CAN-2004-0003 (under review) [mitre.org]
Unknown vulnerability in Linux kernel before 2.4.22 allows local users to gain privileges, related to "R128 DRI limits checking."
linux-2.4.25/drivers/char/drm/r128_state.c
linux-2.4.26/drivers/char/drm/r128_state.c
linux-2.4.26/drivers/char/drm-4.0/r128_state.c
で修正。ただしdebianの方がチェック厳しい?。
CAN-2004-0010 (under review) [mitre.org]
Stack-based buffer overflow in the ncp_lookup function for ncpfs in Linux kernel 2.4.x allows local users to gain privileges.
linux-2.4.25/fs/ncpfs/dir.c で修正。
CAN-2004-0109 (under review) [mitre.org]
Buffer overflow in the ISO9660 file system component for Linux kernel 2.4.x, 2.5.x and 2.6.x , allows local users with physical access to overflow kernel memory and execute arbitrary code via a malformed CD containing a long symbolic link entry.
linux-2.4.26/fs/isofs/rock.c で修正。
CAN-2004-0177 (under review) [mitre.org]
The ext3 code in Linux 2.4.x does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for an ext3 file system, which allows local users to obtain sensitive information by reading the raw device.
linux-2.4.26/fs/jbd/journal.c で修正。
CAN-2004-0178 (under review) [mitre.org]
Unknown vulnerability in the OSS code for the Sound Blaster driver in Linux 2.4.x allows local users to cause a denial of service (crash).
linux-2.4.26/drivers/sound/sb_audio.c で修正。
脆弱性修正が入ってるかも (スコア:1)
Advisory 中のリンク先を見てもわたしにはよく判断できませんでした…。
入ってます。 (スコア:2, 参考になる)
他は見当たりません。
Re:入ってます。 (スコア:2, 参考になる)
結果としてdebianが挙げている点は全て2.4.26では修正済みと思います。
CAN-2004-0003 (under review) [mitre.org]
Unknown vulnerability in Linux kernel before 2.4.22 allows local users to gain privileges, related to "R128 DRI limits checking."
linux-2.4.25/drivers/char/drm/r128_state.c
linux-2.4.26/drivers/char/drm/r128_state.c
linux-2.4.26/drivers/char/drm-4.0/r128_state.c
で修正。ただしdebianの方がチェック厳しい?。
CAN-2004-0010 (under review) [mitre.org]
Stack-based buffer overflow in the ncp_lookup function for ncpfs in Linux kernel 2.4.x allows local users to gain privileges.
linux-2.4.25/fs/ncpfs/dir.c で修正。
CAN-2004-0109 (under review) [mitre.org]
Buffer overflow in the ISO9660 file system component for Linux kernel 2.4.x, 2.5.x and 2.6.x , allows local users with physical access to overflow kernel memory and execute arbitrary code via a malformed CD containing a long symbolic link entry.
linux-2.4.26/fs/isofs/rock.c で修正。
CAN-2004-0177 (under review) [mitre.org]
The ext3 code in Linux 2.4.x does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for an ext3 file system, which allows local users to obtain sensitive information by reading the raw device.
linux-2.4.26/fs/jbd/journal.c で修正。
CAN-2004-0178 (under review) [mitre.org]
Unknown vulnerability in the OSS code for the Sound Blaster driver in Linux 2.4.x allows local users to cause a denial of service (crash).
linux-2.4.26/drivers/sound/sb_audio.c で修正。