[kernel] r6278 - patch-tracking
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Fri Mar 24 13:09:28 UTC 2006
Author: jmm-guest
Date: Fri Mar 24 13:09:02 2006
New Revision: 6278
Added:
patch-tracking/CVE-2006-1368
Log:
new dos
Added: patch-tracking/CVE-2006-1368
==============================================================================
--- (empty file)
+++ patch-tracking/CVE-2006-1368 Fri Mar 24 13:09:02 2006
@@ -0,0 +1,22 @@
+Candidate: CVE-2006-1368
+References:
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8763716bfe4d8a16bef28c9947cf9d799b1796a5
+ http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16
+Description:
+ Buffer overflow in the USB Gadget RNDIS implementation in the Linux kernel before
+ 2.6.16 allows remote attackers to cause a denial of service (kmalloc'd memory
+ corruption) via a remote NDIS response to OID_GEN_SUPPORTED_LIST, which causes
+ memory to be allocated for the reply data but not the reply structure.
+Notes:
+Bugs:
+upstream: released (2.6.16)
+linux-2.6: released (2.6.16-1)
+2.6.8-sarge-security:
+2.4.27-sarge-security:
+2.4.27:
+2.4.19-woody-security:
+2.4.18-woody-security:
+2.4.17-woody-security:
+2.4.16-woody-security:
+2.4.17-woody-security-hppa:
+2.4.17-woody-security-ia64:
More information about the Kernel-svn-changes
mailing list