[kernel-sec-discuss] r687 - active
Martin Pitt
mpitt at alioth.debian.org
Tue Jan 16 11:34:13 CET 2007
Author: mpitt
Date: 2007-01-16 11:34:13 +0100 (Tue, 16 Jan 2007)
New Revision: 687
Modified:
active/CVE-2006-6054
Log:
flesh out CVE-2006-6054
Modified: active/CVE-2006-6054
===================================================================
--- active/CVE-2006-6054 2007-01-16 10:33:48 UTC (rev 686)
+++ active/CVE-2006-6054 2007-01-16 10:34:13 UTC (rev 687)
@@ -1,5 +1,6 @@
Candidate: CVE-2006-6054
References:
+ http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.19.y.git;a=commit;h=8d312ae11257a259d78e122fd73274b8ef4789d1
http://projects.info-pull.com/mokb/MOKB-12-11-2006.html
Description:
The ext2 file system code in Linux kernel 2.6.x allows local users to cause a
@@ -7,10 +8,12 @@
that triggers an error in the ext2_check_page due to a length that is smaller
than the minimum.
Ubuntu-Description:
+ The ext2 file system driver did not properly handle corrupted data
+ structures. By mounting a specially crafted ext2 file system, a local
+ attacker could exploit this to crash the kernel.
Notes:
- Fixed by SuSE: http://www.novell.com/linux/security/advisories/2006_79_kernel.html
Bugs:
-upstream:
+upstream: released (2.6.20-rc5)
linux-2.6:
2.6.18-etch: needed
2.6.8-sarge-security: needed
More information about the kernel-sec-discuss
mailing list