The squashfs module of the Linux kernel (2.6.x) fails to properly handle corrupted fs structures, leading to a denial of service and possible data corruption condition. A specially crafted squashfs image will cause the kernel to double free a buffer when a read operation is performed on the corrupted filesystem. This affects all kernels that include genpatches-extras
Created attachment 104637 [details, diff] patch Committed upstream but not yet released
Fixed versions: gentoo-sources-2.6.18-r6 genpatches-2.6.18-8 gentoo-sources-2.6.19-r3 genpatches-2.6.19-4
Way out of version range. Closing.
Reopen bug to apply a valid whiteboard.