[kernel-sec-discuss] r688 - active
Martin Pitt
mpitt at alioth.debian.org
Tue Jan 16 11:40:29 CET 2007
Author: mpitt
Date: 2007-01-16 11:40:29 +0100 (Tue, 16 Jan 2007)
New Revision: 688
Modified:
active/CVE-2006-6056
Log:
flesh out CVE-2006-6056
Modified: active/CVE-2006-6056
===================================================================
--- active/CVE-2006-6056 2007-01-16 10:34:13 UTC (rev 687)
+++ active/CVE-2006-6056 2007-01-16 10:40:29 UTC (rev 688)
@@ -1,5 +1,6 @@
Candidate: CVE-2006-6056
References:
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d6ddf55440833fd9404138026af246c51ebeef22
MISC:http://projects.info-pull.com/mokb/MOKB-14-11-2006.html
Description:
Linux kernel 2.6.x up to 2.6.18 and possibly other versions, when SELinux
@@ -7,14 +8,17 @@
via a malformed file stream that triggers a NULL pointer dereference in the
superblock_doinit function, as demonstrated using an HFS filesystem image.
Ubuntu-Description:
+ The hfs file system driver did not properly handle corrupted data
+ structures. By mounting a specially crafted hfs file system, a local
+ attacker could exploit this to crash the kernel. This only affects
+ systems which enable SELinux (Ubuntu disables SELinux by default).
Notes:
Bugs:
-upstream:
+upstream: released (2.6.19)
linux-2.6:
-2.6.18-etch:
-2.6.8-sarge-security:
+2.6.18-etch: needed
+2.6.8-sarge-security: needed
2.4.27-sarge-security:
-2.6.12-breezy-security:
-2.6.15-dapper-security:
-2.6.17-edgy-security:
-2.6.19-feisty:
+2.6.12-breezy-security: needed
+2.6.15-dapper-security: needed
+2.6.17-edgy-security: needed
More information about the kernel-sec-discuss
mailing list