blob: 9b1ba7b22ce80d13d7262a8a34b01b3a1be72b18 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
Candidate: CVE-2006-5701
References:
http://projects.info-pull.com/mokb/MOKB-02-11-2006.html
http://sourceforge.net/mailarchive/forum.php?thread_id=31007759&forum_id=39601
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=211237
Description:
Double free vulnerability in squashfs module in the Linux kernel
2.6.x, as used in Fedora Core 5 and possibly other distributions,
allows local users to cause a denial of service by mounting a crafted
squashfs filesystem.
Ubuntu-Description:
Certain corrupted squashfs file system images caused a memory
allocation to be freed twice. By mounting a specially crafted
squashfs file system, a local attacker could exploit this to crash
the kernel.
Notes:
Ubuntu kernels have squashfs patch; not sure about Debian's.
dannf> Debian's do not, but we do have a kernel-patch-squashfs package
dannf> Marking upstream N/A, because this isn't an upstream feature
dannf> Affects squashfs (1:3.1r2-6) which is currently in etch. I've
Verified that the patch in RH bugzilla applies and fixes the bug.
dannf> kernel-patch-squashfs applied to a 2.4 kernel does not exhibit
this problem. I tested by hexediting the reproducer fs to advertise
v2 since v3 is not supported in sarge, which may have just masked
the problem.
dannf> Released in squashfs (1:3.1r2-6.1) which is in etch
Bugs:
upstream: N/A
linux-2.6: N/A
2.6.18-etch-security: N/A
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
2.6.12-breezy-security: N/A
2.6.15-dapper-security: released (2.6.15-27.49)
2.6.17-edgy-security: released (2.6.17.1-10.34)
|