From 5662f0b2a69d60db40460e71293e7d6a5f1851b1 Mon Sep 17 00:00:00 2001 From: Moritz Muehlenhoff Date: Tue, 20 Oct 2009 21:46:22 +0000 Subject: retire more issues git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1530 e094ebfe-e918-0410-adfb-c712417f3574 --- retired/CVE-2009-0748 | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 retired/CVE-2009-0748 (limited to 'retired/CVE-2009-0748') diff --git a/retired/CVE-2009-0748 b/retired/CVE-2009-0748 new file mode 100644 index 00000000..dbd0be4f --- /dev/null +++ b/retired/CVE-2009-0748 @@ -0,0 +1,24 @@ +Candidate: CVE-2009-0748 +Description: + The ext4_fill_super function in fs/ext4/super.c in the Linux kernel + 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate + the superblock configuration, which allows local users to cause a + denial of service (NULL pointer dereference and OOPS) by attempting + to mount a crafted ext4 filesystem. +References: +Ubuntu-Description: +Notes: + jmm> ext4 is marked as experimental and the vulnerability fairly + jmm> obscure, I don't think we should spend energy on this. Dann, + jmm> if you don't object I'll mark this as "unimportant" in the + jmm> security tracker +Bugs: +upstream: released (2.6.28.7, 2.6.29-rc1)) +linux-2.6: released (2.6.29-1) +2.6.18-etch-security: N/A +2.6.24-etch-security: ignored "code has changed - likely vulnerable, but not important enough to port" +2.6.26-lenny-security: released (2.6.26-13lenny2) [bugfix/all/ext4-add-sanity-checks-for-the-superblock-before-mounting.patch] +2.6.15-dapper-security: +2.6.22-gutsy-security: +2.6.24-hardy-security: +2.6.27-intrepid-security: -- cgit v1.2.3