On Tue, Mar 01, 2005 at 12:38:49PM +0900, Horms wrote: > On Fri, Feb 25, 2005 at 03:05:58PM +0100, Stefan Fritsch wrote: > > Package: kernel-source-2.6.8 > > Version: 2.6.8-13 > > Severity: critical > > Tags: security > > Justification: root security hole > > > > Cite: > > "The reiserfs_copy_from_user_to_file_region function in reiserfs/file.c for > > Linux kernel > > 2.6.10 and 2.6.11 before 2.6.11-rc4, when running on 64-bit architectures, > > may allow local > > users to trigger a buffer overflow as a result of casting discrepancies > > between size_t and > > int data types." > > > > The offending code is also in 2.6.8. A fix is at > > http://linux.bkbits.net:8080/linux-2.6/[EMAIL PROTECTED] > > > > The original advisory is at > > http://marc.theaimsgroup.com/?l=full-disclosure&m=110846727602817&w=2 > > > > > > Please fix 2.6.9 and 2.6.10 as well. I have also looked at 2.4.27 but > > couldn't find any > > similar code. > > Thanks, that seems good to me. I will work on getting it into 2.4.8 and > 2.6.10, and also double-check 2.4.27. 2.6.9 is no longer maintained.
Ditto for your other CAN reports. However, I am on the road at the moment and if I don't get to this today, it won't happen until next week. So if another kernel-team person wants to jump in, please do. -- Horms -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
