[kernel-sec-discuss] r511 - patch-tracking
Martin Pitt
mpitt at costa.debian.org
Fri Jul 21 12:14:43 UTC 2006
Author: mpitt
Date: 2006-07-21 12:14:43 +0000 (Fri, 21 Jul 2006)
New Revision: 511
Modified:
patch-tracking/CVE-2006-2936
Log:
CVE-2006-2936: Ubuntu status
Modified: patch-tracking/CVE-2006-2936
===================================================================
--- patch-tracking/CVE-2006-2936 2006-07-21 12:11:08 UTC (rev 510)
+++ patch-tracking/CVE-2006-2936 2006-07-21 12:14:43 UTC (rev 511)
@@ -1,7 +1,12 @@
Candidate: CVE-2006-2936
References:
http://www.kernel.org/git/?p=linux/kernel/git/gregkh/patches.git;a=blob;h=4b4d9cfea17618b80d3ac785b701faeaf60141f1;hb=396eb2aac5+50ec55856c6843ef9017e800c3d656;f=usb/usb-serial-ftdi_sio-prevent-userspace-dos.patch
-Description:
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=224654004ca688af67cec44d9300e8c3f647577c
+Description: USB serial ftdi_sio: Prevent userspace DoS
+Ubuntu-Description:
+ The ftdi_sio driver for serial USB ports did not limit the amount of
+ pending data to be written. A local user could exploit this to drain
+ all available kernel memory and thus render the system unusable.
Notes:
jmm> 2.4 not affected due to different memory allocation
Bugs:
@@ -9,4 +14,8 @@
linux-2.6.16:
linux-2.6:
2.6.8-sarge-security:
-2.4.27-sarge-security: N/A
\ No newline at end of file
+2.4.27-sarge-security: N/A
+2.6.10-hoary-security: needed
+2.6.12-breezy-security: needed
+2.6.15-dapper-security: pending
+2.6.17-edgy: released
More information about the kernel-sec-discuss
mailing list