Bug#321401: CAN-2005-2456: Array index overflow in xfrm code
Package: linux-2.6 Severity: important Tags: security patch An overflow in sock->sk_policy could possibly be exploited as DoS or potential execution of arbitrary code. Please see http://www.mail-archive.com/netdev@vger.kernel.org/msg00520.html for details. A fix has been comitted into the git repo, please see http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a4f1bac62564049ea4718c4624b0fadc9f597c84 This has been assigned CAN-2005-2456. Cheers, Moritz -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.12-rc5 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#321401: CAN-2005-2456: Array index overflow in xfrm code
On Fri, Aug 05, 2005 at 11:27:26AM +0200, Moritz Muehlenhoff wrote: > Package: linux-2.6 > Severity: important > Tags: security patch > > An overflow in sock->sk_policy could possibly be exploited as DoS or > potential execution of arbitrary code. Please see > http://www.mail-archive.com/netdev@vger.kernel.org/msg00520.html > for details. A fix has been comitted into the git repo, please see > http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a4f1bac62564049ea4718c4624b0fadc9f597c84 > > This has been assigned CAN-2005-2456. Thanks, for Sarge 2.6.8 appears to be vulnerable, and 2.4.27 does not. I have applied the patch into SVN for 2.6.8. -- Horms -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#321401: CAN-2005-2456: Array index overflow in xfrm code
On Fri, Aug 05, 2005 at 06:58:12PM +0900, Horms wrote: > On Fri, Aug 05, 2005 at 11:27:26AM +0200, Moritz Muehlenhoff wrote: > > Package: linux-2.6 > > Severity: important > > Tags: security patch > > > > An overflow in sock->sk_policy could possibly be exploited as DoS or > > potential execution of arbitrary code. Please see > > http://www.mail-archive.com/netdev@vger.kernel.org/msg00520.html > > for details. A fix has been comitted into the git repo, please see > > http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a4f1bac62564049ea4718c4624b0fadc9f597c84 > > > > This has been assigned CAN-2005-2456. > > Thanks, for Sarge 2.6.8 appears to be vulnerable, > and 2.4.27 does not. I have applied the patch into > SVN for 2.6.8. Correction, 2.4.27 does seem vulnerable, I am fixing it now. -- Horms -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
