[kernel-sec-discuss] r692 - active
Martin Pitt
mpitt at alioth.debian.org
Tue Jan 16 12:01:37 CET 2007
Author: mpitt
Date: 2007-01-16 12:01:36 +0100 (Tue, 16 Jan 2007)
New Revision: 692
Modified:
active/CVE-2006-5757
active/CVE-2006-6060
Log:
info for CVE-2006-6060
Modified: active/CVE-2006-5757
===================================================================
--- active/CVE-2006-5757 2007-01-16 10:53:07 UTC (rev 691)
+++ active/CVE-2006-5757 2007-01-16 11:01:36 UTC (rev 692)
@@ -7,12 +7,13 @@
users to cause a denial of service (infinite loop) by mounting a
crafted ISO9660 filesystem containing malformed data structures.
Ubuntu-Description:
- A race condition was found in the ISO9660 file system. By mounting a
- specially crafted CD-ROM, a local attacker could exploit this to
- trigger an infinite loop in the kernel, rendering the machine
- unusable.
+ A race condition was found in the grow_buffers() function. By mounting a
+ specially crafted ISO9660 or NTFS file system, a local attacker could
+ exploit this to trigger an infinite loop in the kernel, rendering the
+ machine unusable.
Notes:
http://projects.info-pull.com/mokb/MOKB-05-11-2006.html
+ http://projects.info-pull.com/mokb/MOKB-19-11-2006.html
Bugs:
upstream: released (2.6.19-rc2)
linux-2.6:
Modified: active/CVE-2006-6060
===================================================================
--- active/CVE-2006-6060 2007-01-16 10:53:07 UTC (rev 691)
+++ active/CVE-2006-6060 2007-01-16 11:01:36 UTC (rev 692)
@@ -1,8 +1,6 @@
Candidate: CVE-2006-6060
References:
MISC:http://projects.info-pull.com/mokb/MOKB-19-11-2006.html
- XF:kernel-ntfs-dos(30418)
- URL:http://xforce.iss.net/xforce/xfdb/30418
Description:
The NTFS filesystem code in Linux kernel 2.6.x up to 2.6.18, and possibly
other versions, allows local users to cause a denial of service (CPU
@@ -10,13 +8,14 @@
in the __find_get_block_slow function.
Ubuntu-Description:
Notes:
+ fixed by patch for CVE-2006-5757 since the bug is in the common
+ __find_get_block_slow() function.
Bugs:
upstream:
linux-2.6:
2.6.18-etch:
-2.6.8-sarge-security:
+2.6.8-sarge-security: needed
2.4.27-sarge-security:
-2.6.12-breezy-security:
-2.6.15-dapper-security:
-2.6.17-edgy-security:
-2.6.19-feisty:
+2.6.12-breezy-security: needed
+2.6.15-dapper-security: needed
+2.6.17-edgy-security: needed
More information about the kernel-sec-discuss
mailing list