diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2009-10-20 21:46:22 +0000 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2009-10-20 21:46:22 +0000 |
commit | 5662f0b2a69d60db40460e71293e7d6a5f1851b1 (patch) | |
tree | c36fba9715ef3ae955a2665f49e7c0f002103bd5 /retired/CVE-2009-0748 | |
parent | c1f4a4e3307253a711eb1731f022c3b0c6f398d6 (diff) |
retire more issues
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1530 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired/CVE-2009-0748')
-rw-r--r-- | retired/CVE-2009-0748 | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/retired/CVE-2009-0748 b/retired/CVE-2009-0748 new file mode 100644 index 00000000..dbd0be4f --- /dev/null +++ b/retired/CVE-2009-0748 @@ -0,0 +1,24 @@ +Candidate: CVE-2009-0748 +Description: + The ext4_fill_super function in fs/ext4/super.c in the Linux kernel + 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate + the superblock configuration, which allows local users to cause a + denial of service (NULL pointer dereference and OOPS) by attempting + to mount a crafted ext4 filesystem. +References: +Ubuntu-Description: +Notes: + jmm> ext4 is marked as experimental and the vulnerability fairly + jmm> obscure, I don't think we should spend energy on this. Dann, + jmm> if you don't object I'll mark this as "unimportant" in the + jmm> security tracker +Bugs: +upstream: released (2.6.28.7, 2.6.29-rc1)) +linux-2.6: released (2.6.29-1) +2.6.18-etch-security: N/A +2.6.24-etch-security: ignored "code has changed - likely vulnerable, but not important enough to port" +2.6.26-lenny-security: released (2.6.26-13lenny2) [bugfix/all/ext4-add-sanity-checks-for-the-superblock-before-mounting.patch] +2.6.15-dapper-security: +2.6.22-gutsy-security: +2.6.24-hardy-security: +2.6.27-intrepid-security: |