diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2007-04-30 17:04:40 +0000 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2007-04-30 17:04:40 +0000 |
commit | 8290df912ecbf23e19610e57952fc68c45d59103 (patch) | |
tree | 460afa9d494ee7898cf23cf2457b5e18d8dee802 /retired | |
parent | 9af4eb6f3374a8fc487127afceaf1d73793ae3a1 (diff) |
retire two more issues
record upstream fix
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@773 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired')
-rw-r--r-- | retired/CVE-2006-5619 | 23 | ||||
-rw-r--r-- | retired/CVE-2006-5701 | 35 |
2 files changed, 58 insertions, 0 deletions
diff --git a/retired/CVE-2006-5619 b/retired/CVE-2006-5619 new file mode 100644 index 00000000..2a7a48cf --- /dev/null +++ b/retired/CVE-2006-5619 @@ -0,0 +1,23 @@ +Candidate: CVE-2006-5619 +References: + http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bcd620757d3a4ae78ef0ca41adb5d9e400ed92b6 +Description: + The seqfile handling (ip6fl_get_n function in ip6_flowlabel.c) in + Linux kernel 2.6.16, 2.6.17, and 2.6.18-stable allows local users to + cause a denial of service (hang or oops) via unspecified manipulations + that trigger an infinite loop while searching for flowlabels. +Ubuntu-Description: + James Morris discovered that the ip6fl_get_n() function incorrectly + handled flow labels. A local attacker could exploit this to crash the + kernel. +Notes: + dannf> This code does not appear to be present in 2.4 +Bugs: +upstream: released (2.6.18.2) +linux-2.6: released (2.6.18-4) +2.6.8-sarge-security: released (2.6.8-16sarge6) [ip6_flowlabel-lockup.dpatch] +2.4.27-sarge-security: N/A +2.6.12-breezy-security: released (2.6.12-10.41) +2.6.15-dapper-security: released (2.6.15-27.49) +2.6.17-edgy-security: released (2.6.17.1-10.34) +2.6.19-feisty: released diff --git a/retired/CVE-2006-5701 b/retired/CVE-2006-5701 new file mode 100644 index 00000000..9b1ba7b2 --- /dev/null +++ b/retired/CVE-2006-5701 @@ -0,0 +1,35 @@ +Candidate: CVE-2006-5701 +References: + http://projects.info-pull.com/mokb/MOKB-02-11-2006.html + http://sourceforge.net/mailarchive/forum.php?thread_id=31007759&forum_id=39601 + https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=211237 +Description: + Double free vulnerability in squashfs module in the Linux kernel + 2.6.x, as used in Fedora Core 5 and possibly other distributions, + allows local users to cause a denial of service by mounting a crafted + squashfs filesystem. +Ubuntu-Description: + Certain corrupted squashfs file system images caused a memory + allocation to be freed twice. By mounting a specially crafted + squashfs file system, a local attacker could exploit this to crash + the kernel. +Notes: + Ubuntu kernels have squashfs patch; not sure about Debian's. + dannf> Debian's do not, but we do have a kernel-patch-squashfs package + dannf> Marking upstream N/A, because this isn't an upstream feature + dannf> Affects squashfs (1:3.1r2-6) which is currently in etch. I've + Verified that the patch in RH bugzilla applies and fixes the bug. + dannf> kernel-patch-squashfs applied to a 2.4 kernel does not exhibit + this problem. I tested by hexediting the reproducer fs to advertise + v2 since v3 is not supported in sarge, which may have just masked + the problem. + dannf> Released in squashfs (1:3.1r2-6.1) which is in etch +Bugs: +upstream: N/A +linux-2.6: N/A +2.6.18-etch-security: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.6.12-breezy-security: N/A +2.6.15-dapper-security: released (2.6.15-27.49) +2.6.17-edgy-security: released (2.6.17.1-10.34) |