[kernel-sec-discuss] r564 - active
Martin Pitt
mpitt at costa.debian.org
Fri Aug 25 13:21:50 UTC 2006
Author: mpitt
Date: 2006-08-25 13:21:49 +0000 (Fri, 25 Aug 2006)
New Revision: 564
Modified:
active/CVE-2006-4145
Log:
flesh out CVE-2006-4145
Modified: active/CVE-2006-4145
===================================================================
--- active/CVE-2006-4145 2006-08-25 13:16:16 UTC (rev 563)
+++ active/CVE-2006-4145 2006-08-25 13:21:49 UTC (rev 564)
@@ -1,10 +1,13 @@
Candidate: CVE-2006-4145
References:
+ http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.17.y.git;a=commit;h=7127be29378b1230eb8dd8b84f18d6b69c56e959
Description:
Fix possible UDF deadlock and memory corruption
Ubuntu-Description:
+ The UDF file system does not handle extends larger than 1 GB, but did
+ not check for this restriction on truncating files. A local user
+ could exploit this to crash the kernel.
Notes:
- patch on vendor-sec, queued for upstream -stable and 2.6.18
Bugs:
upstream: released (2.6.17.10)
linux-2.6.16:
More information about the kernel-sec-discuss
mailing list