Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 158783 (CVE-2006-5823) - Linux 2.6.x zlib_inflate memory corruption (CVE-2006-5823)
Summary: Linux 2.6.x zlib_inflate memory corruption (CVE-2006-5823)
Status: RESOLVED FIXED
Alias: CVE-2006-5823
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://projects.info-pull.com/mokb/MO...
Whiteboard: [linux < 2.6.19.2][gp < 2.6.18-8][gp ...
Keywords:
: 154432 (view as bug list)
Depends on:
Blocks:
 
Reported: 2006-12-21 18:48 UTC by Daniel Drake (RETIRED)
Modified: 2013-09-05 02:49 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
patch (1910_cramfs-block-corruption.patch,1.67 KB, patch)
2006-12-23 08:33 UTC, Daniel Drake (RETIRED) 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Drake (RETIRED) gentoo-dev 2006-12-21 18:48:15 UTC 
Linux 2.6.x zlib_inflate function can be abused by filesystems that depend on zlib compression, such as cramfs. A failure to handle crafted data, result of a read operation in a corrupted filesystem stream, may lead to memory corruption and potential arbitrary code execution.
Comment 1 Daniel Drake (RETIRED) gentoo-dev 2006-12-23 08:33:41 UTC 
Created attachment 104639 [details, diff]
patch
Comment 2 Daniel Drake (RETIRED) gentoo-dev 2007-01-01 20:14:25 UTC 
*** Bug 154432 has been marked as a duplicate of this bug. ***
Comment 3 Daniel Drake (RETIRED) gentoo-dev 2007-01-05 06:31:57 UTC 
Fixed versions:
gentoo-sources-2.6.18-r6
genpatches-2.6.18-8
gentoo-sources-2.6.19-r3
genpatches-2.6.19-4
Comment 4 unnamedrambler 2008-03-07 01:08:36 UTC 
Proposed metadata:
[linux < 2.6.19.2] via http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.19.2
[gp < 2.6.18-8]
[gp > 2.6.18-8 < 2.6.19-4]
the following may be redundant:
[gentoo < 2.6.18-r6]
[gentoo > 2.6.18-r6 < 2.6.19-4]
Comment 5 unnamedrambler 2008-03-07 01:12:44 UTC 
Woo.. this was the first go so please excuse my mistake:
[gentoo > 2.6.18-r6 < 2.6.19-4] should read
[gentoo > 2.6.18-r6 < 2.6.19-r3]