First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 78362
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Thierry Carrez (RETIRED) <koon@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
2.4.28-78362.patch 2.4 patch patch Tim Yamin (RETIRED) 2005-02-15 13:55 0000 10.13 KB Details | Diff
2.6.9-78362.patch 2.6.9 patch patch Tim Yamin (RETIRED) 2005-02-15 13:56 0000 2.37 KB Details | Diff
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 78362 depends on: Show dependency tree
Show dependency graph
Bug 78362 blocks:

Additional Comments: (this is where you put emerge --info)







View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-01-17 07:00 0000 
CAN-2004-1333
Integer overflow in the vc_resize function in the Linux kernel 2.4 and 2.6 before 2.6.10 allows local users to cause a denial of service (kernel crash) via a short new screen value, which leads to a buffer overflow.

------- Comment #1 From Thierry Carrez (RETIRED) 2005-01-17 07:04:24 0000 ------- 
See URL for common patches with bug 78363 and bug 74392.

------- Comment #2 From Adam Mondl (RETIRED) 2005-01-21 19:11:14 0000 ------- 
Fixed in ~x86 hardened-sources-2.4.28-r4

------- Comment #3 From Tim Yamin (RETIRED) 2005-02-15 13:55:52 0000 ------- 
Created an attachment (id=51304) [edit]
2.4 patch

------- Comment #4 From Tim Yamin (RETIRED) 2005-02-15 13:56:23 0000 ------- 
Created an attachment (id=51305) [edit]
2.6.9 patch

------- Comment #5 From Thierry Carrez (RETIRED) 2005-03-16 03:16:49 0000 ------- 
Mass-Ccing kern-sec@gentoo.org to make sure Kernel Security guys know about all
of these...

------- Comment #6 From Daniel Drake 2005-03-16 05:57:13 0000 ------- 
gentoo-dev-sources unaffected

------- Comment #7 From Tim Yamin (RETIRED) 2005-03-29 05:52:06 0000 ------- 
All fixed, closing bug.

------- Comment #8 From Tim Yamin (RETIRED) 2005-03-29 05:53:53 0000 ------- 
Hrm, a few of the branched sources still need fixing; reopening.

------- Comment #9 From Tim Yamin (RETIRED) 2005-03-29 06:03:16 0000 ------- 
`Kumba: It seems mips-sources-2.4.27, 2.4.28, 2.6.8.1 and 2.6.9 still need this
fix; anything >= 2.6.10 already includes it.

------- Comment #10 From Tim Yamin (RETIRED) 2005-04-06 15:13:56 0000 ------- 
openmosix-sources also needs patching; CCing cluster.

------- Comment #11 From Joshua Kinard 2005-04-23 22:30:24 0000 ------- 
mips-sources fixed.

------- Comment #12 From Tim Yamin (RETIRED) 2005-08-15 15:36:11 0000 ------- 
All fixed, closing bug.
First Last Prev Next    No search results available      Search page      Enter new bug