Re: CVE Request: kernel [Re: Security review of 2.6.32.28]

[Josh Bressers <bressers () redhat com>]

> > [03/49] fuse: verify ioctl retries
> > Kernel buffer overflow, but only CUSE servers could exploit it and
> > /dev/cuse is normally restricted to root.
>
> Upstream fix:
> http://git.kernel.org/linus/7572777eef78ebdee1ecb7c258c0ef94d35bad16
> Introduced in 2.6.29.

Please use CVE-2010-4650


> > [16/49] IB/uverbs: Handle large number of entries in poll CQ
> > Fixes integer overflow and information leak which I assume can be
> > triggered by unprivileged local users.
>
> Sounds like it - Documentation/infiniband/user_verbs.txt says:
>
> "Since the InfiniBand userspace verbs should be safe for use by
> non-privileged processes, it may be useful to add an appropriate MODE
> or GROUP to the udev rule."
>
> Upstream fix:
> http://git.kernel.org/linus/7182afea8d1afd432a17c18162cc3fd441d0da93
> Introduced in 2.6.15.

Please use CVE-2010-4649


> > [20/49] orinoco: fix TKIP countermeasure behaviour
> > Fixes cryptographic weakness potentially leaking information to remote
> > (but physically nearby) users.
>
> Upstream fix:
> http://git.kernel.org/linus/0a54917c3fc295cb61f3fb52373c173fd3b69f48
> Introduced in 2.6.28.

Please use CVE-2010-4648.


> > [44/49] ima: fix add LSM rule bug
> > Allows subversion of IMA. Not relevant to Debian kernel images since
> > we
> > don't build IMA.
>
> Upstream fix:
> http://git.kernel.org/linus/867c20265459d30a01b021a9c1e81fb4c5832aa9
> Introoduced in 2.6.30.

Please use CVE-2011-0006

Thanks.

-- 
    JB