[kernel] r4908 - patch-tracking
Dann Frazier
dannf at costa.debian.org
Fri Nov 25 23:22:58 UTC 2005
Author: dannf
Date: Fri Nov 25 23:22:57 2005
New Revision: 4908
Modified:
patch-tracking/CVE-2003-0018
Log:
CVE-2003-0018 updates
Modified: patch-tracking/CVE-2003-0018
==============================================================================
--- patch-tracking/CVE-2003-0018 (original)
+++ patch-tracking/CVE-2003-0018 Fri Nov 25 23:22:57 2005
@@ -1,16 +1,28 @@
Candidate: CVE-2003-0018
References:
+ DEBIAN:DSA-358
+ DEBIAN:DSA-423
+ MANDRAKE:MDKSA-2003:014
+ REDHAT:RHSA-2003:025
+ BID:6763
+ XF:linux-odirect-information-leak(11249)
Description:
+ Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the
+ O_DIRECT feature, which allows local attackers with write privileges to
+ read portions of previously deleted files, or cause file system
+ corruption.
Notes:
+ dannf> It looks like the fix that was used in woody is to diable
+ dannf> O_DIRECT. Did a proper fix make it upstream?
Bugs:
upstream:
2.6.14:
2.6.8-sarge-security:
2.4.27-sarge-security:
2.6.8:
-2.4.19-woody-security:
+2.4.19-woody-security: pending (2.4.19-4.woody3)
2.4.18-woody-security: released (2.4.18-10)
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
+2.4.17-woody-security: pending (2.4.17-1woody4)
+2.4.16-woody-security: pending (2.4.16-1woody3)
+2.4.17-woody-security-hppa: pending (32.5)
2.4.17-woody-security-ia64: released (011226.14.1)
More information about the Kernel-svn-changes
mailing list