[kernel] r5070 - patch-tracking
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Wed Dec 21 21:45:23 UTC 2005
Author: jmm-guest
Date: Wed Dec 21 21:45:22 2005
New Revision: 5070
Added:
patch-tracking/CVE-2004-0619
Log:
cryptonet driver quite likely not affecting Debian, should
be double-checked though.
Added: patch-tracking/CVE-2004-0619
==============================================================================
--- (empty file)
+++ patch-tracking/CVE-2004-0619 Wed Dec 21 21:45:22 2005
@@ -0,0 +1,28 @@
+Candidate: CVE-2004-0619
+References:
+ http://marc.theaimsgroup.com/?l=bugtraq&m=108802653409053&w=2
+ http://www.redhat.com/support/errata/RHSA-2004-549.html
+ http://www.redhat.com/support/errata/RHSA-2005-283.html
+ http://www.ciac.org/ciac/bulletins/p-047.shtml
+ http://www.securityfocus.com/bid/10599
+ http://secunia.com/advisories/11936
+ http://xforce.iss.net/xforce/xfdb/16459
+Description:
+ Integer overflow in the ubsec_keysetup function for Linux Broadcom 5820
+ cryptonet driver allows local users to cause a denial of service (crash)
+ and possibly execute arbitrary code via a negative add_dsa_buf_bytes
+ variable, which leads to a buffer overflow.
+Notes:
+ jmm> This is apparently not in main line, but only shipped in Red Hat kernels
+Bugs:
+upstream:
+linux-2.6:
+2.6.8-sarge-security:
+2.4.27-sarge-security:
+2.6.8:
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
More information about the Kernel-svn-changes
mailing list