[kernel-sec-discuss] r545 - patch-tracking
Dann Frazier
dannf at costa.debian.org
Wed Aug 16 20:03:58 UTC 2006
Author: dannf
Date: 2006-08-16 20:03:56 +0000 (Wed, 16 Aug 2006)
New Revision: 545
Modified:
patch-tracking/CVE-2004-2660
Log:
upate description/references & mark pending in 2.6.8
Modified: patch-tracking/CVE-2004-2660
===================================================================
--- patch-tracking/CVE-2004-2660 2006-08-16 19:25:02 UTC (rev 544)
+++ patch-tracking/CVE-2004-2660 2006-08-16 20:03:56 UTC (rev 545)
@@ -1,11 +1,17 @@
Candidate: CVE-2004-2660
References:
+ CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@4182a613oVsK0-8eCWpyYFrUf8rhLA
+ CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.10
Description:
+ Memory leak in direct-io.c in Linux kernel 2.6.x before 2.6.10 allows local
+ users to cause a denial of service (memory consumption) via certain O_DIRECT
+ (direct IO) write requests.
Notes:
jmm> This was only covered by MITRE in May 2006
jmm> Vulnerable code not present in 2.4
Bugs:
upstream: released (2.6.10)
+linux-2.6.16: N/A
linux-2.6: N/A
-2.6.8-sarge-security: needed
+2.6.8-sarge-security: pending (2.6.8-16sarge5) [direct-io-write-mem-leak.dpatch]
2.4.27-sarge-security: N/A
More information about the kernel-sec-discuss
mailing list