[kernel-sec-discuss] r585 - active
Martin Pitt
mpitt at costa.debian.org
Thu Sep 14 11:09:00 UTC 2006
Author: mpitt
Date: 2006-09-14 11:09:00 +0000 (Thu, 14 Sep 2006)
New Revision: 585
Modified:
active/CVE-2006-4535
Log:
flesh out CVE-2006-4535 and add Ubuntu status
Modified: active/CVE-2006-4535
===================================================================
--- active/CVE-2006-4535 2006-09-11 08:13:10 UTC (rev 584)
+++ active/CVE-2006-4535 2006-09-14 11:09:00 UTC (rev 585)
@@ -1,8 +1,13 @@
Candidate: CVE-2006-4535
References:
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b9ac86727fc02cc7117ef3fe518a4d51cd573c82
Description:
fix for CVE-2006-3745 sctp fix from dave miller
Ubuntu-Description:
+ Sridhar Samudrala discovered a local Denial of Service vulnerability
+ in the handling of SCTP sockets. By opening such a socket with a
+ special SO_LINGER value, a local attacker could exploit this to crash
+ the kernel.
Notes:
Bugs:
upstream:
@@ -10,7 +15,7 @@
linux-2.6:
2.6.8-sarge-security:
2.4.27-sarge-security:
-2.6.10-hoary-security:
-2.6.12-breezy-security:
-2.6.15-dapper-security:
-2.6.17-edgy:
+2.6.10-hoary-security: needed
+2.6.12-breezy-security: needed
+2.6.15-dapper-security: needed
+2.6.17-edgy: needed
More information about the kernel-sec-discuss
mailing list