Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Pine.GSO.4.64.1003232056560.8753@faron.mitre.org>
Date: Tue, 23 Mar 2010 21:12:19 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
cc: coley@...us.mitre.org
Subject: Re: CVE requests 6x kernel vulns still pending


On Tue, 23 Mar 2010, Eugene Teo wrote:

> 1) kernel information leak via userspace USB interface

Use CVE-2010-1083

Seems reasonable to skip the secondary issue brought up by Marcus.

> 2) kernel: ALSA: hda-intel: Avoid divide by zero crash

Use CVE-2010-1085

> 3) kernel: NFS DoS related to "automount" symlinks

What exactly is the DoS that happens here?

Use CVE-2010-1088 (note that this number is out of order)

> 4) kernel: dvb-core: ULE decapsulation DoS

Use CVE-2010-1086

> 5) kernel: NFS: Fix an Oops when truncating a file

I assume that nfs_wait_on_request() can be influenced by a non-root user 
to generate the interrupt that triggers the Ooops?

Use CVE-2010-1087

> 6) kernel: bluetooth: potential bad memory access with sysfs files

Use CVE-2010-1084 (notice how this number is out of order)


All of these will be filled in sometime Wednesday.

- Steve

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.