[kernel-sec-discuss] r730 - active
Dann Frazier
dannf at alioth.debian.org
Wed Apr 4 07:23:10 UTC 2007
Author: dannf
Date: 2007-04-04 07:23:09 +0000 (Wed, 04 Apr 2007)
New Revision: 730
Modified:
active/CVE-2007-1388
Log:
note about reproducer, sarge status
Modified: active/CVE-2007-1388
===================================================================
--- active/CVE-2007-1388 2007-03-31 23:12:06 UTC (rev 729)
+++ active/CVE-2007-1388 2007-04-04 07:23:09 UTC (rev 730)
@@ -9,14 +9,16 @@
pointer dereference.
Ubuntu-Description:
Notes:
- dannf> i don't see the same issue in the code in 2.4 or 2.6.8, haven't
- tried the reproducer yet
+ dannf> Reproducer in the RH bug doesn't work on debian as-is - you need
+ to use a hardcoded '57' instead of IPV6_RTHDR. That allows you
+ to trigger an oops on unpatched 2.6.18-era kernels, but it is not
+ reproducible in 2.4.27/2.6.8
Bugs:
upstream: released (2.6.21-rc4)
linux-2.6:
2.6.18-etch-security: pending (2.6.18.dfsg.1-11etch1) [bugfix/ipv6_setsockopt-NULL-deref.patch]
-2.6.8-sarge-security:
-2.4.27-sarge-security:
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
2.6.12-breezy-security:
2.6.15-dapper-security:
2.6.17-edgy-security:
More information about the kernel-sec-discuss
mailing list