[kernel] r5268 - patch-tracking
Simon Horman
horms at costa.debian.org
Thu Jan 5 08:30:00 UTC 2006
Author: horms
Date: Thu Jan 5 08:29:59 2006
New Revision: 5268
Modified:
patch-tracking/CVE-2004-2607
Log:
Pending for 2.4. N/A for 2.6
Modified: patch-tracking/CVE-2004-2607
==============================================================================
--- patch-tracking/CVE-2004-2607 (original)
+++ patch-tracking/CVE-2004-2607 Thu Jan 5 08:29:59 2006
@@ -1,8 +1,12 @@
Candidate: CVE-2004-2607
References:
http://www.uwsg.iu.edu/hypermail/linux/kernel/0404.2/0313.html
+ http://www.kernel.org/git/?p=linux/kernel/git/tglx/history.git;a=commitdiff;h=98cd917c1ac348d5cd94beabecc3011dcaa0a0f2
Description:
- [SECURITY] Fix sdla_xfer lack of bounds checking, reported by Coverity.
+ A numeric casting discrepancy in sdla_xfer in Linux kernel 2.6.x up to
+ 2.6.5 and 2.4 up to 2.4.29-rc1 allows local users to read portions of
+ kernel memory via a large len argument, which is received as an int but
+ cast to a short, which prevents a read loop from filling a buffer.
Notes:
jmm> The referenced patch was applied by Jeff Garzik on 2004-04-16,
jmm> 2.6.6 was released on 2004-05-09, so Sarge seems not affected, should
@@ -10,12 +14,15 @@
jmm> too slim to download 2.6.8
jmm>
jmm> The fix below is for a completely different issue, I've split it out
+ horms> Fix was included in 2.6.6. Checked source and 2.6.8 is not vulnerable
+ horms> 2.4.27 is vulnerable, added fix to SVN. Woody is likely vulnerable
Bugs:
-upstream: released (2.4.29-rc2)
-linux-2.6:
-2.6.8-sarge-security:
-2.4.27-sarge-security:
-2.6.8:
+upstream: pending (2.4.33-rc2), released (2.6.6)
+linux-2.6: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: pending (2.4.27-10sarge2) [200_net_sdla_xfer_leak.diff]
+2.6.8: N/A
+2.4.27: pending (2.4.27-13) [200_net_sdla_xfer_leak.diff]
2.4.19-woody-security:
2.4.18-woody-security:
2.4.17-woody-security:
More information about the Kernel-svn-changes
mailing list