Gentoo Bug 142596 - app-crypt/cfs - integer overflow (CVE-2006-3123)

First Last Prev Next No search results available Search page Enter new bug

Bug#:	142596
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Carsten Lohrke <carlo@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 142596 depends on:			Show dependency tree Show dependency graph
Bug 142596 blocks:			Show dependency tree Show dependency graph

Additional Comments: (this is where you put emerge --info)

Add to CC list

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2006-08-02 18:24 0000

from DSA 1138-1:

Carlo Contavalli discovered an integer overflow in CFS, a cryptographic
filesystem, which allows local users to crash the encryption daemon.

For the stable distribution (sarge) this problem has been fixed in
version 1.4.1-15sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 1.4.1-17.

------- Comment #1 From Thierry Carrez (RETIRED) 2006-08-12 08:00:11 0000 -------

mkennedy, please bump to latest version.

------- Comment #2 From Sune Kloppenborg Jeppesen 2006-09-05 06:25:58 0000 -------

mkennedy, please bump to latest version.

------- Comment #3 From Sune Kloppenborg Jeppesen 2006-09-13 23:29:10 0000 -------

-dev mailed for assistance.

------- Comment #4 From Sune Kloppenborg Jeppesen 2006-09-19 00:28:32 0000 -------

taviso/vapier could you try a bump?

------- Comment #5 From Sune Kloppenborg Jeppesen 2006-09-26 09:34:16 0000 -------

No response in 6 weeks, I suggest a mask. Security any comments?

------- Comment #6 From Thierry Carrez (RETIRED) 2006-09-27 12:55:54 0000 -------

I wouldn't mask it, sounds more like a bug than a vulnerability anyway...

------- Comment #7 From Matthew Kennedy (RETIRED) 2006-09-27 20:39:06 0000 -------

i updated it

------- Comment #8 From Matthias Geerdsen 2006-09-29 04:23:46 0000 -------

thanks... closing since it is not stable on any arch

First Last Prev Next No search results available Search page Enter new bug

Bugzilla Bug 142596

app-crypt/cfs - integer overflow (CVE-2006-3123)

Last modified: 2006-09-29 04:23:46 0000