blob: 538388cf6d4cffe13292d4bb1fe07a0cb91f229f (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
Candidate: CVE-2006-5754
References:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=220971
Description:
The aio_setup_ring function in Linux kernel does not properly initialize a
variable, which allows local users to cause a denial of service (crash) via
an unspecified error path that causes an incorrect free operation.
Ubuntu-Description:
Notes:
jmm> 3e45a10919b3bc290147d81a4eb0117f019ba16a
dannf> From the description, I'm assuming this is the fix:
http://linux.bkbits.net:8080/linux-2.6/?PAGE=cset&REV=418e67e3jfC3msWLXzcdTkI10dwtEg
'aio: remove incorrect initialization of "nr_pages"'
Bugs:
upstream: released (2.6.10-rc2)
linux-2.6: released (2.6.10-1)
2.6.18-etch-security: N/A
2.6.8-sarge-security: released (2.6.8-16sarge7) [aio-fix-nr_pages-init.dpatch]
2.4.27-sarge-security: N/A
2.6.15-dapper-security: N/A
2.6.17-edgy-security: N/A
|