security builds & testing needed
Kees Cook
kees at ubuntu.com
Thu Nov 22 02:38:49 UTC 2007
Hi! So, following the process Ben outlined for the security team, I've
applied a whole mess of cherry-picks that I'd like to have you guys take
a look at, build, test, etc:
http://kernel.ubuntu.com/git?p=kees/ubuntu-dapper-security.git;a=summary
[UBUNTU:drivers/net] drop invalid spin_unlock calls in skge (CVE-2006-7229)
minixfs: limit minixfs printks on corrupted dir i_size (CVE-2006-6058)
[PATCH] hugetlb: fix prio_tree unit (CVE-2007-4133)
[IEEE80211]: avoid integer underflow for runt rx frames (CVE-2007-4997)
USB: fix DoS in pwc USB video driver (CVE-2007-5093)
wait_task_stopped: Check p->exit_state instead of TASK_TRACED (CVE-2007-5500)
http://kernel.ubuntu.com/git?p=kees/ubuntu-edgy-security.git;a=summary
minixfs: limit minixfs printks on corrupted dir i_size (CVE-2006-6058)
[PATCH] hugetlb: fix prio_tree unit (CVE-2007-4133)
[IEEE80211]: avoid integer underflow for runt rx frames (CVE-2007-4997)
USB: fix DoS in pwc USB video driver (CVE-2007-5093)
wait_task_stopped: Check p->exit_state instead of TASK_TRACED (CVE-2007-5500)
http://kernel.ubuntu.com/git?p=kees/ubuntu-feisty-security.git;a=summary
minixfs: limit minixfs printks on corrupted dir i_size (CVE-2006-6058)
[IPV6]: Do no rely on skb->dst before it is assigned. (CVE-2007-4567)
[JFFS2] Fix ACL vs. mode handling. (CVE-2007-4849)
[IEEE80211]: avoid integer underflow for runt rx frames (CVE-2007-4997)
USB: fix DoS in pwc USB video driver (CVE-2007-5093)
wait_task_stopped: Check p->exit_state instead of TASK_TRACED (CVE-2007-5500)
http://kernel.ubuntu.com/git?p=kees/ubuntu-gutsy-security.git;a=summary
minixfs: limit minixfs printks on corrupted dir i_size (CVE-2006-6058)
[JFFS2] Fix ACL vs. mode handling. (CVE-2007-4849)
[IEEE80211]: avoid integer underflow for runt rx frames (CVE-2007-4997)
[TCP]: Make sure write_queue_from does not begin with NULL ptr (CVE-2007-5501)
wait_task_stopped: Check p->exit_state instead of TASK_TRACED (CVE-2007-5500)
I didn't do any changelog bits yet, in case I did something ugly in my
commits.
I don't know how (or don't have hardware) to test hugetlb and pwc --
those patches aren't entirely obvious to me either, and both required
some back-porting.
I'd like to try to get these published early next week.
Thanks,
-Kees
--
Kees Cook
More information about the kernel-team
mailing list