[kernel] r5064 - patch-tracking
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Wed Dec 21 15:08:34 UTC 2005
Author: jmm-guest
Date: Wed Dec 21 15:08:33 2005
New Revision: 5064
Added:
patch-tracking/CVE-2005-0867
Log:
an older sysfs local root vulnerability
Added: patch-tracking/CVE-2005-0867
==============================================================================
--- (empty file)
+++ patch-tracking/CVE-2005-0867 Wed Dec 21 15:08:33 2005
@@ -0,0 +1,23 @@
+Candidate: CVE-2005-0867
+References:
+ http://www.novell.com/linux/security/advisories/2005_18_kernel.html
+Description:
+ Integer overflow in Linux kernel 2.6 allows local users to overwrite kernel
+ memory by writing to a sysfs file.
+Notes:
+ horms> The Debian Packages for 2.6.8 and 2.6.11 do not appear to
+ horms> have this bug. 2.4.27 does not include sysfs, and thus
+ horma> also does not have this bug.
+ jmm> The patch for the vulnerability in question can be found in the BTS
+Bugs: 306137
+upstream:
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.6.8: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
More information about the Kernel-svn-changes
mailing list