[kernel-sec-discuss] r681 - active
Martin Pitt
mpitt at alioth.debian.org
Mon Jan 15 19:30:36 CET 2007
Author: mpitt
Date: 2007-01-15 19:30:35 +0100 (Mon, 15 Jan 2007)
New Revision: 681
Modified:
active/CVE-2006-5823
Log:
flesh out CVE-2006-5823
Modified: active/CVE-2006-5823
===================================================================
--- active/CVE-2006-5823 2007-01-15 18:21:10 UTC (rev 680)
+++ active/CVE-2006-5823 2007-01-15 18:30:35 UTC (rev 681)
@@ -1,5 +1,6 @@
Candidate: CVE-2006-5823
References:
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8bb0269160df2a60764013994d0bc5165406cf4a
MISC:http://projects.info-pull.com/mokb/MOKB-07-11-2006.html
SECUNIA:22767
URL:http://secunia.com/advisories/22767
@@ -8,14 +9,17 @@
denial of service (crash) via a malformed filesystem that uses zlib
compression that triggers memory corruption, as demonstrated using cramfs.
Ubuntu-Description:
+ A buffer overread was found in the zlib_inflate() function. By
+ tricking an user into mounting a specially crafted file system which
+ uses zlib compression (such as cramfs), this could be exploited to
+ crash the kernel.
Notes:
Bugs:
upstream:
linux-2.6:
-2.6.18-etch:
-2.6.8-sarge-security:
+2.6.18-etch: needed
+2.6.8-sarge-security: needed
2.4.27-sarge-security:
-2.6.12-breezy-security:
-2.6.15-dapper-security:
-2.6.17-edgy-security:
-2.6.19-feisty:
+2.6.12-breezy-security: needed
+2.6.15-dapper-security: needed
+2.6.17-edgy-security: needed
More information about the kernel-sec-discuss
mailing list