diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2008-04-04 08:22:59 +0000 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2008-04-04 08:22:59 +0000 |
commit | e824eab7fea625551e3ee27c390cf894cfbfba04 (patch) | |
tree | 239de3139175e9b98d4e2a45e1962aa10beb2e92 /retired/CVE-2005-0977 | |
parent | 60ddf7542af3875373d9827c167f1d51926a8f6d (diff) |
retire some issues now that Sarge support has ended
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1154 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired/CVE-2005-0977')
-rw-r--r-- | retired/CVE-2005-0977 | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/retired/CVE-2005-0977 b/retired/CVE-2005-0977 new file mode 100644 index 00000000..77b44a61 --- /dev/null +++ b/retired/CVE-2005-0977 @@ -0,0 +1,22 @@ +Candidate: CVE-2005-0977 +References: + http://www.ubuntulinux.org/support/documentation/usn/usn-103-1 + http://linux.bkbits.net:8080/linux-2.6/cset@420551fbRlv9-QG6Gw9Lw_bKVfPSsg + http://lkml.org/lkml/2005/2/5/111 + http://www.securityfocus.com/bid/12970 +Description: + The shmem_nopage function in shmem.c for the tmpfs driver in Linux kernel + 2.6 does not properly verify the address argument, which allows local users + to cause a denial of service (kernel crash) via an invalid address. +Notes: + dannf> 2.4 does look vulnerable, but the 2.6 fix won't work directly because + dannf> 2.4 doesn't have i_size_read(). The 2.6 i_size_read() uses seqlocks, + dannf> which aren't in 2.4, so the port isn't trivial for me. + dannf> Forwarded to Willy Tarreau on 2008.01.17 +Bugs: 303177 +upstream: released (2.6.11) +linux-2.6: N/A +2.6.8-sarge-security: released (2.6.8-16) [mm-shmem-truncate.dpatch] +2.4.27-sarge-security: ignored (2.4.27-10sarge6) "need porting help" +2.6.18-etch-security: N/A + |