Gentoo Bug 158783 - Linux 2.6.x zlib_inflate memory corruption (CVE-2006-5823)

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bug#:	158783
Alias:
Product:
Component:
Status:	NEW
Resolution:
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Daniel Drake <dsd@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
1910_cramfs-block-corruption.patch	patch	patch	Daniel Drake	2006-12-23 08:33 0000	1.67 KB	Details \| Diff
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 158783 depends on:			Show dependency tree
Bug 158783 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as NEW
Accept bug (change status to ASSIGNED)
Resolve bug, changing resolution to
Resolve bug, mark it as duplicate of bug #
Reassign bug to
Reassign bug to default assignee of selected component

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2006-12-21 18:48 0000

Linux 2.6.x zlib_inflate function can be abused by filesystems that depend on
zlib compression, such as cramfs. A failure to handle crafted data, result of a
read operation in a corrupted filesystem stream, may lead to memory corruption
and potential arbitrary code execution.

------- Comment #1 From Daniel Drake 2006-12-23 08:33:41 0000 -------

Created an attachment (id=104639) [details]
patch

------- Comment #2 From Daniel Drake 2007-01-01 20:14:25 0000 -------

*** Bug 154432 has been marked as a duplicate of this bug. ***

------- Comment #3 From Daniel Drake 2007-01-05 06:31:57 0000 -------

Fixed versions:
gentoo-sources-2.6.18-r6
genpatches-2.6.18-8
gentoo-sources-2.6.19-r3
genpatches-2.6.19-4

------- Comment #4 From unnamedrambler@gmail.com 2008-03-07 01:08:36 0000 -------

Proposed metadata:
[linux < 2.6.19.2] via
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.19.2
[gp < 2.6.18-8]
[gp > 2.6.18-8 < 2.6.19-4]
the following may be redundant:
[gentoo < 2.6.18-r6]
[gentoo > 2.6.18-r6 < 2.6.19-4]

------- Comment #5 From unnamedrambler@gmail.com 2008-03-07 01:12:44 0000 -------

Woo.. this was the first go so please excuse my mistake:
[gentoo > 2.6.18-r6 < 2.6.19-4] should read
[gentoo > 2.6.18-r6 < 2.6.19-r3]

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bugzilla Bug 158783

Linux 2.6.x zlib_inflate memory corruption (CVE-2006-5823)

Last modified: 2009-01-13 23:40:28 0000