[Secure-testing-commits] r11698 - data/CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Thu Apr 23 15:44:30 UTC 2009
Author: gilbert-guest
Date: 2009-04-23 15:44:30 +0000 (Thu, 23 Apr 2009)
New Revision: 11698
Modified:
data/CVE/list
Log:
info on /dev/mem issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-04-23 09:14:13 UTC (rev 11697)
+++ data/CVE/list 2009-04-23 15:44:30 UTC (rev 11698)
@@ -100,8 +100,13 @@
CVE-2009-1331 (Integer overflow in Microsoft Windows Media Player (WMP) ...)
NOT-FOR-US: Windows Media Player
CVE-2009-XXXX [linux-2.6: /dev/mem rootkit vulnerability]
- - linux-2.6 2.6.29-1 (unimportant; bug #524373)
+ - linux-2.6 2.6.29-1 (low; bug #524373)
+ [etch] - linux-2.6 <no-dsa> (the solution, STRICT_DEVMEM=Y, could potentially lead to unanticipated compatibility problems in the stable releases)
+ [lenny] - linux-2.6 <no-dsa> (the solution, STRICT_DEVMEM=Y, could potentially lead to unanticipated compatiblity problems in the stable releases)
NOTE: This is about an additional hardening feature, not a security issue
+ NOTE: - isn't hardening an aspect of security?
+ NOTE: - if you can make it "harder" for an attacker to hide himself, shouldn't you do so?
+ NOTE: - this problem has been fixed in unstable, so it should be tracked with a non-unimportant urgency
CVE-2009-XXXX [pptp-linux: unrestrictive pptpsetup permissions]
- pptp-linux <unfixed> (low; bug #523476)
CVE-2009-XXXX [slurm-llnl doesn't drop supplementary groups]
More information about the Secure-testing-commits
mailing list