[kernel-sec-discuss] r824 - active
dannf at alioth.debian.org
dannf at alioth.debian.org
Thu May 17 20:16:17 UTC 2007
Author: dannf
Date: 2007-05-17 20:16:17 +0000 (Thu, 17 May 2007)
New Revision: 824
Modified:
active/CVE-2007-1353
Log:
flesh out and update etch status
Modified: active/CVE-2007-1353
===================================================================
--- active/CVE-2007-1353 2007-05-17 20:15:59 UTC (rev 823)
+++ active/CVE-2007-1353 2007-05-17 20:16:17 UTC (rev 824)
@@ -1,12 +1,20 @@
-Candidate:
+Candidate: CVE-2007-1353
References:
+ http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.34.3
+ http://www.securityfocus.com/bid/23594
+ http://www.frsirt.com/english/advisories/2007/1495
+ http://secunia.com/advisories/24976
Description:
+ The setsockopt function in the L2CAP and HCI Bluetooth support in the Linux
+ kernel before 2.4.34.3 allows context-dependent attackers to read kernel
+ memory and obtain sensitive information via unspecified vectors involving the
+ copy_from_user function accessing an uninitialized stack buffer.
Ubuntu-Description:
Notes:
Bugs:
upstream:
linux-2.6:
-2.6.18-etch-security:
+2.6.18-etch-security: pending (2.6.18.dfsg.1-12etch3) [bugfix/bluetooth-l2cap-hci-info-leaks.patch]
2.6.8-sarge-security:
2.4.27-sarge-security:
2.6.15-dapper-security:
More information about the kernel-sec-discuss
mailing list