[kernel-sec-discuss] r715 - active
Dann Frazier
dannf at alioth.debian.org
Mon Mar 19 08:02:21 CET 2007
Author: dannf
Date: 2007-03-19 07:02:21 +0000 (Mon, 19 Mar 2007)
New Revision: 715
Modified:
active/CVE-2007-1388
Log:
update etch status
Modified: active/CVE-2007-1388
===================================================================
--- active/CVE-2007-1388 2007-03-18 18:06:15 UTC (rev 714)
+++ active/CVE-2007-1388 2007-03-19 07:02:21 UTC (rev 715)
@@ -1,12 +1,18 @@
Candidate: CVE-2007-1388
References:
+ http://bugzilla.kernel.org/show_bug.cgi?id=8155
Description:
+ The do_ipv6_setsockopt function in net/ipv6/ipv6_sockglue.c in Linux kernel
+ 2.6.17, and possibly other versions, allows local users to cause a denial of
+ service (oops) by calling setsockopt with the IPV6_RTHDR option name and
+ possibly a zero option length or invalid option value, which triggers a NULL
+ pointer dereference.
Ubuntu-Description:
Notes:
Bugs:
upstream:
linux-2.6:
-2.6.18-etch-security:
+2.6.18-etch-security: pending (2.6.18.dfsg.1-11etch1) [bugfix/ipv6_setsockopt-NULL-deref.patch]
2.6.8-sarge-security:
2.4.27-sarge-security:
2.6.12-breezy-security:
More information about the kernel-sec-discuss
mailing list