Date: Tue, 23 Mar 2010 21:12:19 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security@...ts.openwall.com cc: coley@...us.mitre.org Subject: Re: CVE requests 6x kernel vulns still pending On Tue, 23 Mar 2010, Eugene Teo wrote: > 1) kernel information leak via userspace USB interface Use CVE-2010-1083 Seems reasonable to skip the secondary issue brought up by Marcus. > 2) kernel: ALSA: hda-intel: Avoid divide by zero crash Use CVE-2010-1085 > 3) kernel: NFS DoS related to "automount" symlinks What exactly is the DoS that happens here? Use CVE-2010-1088 (note that this number is out of order) > 4) kernel: dvb-core: ULE decapsulation DoS Use CVE-2010-1086 > 5) kernel: NFS: Fix an Oops when truncating a file I assume that nfs_wait_on_request() can be influenced by a non-root user to generate the interrupt that triggers the Ooops? Use CVE-2010-1087 > 6) kernel: bluetooth: potential bad memory access with sysfs files Use CVE-2010-1084 (notice how this number is out of order) All of these will be filled in sometime Wednesday. - Steve
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.