (2.6.8-14) has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 17 Mar 2005 00:32:02 + From [EMAIL PROTECTED] Wed Mar 16 16:32:01 2005 Return-path: [EMAIL PROTECTED] Received: from sdcarl02.strategicdata.com.au (sd01.mel.strategicdata.com.au) [203.214.67.82] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1DBivh-0003Lw-00; Wed, 16 Mar 2005 16:32:01 -0800 Received: from sd01 (localhost [127.0.0.1]) by mail-int.strategicdata.com.au (Postfix) with ESMTP id 7B058C000D65 for [EMAIL PROTECTED]; Thu, 17 Mar 2005 11:31:58 +1100 (EST) Received: from sd01.mel.strategicdata.com.au (localhost []) by localhost ([127.0.0.1]); Thu, 17 Mar 2005 00:31:58 + Received: from carthanach.mel.strategicdata.com.au (carthanach.mel.strategicdata.com.au [192.168.1.99]) by sd01.mel.strategicdata.com.au (Postfix) with SMTP id 4EE43C000D65 for [EMAIL PROTECTED]; Thu, 17 Mar 2005 11:31:58 +1100 (EST) Received: by carthanach.mel.strategicdata.com.au (sSMTP sendmail emulation); Thu, 17 Mar 2005 11:31:58 +1100 From: Geoff Crompton [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii MIME-Version: 1.0 Content-Transfer-Encoding: 7bit To: Debian Bug Tracking System [EMAIL PROTECTED] Subject: CAN-2005-0736: Boundary condition error in sys_epoll_wait X-Mailer: reportbug 3.8 Date: Thu, 17 Mar 2005 11:31:58 +1100 Message-Id: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Package: kernel-source-2.6.8 Version: 2.6.8-13 Severity: critical Justification: root security hole There is a local integer overflow vulnerability in the sys_epoll_wait() call. See following for detail: http://www.securityfocus.com/bid/12763/ Apologies if already reported. --- Received: (at 299865-done) by bugs.debian.org; 17 Mar 2005 11:02:41 + From [EMAIL PROTECTED] Thu Mar 17 03:02:41 2005 Return-path: [EMAIL PROTECTED] Received: from neo.t30.physik.tu-muenchen.de [129.187.137.8] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1DBslz-00012r-00; Thu, 17 Mar 2005 03:02:39 -0800 Received: from neo.t30.physik.tu-muenchen.de ([129.187.137.8] helo=localhost) by neo.t30.physik.tu-muenchen.de with esmtp (Exim 3.35 #1 (Debian)) id 1DBslR-0004Ww-00; Thu, 17 Mar 2005 12:02:05 +0100 From: Stefan Fritsch [EMAIL PROTECTED] To: Andres Salomon [EMAIL PROTECTED] Subject: vulnerabilites fixed in kernel-source-2.6.8 (2.6.8-14) Date: Thu, 17 Mar 2005 12:02:03 +0100 User-Agent: KMail/1.7.2 Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-2.5 required=4.0 tests=BAYES_00,SUSPICIOUS_RECIPS autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: X-CrossAssassin-Score: 5 Hi! Some of the fixes in 2.6.8-14 are missing CAN- and bug numbers. Maybe you can add the CAN-numbers to the changelog? Cheers, Stefan == * 2.6.11.2 [SECURITY] epoll: return proper error on overflow condition (Maximilian Attems) #299865: CAN-2005-0736: Boundary condition error in sys_epoll_wait * [SECURITY] 115-proc_file_read_nbytes_signedness_fix.dpatch Heap overflow fix in /proc; WDYBTGT3-1 on http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html No CAN# assigned yet, afaik (Andres Salomon). #296900: CAN-2005-0529: Buffer overflow in proc_file_read * [SECURITY] 116-n_tty_copy_from_read_buf_signedness_fixes.dpatch copy_from_read_buf() fix; WDYBTGT3-2 on http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html No CAN#, yet (Andres Salomon). #296901: CAN-2005-0530: information disclosure because of signedness error
Re: short random freezes.
On Tue, Mar 08, 2005 at 10:38:17AM +0100, [EMAIL PROTECTED] wrote: Greetings. I've been running sarge in the last year, and recently I performed an aptitude dist-upgrade that, among other packages, upgraded kernel-image-2.6.8-1-686 to kernel-image-2.6.8-2-686. Thereafter, my PCs and (non-critical) servers sometimes freeze for a short time (tipically about a second) during which keyboard, mouse and display seem inactive. The frequency of freezes increases significantly under heavy load. This has usually no consequence on processes running, but seem to confuse real-time applications like mplayer. I tried to isolate the problem by changing windowmanager, but to no effect. Now I would like to revert to the old kernel-image-2.6.8-1-686, and check whether the problem disappears. But unfortunately, the deb seems to have already disappearded from the pool. Could you please tell me where to find the kernel-image-2.6.8-1-686 package? Greetings. I assume that none of you could manage to find the time to even read my previous message. But in case someone actually did, he should know that the problem has been filed as bug 294030 (package chrony), and maybe the kernel is not involved at all. g.b. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#271315: kernel-image-2.6.8-2-sparc64: Breaks Type5c keyboard, too
Package: kernel-image-2.6.8-2-sparc64 Version: 2.6.8-6 Followup-For: Bug #271315 I confirm hitting this bug with a Type 5c keyboard, on an UltraSparc 5, too. Keymap is completely baroque, e.g. the delete key acts as enter, some Fn keys act as normal characters like u or n and $DEITY knows what key activated caps lock. 2.4.27-2-sparc64 kernel works OK. -- Lionel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#300083: kernel-image-2.6.8-powerpc: problemes with the clock on a mac mini
Package: kernel-image-2.6.8-powerpc Version: 2.6.8-11 Severity: important I have noticed that the clock in the evening differs about 15 min from the actual time. My mac mini runs 24/7 with ntpdate running daily to sync the clock. I also noticed that hwclock does not work at all for example: [ linapple ~ # ntpdate time.ethz.ch 17 Mar 16:11:00 ntpdate[21647]: step time server 129.132.97.15 offset -25169.568464 sec [ linapple ~ # date Thu Mar 17 16:11:02 CET 2005 [ linapple ~ # hwclock --show time in rtc is Thu Mar 17 23:10:37 2005 [ linapple ~ # date Thu Mar 17 23:10:41 CET 2005 [ linapple ~ # hwclock --show sets the clock to the hwclcok, just hwclcok does the same. I also cannot set the hwclock (--systohc). -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing') Architecture: powerpc (ppc) Kernel: Linux 2.6.8-powerpc Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages kernel-image-2.6.8-powerpc depends on: ii initrd-tools 0.1.77 tools to create initrd image for p ii mkvmlinuz 13 create a kernel to boot a PowerPC ii module-init-tools 3.2-pre1-2 tools for managing Linux kernel mo -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#299567: lots o space
On Mon, 2005-03-14 at 22:16 -0800, Matt Taggart wrote: dann frazier writes... fyi, I have a patch to the kernel-image build system that would spit out a separate package w/ a debug kernel image module set under /usr/lib. I did this in the 2.4.25 timeframe, and I was getting ~204M debug packages per flavor. I don't know how big it would be for just the image (no modules). dannf, I assume flavor means each kernel-image source package and the various kernel-image packages it delivers? Yeah. That seems like quite a burden for the archive. I can think of a couple ways to handle this, 1) implement debug packages in the packaging, but don't build them as part of the default build target. Put instructions in the source on which rule to use to build your own. The oprofile package could refer users to these. This would mean each user who wanted them would need to build them which sucks, but this is easily implemented. Not a bad idea - seems like the initial support could go into kernel package, and we could honor the DEB_BUILD_OPTIONS=debug env var. -- dann frazier [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#299865: CAN-2005-0736: Boundary condition error in sys_epoll_wait
Geoff Crompton wrote: Package: kernel-source-2.6.8 Version: 2.6.8-13 Severity: critical Justification: root security hole There is a local integer overflow vulnerability in the sys_epoll_wait() call. See following for detail: http://www.securityfocus.com/bid/12763/ Apologies if already reported. This was already fixed in 2.6.8-14, although AFAIK we've get to get the kernel-images built from it. -- see shy jo signature.asc Description: Digital signature
Bug#299875: ppp: out-of-memory 30min after LCP terminated by peer
Justin Pryzby wrote: I assume that you have seen this: http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.4 yes i have*now*. obviously this was a security issue (CAN-2005-0384) and i *guess* that's why the issue was not discussed in public. what pity and what a waste of time in tracking this down when the security guys are already on it and release a fix out-of-the-box. If not .. tag patch:) In less than 100 lines, even! yes, 2.6.11.4 is out including this fix. Marco d'Itri commented: Paul Mackerras says that this bug affects all kernels (2.4 and 2.6) and can be easily triggered remotely, but is only a CPU DoS. --^ actually my problem was *not* about a CPU DoS but a (out-of)memory DoS. cpu was spinning normally. and i was not able to tell the exact kernel version when the problem started - instead my research led to the assumption that the new ppp package was to blame. well, i'm already compiling 2.6.11.4, i'll see what it gives. thank you for your concern, Christian. -- BOFH excuse #188: ..disk or the processor is on fire. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
HiSax/Kernel patch for ISDN card SITECOM PCI DC-105V2
Hello,
I have had some difficulties to get my ISDN card running (SITECOM PCI
DC-105V2). Rasca [EMAIL PROTECTED], give me a useful solution :
http://mpx.freeshell.net/sitecom_dc105v2.html :
Step by Step
The files you have to modify (from inside /usr/src):
include/linux/pci_ids.h
drivers/isdn/hisax/config.c
drivers/isdn/hisax/hfc_pci.c
In pci_ids.h add the following two lines behind the line /* Vendors and
devices ..:
#define PCI_VENDOR_ID_SITECOM 0x182d
#define PCI_DEVICE_ID_DC105V2 0x3069
In config.c after the second appearance of the line #ifdef
CONFIG_HISAX_HFC_PCI add the line (you should see some kind of list
here):
{PCI_VENDOR_ID_SITECOM, PCI_DEVICE_ID_DC105V2, PCI_ANY_ID, PCI_ANY_ID},
In hfc_pci.c at the end of the id_list[] you have to add the following
line:
{PCI_VENDOR_ID_SITECOM, PCI_DEVICE_ID_DC105V2, Sitecom Europe B.V., DC-105
V2},
And, of course ensure that in .config CONFIG_HISAX_HFC_PCI is
defined..
Recompile the kernel modules and install them. That's it. Now your
sitecom card should be recognized.
I have try with a kernel image using kernel-source-2.4.27 (2.4.27-8),
and it works.
Rasca told me that he has informed the HiSax team, but It would be great
to already have this patch in sarge (kernel-source / kernel-image).
Kind Regards
Philippe Oerthel
Some infos :
Linux version 2.4.27 ([EMAIL PROTECTED]) (version gcc 3.3.4 (Debian
1:3.3.4-13)) #1 sam fév 26 22:57:40 CET 2005
:00:11.0 Network controller: SiteCom Europe BV ISDN PCI DC-105V2
(rev 02)
Subsystem: SiteCom Europe BV ISDN PCI DC-105V2
Flags: bus master, medium devsel, latency 16, IRQ 10
I/O ports at fff0 [disabled] [size=8]
Memory at fff7f800 (32-bit, non-prefetchable) [size=256]
Capabilities: [40] Power Management version 1
HiSax: Linux Driver for passive ISDN cards
HiSax: Version 3.5 (module)
HiSax: Layer1 Revision 1.1.4.1
HiSax: Layer2 Revision 1.1.4.1
HiSax: TeiMgr Revision 1.1.4.1
HiSax: Layer3 Revision 1.1.4.1
HiSax: LinkLayer Revision 1.1.4.1
HiSax: Approval certification failed because of
HiSax: unauthorized source code changes
HiSax: Total 1 card defined
HiSax: Card 1 Protocol EDSS1 Id=line0 (0)
HiSax: HFC-PCI driver Rev. 1.1.4.1
HiSax: HFC-PCI card manufacturer: Sitecom Europe B.V. card name: DC-105
V2
HiSax: DSS1 Rev. 1.1.4.1
HiSax: 2 channels added
HiSax: MAX_WAITING_CALLS added
HiSax: debugging flags card 1 set to 4
HiSax: debugging flags card 1 set to 4
HiSax: debugging flags card 1 set to 4
HiSax: debugging flags card 1 set to 4
HiSax: debugging flags card 1 set to 4
Re: 2.6.11-1 status, ready for an upload this WE ?
On Fri, Mar 11, 2005 at 03:50:59PM +0100, Sven Luther wrote: Hello, I have looked at the 2.6.11 kernel status again, and it seems to me that from the remaining TODO items of the 2.6.10-2.6.11 porting, we had the following things still on TODO : 1) the ia64 patch. Those will be dropped and new patches need to be provided. that can happen post -1 though, especially as there was no activity from the ia64 kernel guys yet. 2) tg3 firmware pruning, and other stuff relative to the non-free firmware issue. And naturally any other stuff we would see happening, but none are really important as to block -1 i think. So i would like that we aim at a 2.6.11-1 upload somewhen this WE, maybe on sunday, does this sound possible ? Who is ready to upload 2.6.11-1 kernel-images ? I will be able to provide powerpc images together with the kernel-source upload. Also, since this is not a sarge candidate kernel, the consensus on irc seems to be to not continue with the firmware module pruning, but to drop the modules altogether, and package them in non-free. I would suggest that we go at this in two ways, with maybe a temporary non-freeness in main : 1) we package the plain 2.6.11 as provided by upstream in main and upload it. Those non-free firmware blobs are for the most part in main already, and it seems the RM (well ex-RM but he was RM back then), said that it was acceptable for sarge, so ... Doesn't that mean that the non-free bits will live in the orig.tar.gz forever? Is this a problem? If not is it a problem not to prune them from the tree later, rather just not compile them? -- Horms -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Kernel files in Testing that probably shouldn't be there
Indeed they should not be there. I guess the best thing to do is to file a bug against the archive and then ping one of the ftp-masters. On Fri, Mar 11, 2005 at 12:43:34PM -0600, Jeffrey Austen wrote: I noticed several kernel files in testing which probably should not be there. Here is a list of files and reasons. === Missing kernel source 2.4.19 kernel-patch-2.4.19-arm (20031211) [1] === Missing kernel source 2.6.10 kernel-headers-2.6.10-1 (2.6.10-1) kernel-headers-2.6.10-1-32 (2.6.10-1) kernel-headers-2.6.10-1-32-smp (2.6.10-1) kernel-headers-2.6.10-1-64 (2.6.10-1) kernel-headers-2.6.10-1-64-smp (2.6.10-1) kernel-headers-2.6.10-1-generic (2.6.10-1) kernel-headers-2.6.10-1-s390 (2.6.10-2) kernel-headers-2.6.10-1-s390x (2.6.10-2) kernel-headers-2.6.10-1-smp (2.6.10-1) kernel-image-2.6.10-1-32 (2.6.10-1) kernel-image-2.6.10-1-32-smp (2.6.10-1) kernel-image-2.6.10-1-64 (2.6.10-1) kernel-image-2.6.10-1-64-smp (2.6.10-1) kernel-image-2.6.10-1-generic (2.6.10-1) kernel-image-2.6.10-1-s390 (2.6.10-2) kernel-image-2.6.10-1-s390-tape (2.6.10-2) kernel-image-2.6.10-1-s390x (2.6.10-2) kernel-image-2.6.10-1-smp (2.6.10-1) kernel-patch-2.6.10-hppa (2.6.10-1) [2] kernel-patch-2.6.10-s390 (2.6.10-2) [2] [1] mentioned in http://lists.debian.org/debian-kernel/2005/02/msg00552.html [2] mentioned in http://lists.debian.org/debian-devel/2005/03/msg00512.html Jeff -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] On Fri, Mar 11, 2005 at 12:52:08PM -0600, Jeffrey Austen wrote: I noticed several kernel files in unstable which probably should not be there. Here is a list of files and reasons. === Missing kernel source 2.4.19 kernel-patch-2.4.19-arm (20031211) === Missing kernel source 2.6.9 kernel-headers-2.6.9-9 (2.6.9-4) kernel-headers-2.6.9-9-amd64-generic (2.6.9-4) kernel-headers-2.6.9-9-amd64-k8 (2.6.9-4) kernel-headers-2.6.9-9-amd64-k8-smp (2.6.9-4) kernel-headers-2.6.9-9-em64t-p4 (2.6.9-4) kernel-headers-2.6.9-9-em64t-p4-smp (2.6.9-4) kernel-image-2.6.9-9-amd64-generic (2.6.9-4) kernel-image-2.6.9-9-amd64-k8 (2.6.9-4) kernel-image-2.6.9-9-amd64-k8-smp (2.6.9-4) kernel-image-2.6.9-9-em64t-p4 (2.6.9-4) kernel-image-2.6.9-9-em64t-p4-smp (2.6.9-4) Jeff -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Horms -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: kernel-image-2.6.10-1-686-smp and kernel-image-2.6.10-9-amd64-k8-smp don't boot on dual-opteron
On Sat, Mar 12, 2005 at 10:42:41AM +0100, Bernd Herd wrote: Hallo, I'm running a dual-opteron box Celsius V810 with testing kernel-image-2.6.8-2-686-smp and kernel-image-2.6.8-10-amd64-k8-smp does also work (just that X cannot find the mouse before I do cp -a /.dev/psaux /dev/psaux. But both 2.8.10 smp Packages crash immediatly within a second after loading the kernel. Somethink like killing interrupt handler. The powernow-k8 module does not work so I wanted to try the 2.6.10 Kernel to see if it is fixed. I don't feel an urging need to switch to 2.6.10, but since those problems are not in the error database I thought I'd ask what to do about it. I'm not reading this mailing list, so please CC on my E-Mail address. Currently there is an effort to get a 2.6.11 package together. Its in SVN for the game. Though I am not sure what the status of the amd64 bits are. -- Horms -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#299204: This was broken by 06_ptrace-fix.dpatch
On Sun, Mar 13, 2005 at 05:38:33AM +0100, Thiemo Seufer wrote: tags 299204 +confirmed reassign 299204 kernel-patch-2.4.27-mips thanks This bug is generic for all debian mips/mipsel 2.4.27 kernels, caused by a broken patch. A fixed version is available in the debian-kernel SVN, I plan to wait with an upload for the updated debian source (2.4.27-9). FYI, I am progressing on the kernel-source aspect of that upload, slowly. -- Horms -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#300162: [CAN-2004-1191]: Improper command checking for CDs, allowing local users to conduct unauthorized writes to firmware
Package: kernel-source-2.6.8 Version: 2.6.8-14 Severity: normal Tags: security patch Hello, CAN-2004-1190 reads: SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not properly check commands sent to CD devices that have been opened read-only, which could allow local users to conduct unauthorized write activities to modify the firmware of associated SCSI devices. The Suse Advisory is here: http://www.novell.com/linux/security/advisories/2004_42_kernel.html It unfortunately doesn't provide much detail, so I have been in contact with the Suse security team to track down what this is, and how they fixed it. Apparantly there was a patched introduced in 2.6.8 to avoid firmware overwrites happening with read-only opened /dev/cdrom devices. Some burner programs opened those devices with O_RDONLY but then started to burn or blank the CDs, but the more severe problem is that unpriviledged users could destroy the firmware of SCSI related devices, rendering the devices completely useless. Although the fix was put into 2.6.8, it was found afterwards that these were not a complete solution to the security problem, so there were bug fixes done in later patches. Version 2.6.10 is completely fixed, but there are some missing patches from 2.6.8 that leave this unfixed in our 2.6.8, as far as I can determine. According to the Suse security people, the details in the chagelog at this location show what needs to be patched: http://linux.bkbits.net:8080/linux-2.6/hist/drivers/block/scsi_ioctl.c along with the thread on this subject here: http://groups-beta.google.com/group/linux.kernel/browse_frm/thread/5cfe44b11c8a99c5/ed58b3d4b1cfa39b?q=scsi_ioctl+firmware#ed58b3d4b1cfa39b Taking these two, I've compared our kernel-source-2.6.8 tree and found that the following patches should be applied: http://linux.bkbits.net:8080/linux-2.6/diffs/drivers/block/[EMAIL PROTECTED]/drivers/block/scsi_ioctl.c http://linux.bkbits.net:8080/linux-2.6/diffs/drivers/block/[EMAIL PROTECTED]/drivers/block/scsi_ioctl.c http://linux.bkbits.net:8080/linux-2.6/diffs/drivers/block/[EMAIL PROTECTED]/drivers/block/scsi_ioctl.c http://linux.bkbits.net:8080/linux-2.6/diffs/drivers/block/[EMAIL PROTECTED]/drivers/block/scsi_ioctl.c I should note that I do not fully understand this issue, I simply have done the legwork to determine that these patches have not been applied to kernel-source-2.6.8 and that according to Suse, the last relevant patch for this issue is the 1.61 revision patch (the last one in the list of four above). N.B.: There is one changeset in the bkbits.net site from 10 weeks ago, that has the changelog entry, fix exploitable hole -- according to Suse, this is misleading and incorrect (and is not included in the patches above). Micah -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (300, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.10-1-k7 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages kernel-source-2.6.8 depends on: ii binutils 2.15-5 The GNU assembler, linker and bina ii bzip2 1.0.2-5high-quality block-sorting file co ii coreutils [fileutils] 5.2.1-2The GNU core utilities ii fileutils 5.2.1-2The GNU file management utilities -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Processed: retitle 300162 to [CAN-2004-1190]: Improper command checking for CDs, allowing local users to conduct unauthorized writes to firmware
Processing commands for [EMAIL PROTECTED]: # Automatically generated email from bts, devscripts version 2.8.11 retitle 300162 [CAN-2004-1190]: Improper command checking for CDs, allowing local users to conduct unauthorized writes to firmware Bug#300162: [CAN-2004-1191]: Improper command checking for CDs, allowing local users to conduct unauthorized writes to firmware Changed Bug title. End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#300163: [CAN-2004-1191]: Race condition could allow local users to read unauthorized memory from foreign memory pages.
Package: kernel-source-2.6.8 Version: 2.6.8-14 Severity: normal Tags: security patch CAN-2004-1191 reads: Race condition ... when run on SMP systems that have more than 4GB of memory, could allow local users to read unauthorized memory from foreign memory pages. Apparantly it also allows remote attackers to obtain sensitive information, caused by a vulnerability in the smb_recv_trans2 function, could also send a specially-crafted TRANS2 SMB packet to cause a kernel memory leak. More information about this is here: http://www.novell.com/linux/security/advisories/2004_42_kernel.html http://xforce.iss.net/xforce/xfdb/18137 2.6.8 needs both these patches: http://linux.bkbits.net:8080/linux-2.6/[EMAIL PROTECTED]@1.1938.197.15 http://linux.bkbits.net:8080/linux-2.6/cset%4041e9a86bi4MvUzMJ8Ru62gdkFgHKtg The second patch has been applied to Debian's kernel-source-2.6.8, but the first is also needed. Micah -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (300, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.10-1-k7 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages kernel-source-2.6.8 depends on: ii binutils 2.15-5 The GNU assembler, linker and bina ii bzip2 1.0.2-5high-quality block-sorting file co ii coreutils [fileutils] 5.2.1-2The GNU core utilities ii fileutils 5.2.1-2The GNU file management utilities -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: 2.6.11-1 status, ready for an upload this WE ?
On Thu, Mar 17, 2005 at 05:09:38PM +0900, Horms wrote: On Fri, Mar 11, 2005 at 03:50:59PM +0100, Sven Luther wrote: 1) we package the plain 2.6.11 as provided by upstream in main and upload it. Those non-free firmware blobs are for the most part in main already, and it seems the RM (well ex-RM but he was RM back then), said that it was acceptable for sarge, so ... Doesn't that mean that the non-free bits will live in the orig.tar.gz forever? Is this a problem? If not is it a problem not to prune them from the tree later, rather just not compile them? I am not sure, let's do the right thing with 2.6.11 and remove them, since i doubt we can change 2.6.8 for now anyway. Friendly, Sven Luther -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
