[kernel-sec-discuss] r618 - active
Martin Pitt
mpitt at costa.debian.org
Thu Oct 26 12:00:20 UTC 2006
Author: mpitt
Date: 2006-10-26 12:00:19 +0000 (Thu, 26 Oct 2006)
New Revision: 618
Modified:
active/CVE-2006-4623
Log:
flesh out CVE-2006-4623
Modified: active/CVE-2006-4623
===================================================================
--- active/CVE-2006-4623 2006-10-26 11:49:38 UTC (rev 617)
+++ active/CVE-2006-4623 2006-10-26 12:00:19 UTC (rev 618)
@@ -1,10 +1,18 @@
-Candidate:
+Candidate: CVE-2006-4623
References:
+ http://lkml.org/lkml/2006/8/20/278
Description:
+ The Unidirectional Lightweight Encapsulation (ULE) decapsulation
+ component in dvb-core/dvb_net.c in the dvb driver in the Linux kernel
+ 2.6.17.8 allows remote attackers to cause a denial of service (crash)
+ via an SNDU length of 0 in a ULE packet.
Ubuntu-Description:
Notes:
+ mpitt> Questionable -- rather than fixing the kernel to not send out
+ invalid ULE packets, it should be fixed to not crash upon
+ receiving one.
Bugs:
-upstream:
+upstream: needed
linux-2.6:
2.6.8-sarge-security:
2.4.27-sarge-security: needed
More information about the kernel-sec-discuss
mailing list