diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2007-06-18 21:03:46 +0000 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2007-06-18 21:03:46 +0000 |
commit | d039df62c5cb4db0180509865c33d688aa093e63 (patch) | |
tree | 82e6de7a8b061b621f4b6ee80261b052c0292d9f /retired/CVE-2005-4811 | |
parent | 097e6e4f41a181ed32c42324fd51fc8d5854942e (diff) |
retire some issues now resolved with the latest 2.6.8 DSA
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@860 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired/CVE-2005-4811')
-rw-r--r-- | retired/CVE-2005-4811 | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/retired/CVE-2005-4811 b/retired/CVE-2005-4811 new file mode 100644 index 00000000..3d40676d --- /dev/null +++ b/retired/CVE-2005-4811 @@ -0,0 +1,23 @@ +Candidate: CVE-2005-4811 +References: + http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c7546f8f03f5a4fa612605b6be930234d6026860 +Description: hugetlb dos +Ubuntu-Description: + David Gibson discovered a Denial of Service vulnerability in the + unmap_hugepage_area() function. By calling mmap() in a special way, a + local user could exploit this to crash the kernel. +Notes: + - Pretty old fix, applied upstream in 2.6.11 or 2.6.12. + - 2.6.10 and older have function in arch-specific + arch/*/mm/hugetlbpage.c, thus requires some manual porting work + dannf> In Debian's 2.4.27, the only existance of this function is in + ia64 code, which already has the proper check +Bugs: +upstream: released (2.6.13) +linux-2.6: released (2.6.13-1) +2.6.8-sarge-security: released (2.6.8-16sarge7) [unmap_hugepage_area-check-null-pte.dpatch] +2.4.27-sarge-security: N/A +2.6.12-breezy-security: released +2.6.15-dapper-security: released +2.6.17-edgy: released +2.6.18-etch-security: N/A |