[kernel-sec-discuss] r579 - active
Dann Frazier
dannf at costa.debian.org
Tue Aug 29 00:25:53 UTC 2006
Author: dannf
Date: 2006-08-29 00:25:52 +0000 (Tue, 29 Aug 2006)
New Revision: 579
Modified:
active/CVE-2006-3745
Log:
upstream fix was broken, needs addition patch
Modified: active/CVE-2006-3745
===================================================================
--- active/CVE-2006-3745 2006-08-28 00:24:19 UTC (rev 578)
+++ active/CVE-2006-3745 2006-08-29 00:25:52 UTC (rev 579)
@@ -1,6 +1,7 @@
Candidate: CVE-2006-3735
References:
- http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.17.y.git;a=commit;h=96ec9da385cf72c5f775e5f163420ea92e66ded2
+ http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.17.y.git;a=commit;h=96ec9da385cf72c5f775e5f163420ea92e66ded2
+ http://www.kernel.org/git/?p=linux/kernel/git/davem/net-2.6.git;a=commit;h=e12289f0bc673dabb22be32d2df54b0ebfc7cf2b
Description: sctp potential local privilege escalation
Ubuntu-Description:
Wei Wang of McAfee Avert Labs discovered a buffer overflow in the
@@ -9,11 +10,11 @@
to execute arbitrary code with root privileges.
Notes:
Bugs:
-upstream: released (2.6.17.10)
+upstream:
linux-2.6.16: needed
linux-2.6: needed
-2.6.8-sarge-security: pending (2.6.8-16sarge5) [sctp-priv-elevation.dpatch]
-2.4.27-sarge-security: pending (2.4.27-10sarge4) [228_sctp-priv-elevation.diff]
+2.6.8-sarge-security: needed (2.6.8-16sarge5) [sctp-priv-elevation.dpatch]
+2.4.27-sarge-security: needed (2.4.27-10sarge4) [228_sctp-priv-elevation.diff]
2.6.10-hoary-security: needed
2.6.12-breezy-security: needed
2.6.15-dapper-security: needed
More information about the kernel-sec-discuss
mailing list