[kernel-sec-discuss] r511 - patch-tracking

Martin Pitt mpitt at costa.debian.org
Fri Jul 21 12:14:43 UTC 2006


Author: mpitt
Date: 2006-07-21 12:14:43 +0000 (Fri, 21 Jul 2006)
New Revision: 511

Modified:
   patch-tracking/CVE-2006-2936
Log:
CVE-2006-2936: Ubuntu status

Modified: patch-tracking/CVE-2006-2936
===================================================================
--- patch-tracking/CVE-2006-2936	2006-07-21 12:11:08 UTC (rev 510)
+++ patch-tracking/CVE-2006-2936	2006-07-21 12:14:43 UTC (rev 511)
@@ -1,7 +1,12 @@
 Candidate: CVE-2006-2936
 References: 
  http://www.kernel.org/git/?p=linux/kernel/git/gregkh/patches.git;a=blob;h=4b4d9cfea17618b80d3ac785b701faeaf60141f1;hb=396eb2aac5+50ec55856c6843ef9017e800c3d656;f=usb/usb-serial-ftdi_sio-prevent-userspace-dos.patch
-Description: 
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=224654004ca688af67cec44d9300e8c3f647577c
+Description: USB serial ftdi_sio: Prevent userspace DoS
+Ubuntu-Description:
+ The ftdi_sio driver for serial USB ports did not limit the amount of
+ pending data to be written. A local user could exploit this to drain
+ all available kernel memory and thus render the system unusable.
 Notes: 
  jmm> 2.4 not affected due to different memory allocation
 Bugs: 
@@ -9,4 +14,8 @@
 linux-2.6.16: 
 linux-2.6:
 2.6.8-sarge-security: 
-2.4.27-sarge-security: N/A
\ No newline at end of file
+2.4.27-sarge-security: N/A
+2.6.10-hoary-security: needed
+2.6.12-breezy-security: needed
+2.6.15-dapper-security: pending
+2.6.17-edgy: released




More information about the kernel-sec-discuss mailing list