[kernel-sec-discuss] r619 - active
Martin Pitt
mpitt at costa.debian.org
Thu Oct 26 12:14:02 UTC 2006
Author: mpitt
Date: 2006-10-26 12:14:01 +0000 (Thu, 26 Oct 2006)
New Revision: 619
Modified:
active/CVE-2006-4813
Log:
flesh out CVE-2006-4813
Modified: active/CVE-2006-4813
===================================================================
--- active/CVE-2006-4813 2006-10-26 12:00:19 UTC (rev 618)
+++ active/CVE-2006-4813 2006-10-26 12:14:01 UTC (rev 619)
@@ -1,17 +1,22 @@
Candidate: CVE-2006-4813
References:
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=152becd26e0563aefdbc4fd1fe491928efe92d1f
Description:
The __block_prepare_write function in fs/buffer.c for Linux kernel 2.6.x before 2.6.13
does not properly clear buffers during certain error conditions, which allows local
users to read portions of files that have been unlinked.
Ubuntu-Description:
+ Dmitriy Monakhov discovered an information leak in the
+ __block_prepare_write() function. During error recovery, this
+ function did not properly clear memory buffers which could allow
+ local users to read portions of unlinked files.
Notes:
Bugs:
upstream:
linux-2.6:
-2.6.8-sarge-security:
+2.6.8-sarge-security: needed
2.4.27-sarge-security: needed
-2.6.10-hoary-security:
-2.6.12-breezy-security:
-2.6.15-dapper-security:
-2.6.17-edgy:
+2.6.10-hoary-security: needed
+2.6.12-breezy-security: needed
+2.6.15-dapper-security: released
+2.6.17-edgy: released
More information about the kernel-sec-discuss
mailing list