[kernel-sec-discuss] r586 - active
Martin Pitt
mpitt at costa.debian.org
Thu Sep 14 11:18:22 UTC 2006
Author: mpitt
Date: 2006-09-14 11:18:21 +0000 (Thu, 14 Sep 2006)
New Revision: 586
Modified:
active/CVE-2006-4538
Log:
add Ubuntu status to CVE-2006-4538, add trunk GIT link
Modified: active/CVE-2006-4538
===================================================================
--- active/CVE-2006-4538 2006-09-14 11:09:00 UTC (rev 585)
+++ active/CVE-2006-4538 2006-09-14 11:18:21 UTC (rev 586)
@@ -1,5 +1,6 @@
Candidate: CVE-2006-4538
References:
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3a459756810912d2c2bf188cef566af255936b4d
http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.17.y.git;a=commit;h=8833ebaa3f4325820fe3338ccf6fae04f6669254
Description:
Linux kernel 2.6.17 and earlier, when running on IA64 or SPARC
@@ -7,6 +8,10 @@
a malformed ELF file that triggers memory maps that cross region
boundaries.
Ubuntu-Description:
+ Kirill Korotaev discovered that the ELF loader on the ia64 and sparc
+ platforms did not sufficiently verify the memory layout. By
+ attempting to execute a specially crafted executable, a local user
+ could exploit this to crash the kernel.
Notes:
Bugs:
upstream:
@@ -14,7 +19,7 @@
linux-2.6:
2.6.8-sarge-security:
2.4.27-sarge-security:
-2.6.10-hoary-security:
-2.6.12-breezy-security:
-2.6.15-dapper-security:
-2.6.17-edgy:
+2.6.10-hoary-security: needed
+2.6.12-breezy-security: needed
+2.6.15-dapper-security: needed
+2.6.17-edgy: needed
More information about the kernel-sec-discuss
mailing list