diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2007-04-30 17:08:05 +0000 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2007-04-30 17:08:05 +0000 |
commit | 6471f3dab8b9f08bf043c1fcc49f8a0bf467300a (patch) | |
tree | 7dd98d6bb1c3629dde5999bcefede30fd9d5deee /retired/CVE-2006-4813 | |
parent | 8290df912ecbf23e19610e57952fc68c45d59103 (diff) |
retire several issues
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@774 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired/CVE-2006-4813')
-rw-r--r-- | retired/CVE-2006-4813 | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/retired/CVE-2006-4813 b/retired/CVE-2006-4813 new file mode 100644 index 00000000..6045237e --- /dev/null +++ b/retired/CVE-2006-4813 @@ -0,0 +1,23 @@ +Candidate: CVE-2006-4813 +References: + http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=152becd26e0563aefdbc4fd1fe491928efe92d1f +Description: + The __block_prepare_write function in fs/buffer.c for Linux kernel 2.6.x before 2.6.13 + does not properly clear buffers during certain error conditions, which allows local + users to read portions of files that have been unlinked. +Ubuntu-Description: + Dmitriy Monakhov discovered an information leak in the + __block_prepare_write() function. During error recovery, this + function did not properly clear memory buffers which could allow + local users to read portions of unlinked files. +Notes: + dannf> I don't think 2.4 is affected because the BH_New bit is not + dannf> cleared after get_block returns - marking 2.4.27 N/A +Bugs: +upstream: released (2.6.13-rc1) +linux-2.6: released (2.6.13-1) +2.6.8-sarge-security: released (2.6.8-16sarge6) [__block_prepare_write-recovery.dpatch] +2.4.27-sarge-security: N/A +2.6.12-breezy-security: released (CVE-2006-4813) +2.6.15-dapper-security: released +2.6.17-edgy: released |