blob: 53b6e55f0b8baa53f9496666de72cc852e82f844 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
Candidate: CVE-2009-1046
Description:
The console selection feature in the Linux kernel 2.6.28 before
2.6.28.4, 2.6.25, and possibly earlier versions, when the UTF-8
console is used, allows physically proximate attackers to cause
a denial of service (memory corruption) by selecting a small
number of 3-byte UTF-8 characters, which triggers an "an
off-by-two memory error." NOTE: it is not clear whether this issue
crosses privilege boundaries.
References:
http://lists.openwall.net/linux-kernel/2009/01/30/333
http://lists.openwall.net/linux-kernel/2009/02/02/364
http://www.openwall.com/lists/oss-security/2009/02/12/10
http://www.openwall.com/lists/oss-security/2009/02/12/11
http://www.openwall.com/lists/oss-security/2009/02/12/9
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.4
Ubuntu-Description:
Notes:
Bugs:
upstream: released (2.6.28.4, 2.5.29-rc4)
linux-2.6: released (2.6.29-1)
2.6.18-etch-security: N/A "Appears to have been introduced by 759448f in 2.6.23-rc1"
2.6.24-etch-security: released (2.6.24-6~etchnhalf.8etch1) [bugfix/all/fix-off-by-2-error-in-console-selection.patch]
2.6.26-lenny-security: released (2.6.26-15lenny1) [bugfix/all/fix-off-by-2-error-in-console-selection.patch]
2.6.15-dapper-security:
2.6.22-gutsy-security:
2.6.24-hardy-security:
2.6.27-intrepid-security:
|