From 2eab358b38e4c2c250b5f885310be4498fa063cc Mon Sep 17 00:00:00 2001 From: Moritz Muehlenhoff Date: Mon, 7 May 2007 17:32:50 +0000 Subject: retire CVE-2007-0006 git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@815 e094ebfe-e918-0410-adfb-c712417f3574 --- retired/CVE-2007-0006 | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 retired/CVE-2007-0006 (limited to 'retired/CVE-2007-0006') diff --git a/retired/CVE-2007-0006 b/retired/CVE-2007-0006 new file mode 100644 index 00000000..4627b79b --- /dev/null +++ b/retired/CVE-2007-0006 @@ -0,0 +1,19 @@ +Candidate: CVE-2007-0006 +References: + http://bugzilla.kernel.org/show_bug.cgi?id=7727 + http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=9ad0830f307bcd8dc285cfae58998d43b21727f4 +Description: + The key serial number collision avoidance code in the key_alloc_serial + function in Linux kernel 2.6.9 up to 2.6.20 allows local users to cause a + denial of service (crash) via vectors that trigger a null dereference, as + originally reported as "spinlock CPU recursion." +Ubuntu-Description: +Notes: +Bugs: 398470 +upstream: released (2.6.21, 2.6.20.2) +linux-2.6: released (2.6.20-1) +2.6.18-etch-security: released (2.6.18.dfsg.1-12) [bugfix/keys-serial-num-collision.patch] +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.6.15-dapper-security: released (2.6.15-28.53) +2.6.17-edgy-security: released (2.6.17.1-11.37) -- cgit v1.2.3