pending stable kernel security updates
Kees Cook
kees at ubuntu.com
Thu Jun 26 05:58:10 UTC 2008
On Mon, Jun 23, 2008 at 10:49:39PM -0700, Kees Cook wrote:
> Hello! I've got more pending kernel updates waiting in the
> ubuntu-security git trees now:
Here's an update, given the 4 recently-public CVEs. Current state of
the CVEs, where "pending" means the fix is in the corresponding
ubuntu-security git repo:
dapper feisty gutsy hardy
CVE-2007-6282 pending pending pending pending
CVE-2007-6712 not-affected pending pending not-affected
CVE-2008-0598 needs-triage needs-triage needs-triage not-affected
CVE-2008-1615 pending pending pending pending
CVE-2008-1673 pending pending pending pending
CVE-2008-2136 pending pending pending pending
CVE-2008-2137 pending pending pending pending
CVE-2008-2148 not-affected not-affected pending pending
CVE-2008-2358 not-affected pending pending pending
CVE-2008-2372 not-affected not-affected not-affected needed
CVE-2008-2729 pending not-affected not-affected not-affected
CVE-2008-2750 not-affected not-affected not-affected pending
CVE-2008-2826 pending pending pending pending
I will likely ignore CVE-2008-2372, as I don't think it's actually a
vulnerability. What I now need help with is CVE-2008-0598 and
CVE-2008-2729. The changes are pretty different from release to
release. Looking at other vendor's patches just make me feel even less
secure about doing the merges myself. I think I have CVE-2008-2729
sorted out, but I'd to have the commit I used double-checked.
CVE-2008-0598
http://lkml.org/lkml/diff/2008/6/25/157/1
and maybe 64649a58919e66ec21792dbb6c48cb3da22cbd7f
Thanks guys,
-Kees
--
Kees Cook
Ubuntu Security Team
More information about the kernel-team
mailing list