[kernel-sec-discuss] r683 - active
Martin Pitt
mpitt at alioth.debian.org
Tue Jan 16 11:00:44 CET 2007
Author: mpitt
Date: 2007-01-16 11:00:43 +0100 (Tue, 16 Jan 2007)
New Revision: 683
Modified:
active/CVE-2006-5757
Log:
CVE-2006-5757: add upstream GIT patch
Modified: active/CVE-2006-5757
===================================================================
--- active/CVE-2006-5757 2007-01-15 18:32:16 UTC (rev 682)
+++ active/CVE-2006-5757 2007-01-16 10:00:43 UTC (rev 683)
@@ -1,17 +1,20 @@
Candidate: CVE-2006-5757
References:
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e5657933863f43cc6bb76a54d659303dafaa9e58
Description:
Race condition in the __find_get_block_slow function in the ISO9660
filesystem in Linux 2.6.18 and possibly other versions allows local
users to cause a denial of service (infinite loop) by mounting a
crafted ISO9660 filesystem containing malformed data structures.
Ubuntu-Description:
+ A race condition was found in the ISO9660 file system. By mounting a
+ specially crafted CD-ROM, a local attacker could exploit this to
+ trigger an infinite loop in the kernel, rendering the machine
+ unusable.
Notes:
http://projects.info-pull.com/mokb/MOKB-05-11-2006.html
- Fixed in Mandriva: http://www.mandriva.com/security/advisories?name=MDKSA-2007:002
- apparently not yet patched upstream
Bugs:
-upstream:
+upstream: released (2.6.19-rc2)
linux-2.6:
2.6.18-etch: needed
2.6.8-sarge-security: needed
More information about the kernel-sec-discuss
mailing list