[kernel-sec-discuss] r684 - active
Martin Pitt
mpitt at alioth.debian.org
Tue Jan 16 11:07:29 CET 2007
Author: mpitt
Date: 2007-01-16 11:07:29 +0100 (Tue, 16 Jan 2007)
New Revision: 684
Modified:
active/CVE-2006-6054
active/CVE-2006-6106
Log:
flesh out CVE-2006-6106
Modified: active/CVE-2006-6054
===================================================================
--- active/CVE-2006-6054 2007-01-16 10:00:43 UTC (rev 683)
+++ active/CVE-2006-6054 2007-01-16 10:07:29 UTC (rev 684)
@@ -8,13 +8,13 @@
than the minimum.
Ubuntu-Description:
Notes:
+ Fixed by SuSE: http://www.novell.com/linux/security/advisories/2006_79_kernel.html
Bugs:
upstream:
linux-2.6:
-2.6.18-etch:
-2.6.8-sarge-security:
+2.6.18-etch: needed
+2.6.8-sarge-security: needed
2.4.27-sarge-security:
-2.6.12-breezy-security:
-2.6.15-dapper-security:
-2.6.17-edgy-security:
-2.6.19-feisty:
+2.6.12-breezy-security: needed
+2.6.15-dapper-security: needed
+2.6.17-edgy-security: needed
Modified: active/CVE-2006-6106
===================================================================
--- active/CVE-2006-6106 2007-01-16 10:00:43 UTC (rev 683)
+++ active/CVE-2006-6106 2007-01-16 10:07:29 UTC (rev 684)
@@ -1,15 +1,25 @@
Candidate: CVE-2006-6106
-References:
+References:
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f4777569204cb59f2f04fbe9ef4e9a6918209104
Description:
+ Multiple buffer overflows in the cmtp_recv_interopmsg function in the
+ Bluetooth driver (net/bluetooth/cmtp/capi.c) in the Linux kernel
+ 2.4.22 up to 2.4.33.4 and 2.6.2 before 2.6.18.6, and 2.6.19.x, allow
+ remote attackers to cause a denial of service (crash) and possibly
+ execute arbitrary code via CAPI messages with a large value for the
+ length of the (1) manu (manufacturer) or (2) serial (serial number)
+ field.
Ubuntu-Description:
+ Marcel Holtman discovered several buffer overflows in the Bluetooth
+ driver. By sending Bluetooth packets with specially crafted CAPI
+ messages, a remote attacker could exploit these to crash the kernel.
Notes:
Bugs:
upstream: released (2.6.33.5), released (2.6.18.6)
linux-2.6:
-2.6.18-etch:
-2.6.8-sarge-security:
+2.6.18-etch: needed
+2.6.8-sarge-security: needed
2.4.27-sarge-security:
-2.6.12-breezy-security:
-2.6.15-dapper-security:
-2.6.17-edgy-security:
-2.6.19-feisty:
+2.6.12-breezy-security: needed
+2.6.15-dapper-security: needed
+2.6.17-edgy-security: needed
More information about the kernel-sec-discuss
mailing list