[kernel] r6619 - patch-tracking
Dann Frazier
dannf at costa.debian.org
Sat May 20 00:44:23 UTC 2006
Author: dannf
Date: Sat May 20 00:44:19 2006
New Revision: 6619
Modified:
patch-tracking/CVE-2006-1524
Log:
pending in sarge3
Modified: patch-tracking/CVE-2006-1524
==============================================================================
--- patch-tracking/CVE-2006-1524 (original)
+++ patch-tracking/CVE-2006-1524 Sat May 20 00:44:19 2006
@@ -1,12 +1,25 @@
Candidate: CVE-2006-1524
References:
-Description: fix MADV_REMOVE vulnerability
+ CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.6
+ BID:17587
+ URL:http://www.securityfocus.com/bid/17587
+ SECUNIA:19664
+ URL:http://secunia.com/advisories/19664
+ SECUNIA:19657
+ URL:http://secunia.com/advisories/19657
+Description:
+ madvise_remove in Linux kernel 2.6.16 up to 2.6.16.6 does not follow
+ file and mmap restrictions, which allows local users to bypass IPC
+ permissions and replace portions of readonly tmpfs files with zeroes,
+ aka the MADV_REMOVE vulnerability. NOTE: this description was
+ originally written in a way that combined two separate issues. The
+ mprotect issue now has a separate name, CVE-2006-2071.
Notes:
Bugs:
upstream: released (2.6.16.7)
linux-2.6:
-2.6.8-sarge-security:
-2.4.27-sarge-security:
+2.6.8-sarge-security: pending (2.6.8-16sarge3)
+2.4.27-sarge-security: pending (2.4.27-10sarge3)
2.4.27:
2.4.19-woody-security:
2.4.18-woody-security:
More information about the Kernel-svn-changes
mailing list