retire two more issues

record upstream fix


git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@773 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 35 insertions, 0 deletions

diff --git a/retired/CVE-2006-5701 b/retired/CVE-2006-5701
new file mode 100644
index 00000000..9b1ba7b2
--- /dev/null
+++ b/retired/CVE-2006-5701
@@ -0,0 +1,35 @@
+Candidate: CVE-2006-5701
+References: 
+ http://projects.info-pull.com/mokb/MOKB-02-11-2006.html
+ http://sourceforge.net/mailarchive/forum.php?thread_id=31007759&forum_id=39601
+ https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=211237
+Description: 
+ Double free vulnerability in squashfs module in the Linux kernel
+ 2.6.x, as used in Fedora Core 5 and possibly other distributions,
+ allows local users to cause a denial of service by mounting a crafted
+ squashfs filesystem.
+Ubuntu-Description: 
+ Certain corrupted squashfs file system images caused a memory
+ allocation to be freed twice. By mounting a specially crafted
+ squashfs file system, a local attacker could exploit this to crash
+ the kernel.
+Notes: 
+ Ubuntu kernels have squashfs patch; not sure about Debian's.
+ dannf> Debian's do not, but we do have a kernel-patch-squashfs package
+ dannf> Marking upstream N/A, because this isn't an upstream feature
+ dannf> Affects squashfs (1:3.1r2-6) which is currently in etch. I've
+        Verified that the patch in RH bugzilla applies and fixes the bug.
+ dannf> kernel-patch-squashfs applied to a 2.4 kernel does not exhibit
+        this problem. I tested by hexediting the reproducer fs to advertise
+        v2 since v3 is not supported in sarge, which may have just masked
+        the problem.
+ dannf> Released in squashfs (1:3.1r2-6.1) which is in etch
+Bugs: 
+upstream: N/A
+linux-2.6: N/A
+2.6.18-etch-security: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.6.12-breezy-security: N/A
+2.6.15-dapper-security: released (2.6.15-27.49)
+2.6.17-edgy-security: released (2.6.17.1-10.34)