Gentoo Bug 142596 - app-crypt/cfs - integer overflow (CVE-2006-3123)

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bug#:	142596
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Carsten Lohrke <carlo@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 142596 depends on:			Show dependency tree
Bug 142596 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2006-08-02 18:24 0000

from DSA 1138-1:

Carlo Contavalli discovered an integer overflow in CFS, a cryptographic
filesystem, which allows local users to crash the encryption daemon.

For the stable distribution (sarge) this problem has been fixed in
version 1.4.1-15sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 1.4.1-17.

------- Comment #1 From Thierry Carrez (RETIRED) 2006-08-12 08:00:11 0000 -------

mkennedy, please bump to latest version.

------- Comment #2 From Sune Kloppenborg Jeppesen 2006-09-05 06:25:58 0000 -------

mkennedy, please bump to latest version.

------- Comment #3 From Sune Kloppenborg Jeppesen 2006-09-13 23:29:10 0000 -------

-dev mailed for assistance.

------- Comment #4 From Sune Kloppenborg Jeppesen 2006-09-19 00:28:32 0000 -------

taviso/vapier could you try a bump?

------- Comment #5 From Sune Kloppenborg Jeppesen 2006-09-26 09:34:16 0000 -------

No response in 6 weeks, I suggest a mask. Security any comments?

------- Comment #6 From Thierry Carrez (RETIRED) 2006-09-27 12:55:54 0000 -------

I wouldn't mask it, sounds more like a bug than a vulnerability anyway...

------- Comment #7 From Matthew Kennedy (RETIRED) 2006-09-27 20:39:06 0000 -------

i updated it

------- Comment #8 From Matthias Geerdsen 2006-09-29 04:23:46 0000 -------

thanks... closing since it is not stable on any arch

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bugzilla Bug 142596

app-crypt/cfs - integer overflow (CVE-2006-3123)

Last modified: 2006-09-29 04:23:46 0000