Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 59769 - sys-kernel/*2.4* - CAN-2004-0685 (USB leaks)
Summary: sys-kernel/*2.4* - CAN-2004-0685 (USB leaks)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://www.kernel.org/pub/linux/kerne...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-08-08 07:35 UTC by Matthias Geerdsen (RETIRED)
Modified: 2011-10-30 22:42 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---
plasmaroo: Assigned_To? (plasmaroo)


Attachments
Patch (CAN-2004-0685.patch,2.74 KB, patch)
2004-08-08 08:47 UTC, Tim Yamin (RETIRED)
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Geerdsen (RETIRED) gentoo-dev 2004-08-08 07:35:26 UTC
Kernel 2.4.27 fixes among other things a few security issues, at least some of them have already been fixed with patches before....
Not sure about CAN-2004-0565 and CAN-2004-685

From the changelog:

Here is a list of the most important security issues fixed by this release:

CAN-2004-0495 (Al Viro sparse fixes)
CAN-2004-0497 (users could modify group ID of arbitrary files on the system)
CAN-2004-0535 (e1000 minor info leak)
CAN-2004-0685 (backported Conectiva usb sparse fixes)
CAN-2004-0415 (file offset pointer handling race)
CAN-2004-0565 (information leak ia64)




Reproducible: Always
Steps to Reproduce:
Comment 1 Tim Yamin (RETIRED) gentoo-dev 2004-08-08 07:44:40 UTC
CAN-2004-0415 - Patched for *
CAN-2004-0495 - Patched for *
CAN-2004-0497 - Patched for *
CAN-2004-0535 - Patched for *
CAN-2004-0565 - Patched for ia64-sources; only these and {development,mm} have an ia64 KEYWORD.

CAN-2004-0685 - Not patched, 2.4 only.
Comment 2 Tim Yamin (RETIRED) gentoo-dev 2004-08-08 08:47:20 UTC
Created attachment 37041 [details, diff]
Patch
Comment 3 Tim Yamin (RETIRED) gentoo-dev 2004-08-08 16:18:02 UTC
All done, the following are left for their relevant maintainers:

grsec-sources: Adding solar to the CC list.
hppa-sources: Adding GMSoft to the CC list.
mips-sources: Adding Kumba to the CC list.
openmosix-sources: Adding the cluster herd to the CC list.
{pegasos,ppc}-sources: Adding dholm to the CC list.
rsbac-sources: Adding kang to the CC list.
selinux-sources: Adding the hardened herd to the CC list.
sparc-sources: Adding the Gentoo/SPARC team to the CC list.
Comment 4 solar (RETIRED) gentoo-dev 2004-08-08 16:59:02 UTC
grsec-sources 2.4.17 is in the tree. 
I'd like to pull 2.4.26 before having to add yet another patch for it.
Comment 5 Konstantin Arkhipov (RETIRED) gentoo-dev 2004-08-09 06:17:33 UTC
done openmosix-sources
Comment 6 Guy Martin (RETIRED) gentoo-dev 2004-08-09 15:59:07 UTC
Done on hppa.
Comment 7 Guillaume Destuynder (RETIRED) gentoo-dev 2004-08-10 02:41:35 UTC
all done for rsbac-sources
Comment 8 Joshua Kinard gentoo-dev 2004-08-11 02:49:28 UTC
mips-sources all patched up.
Comment 9 Gustavo Zacarias (RETIRED) gentoo-dev 2004-08-12 05:47:46 UTC
sparc-sources-2.4.27 is out and stable courtesy of Joker, fixed.
Comment 10 David Holm (RETIRED) gentoo-dev 2004-08-12 06:29:01 UTC
We are going to deprecate {ppc,pegasos}-sources as the 2.4 tree for ppc is no longer actively developed. I hope to be able to get this done later today.
Comment 11 Chris PeBenito (RETIRED) gentoo-dev 2004-08-13 20:13:21 UTC
selinux-src fixed
Comment 12 Tim Yamin (RETIRED) gentoo-dev 2004-08-26 04:50:04 UTC
GLSA 200408-24.