Bug 142596 - app-crypt/cfs - integer overflow (CVE-2006-3123)
Bug#: 142596 Product:  Gentoo Security Version: unspecified Platform: All
OS/Version: Linux Status: RESOLVED Severity: trivial Priority: P2
Resolution: FIXED Assigned To: security@gentoo.org Reported By: carlo@gentoo.org
Component: Vulnerabilities
URL: 
Summary: app-crypt/cfs - integer overflow (CVE-2006-3123)
Keywords:  
Status Whiteboard: ~3 [tomask?] jaervosz
Opened: 2006-08-02 18:24 0000
Description:   Opened: 2006-08-02 18:24 0000 
from DSA 1138-1:

Carlo Contavalli discovered an integer overflow in CFS, a cryptographic
filesystem, which allows local users to crash the encryption daemon.

For the stable distribution (sarge) this problem has been fixed in
version 1.4.1-15sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 1.4.1-17.

------- Comment #1 From Thierry Carrez (RETIRED) 2006-08-12 08:00:11 0000 ------- 
mkennedy, please bump to latest version.

------- Comment #2 From Sune Kloppenborg Jeppesen 2006-09-05 06:25:58 0000 ------- 
mkennedy, please bump to latest version.

------- Comment #3 From Sune Kloppenborg Jeppesen 2006-09-13 23:29:10 0000 ------- 
-dev mailed for assistance.

------- Comment #4 From Sune Kloppenborg Jeppesen 2006-09-19 00:28:32 0000 ------- 
taviso/vapier could you try a bump?

------- Comment #5 From Sune Kloppenborg Jeppesen 2006-09-26 09:34:16 0000 ------- 
No response in 6 weeks, I suggest a mask. Security any comments?

------- Comment #6 From Thierry Carrez (RETIRED) 2006-09-27 12:55:54 0000 ------- 
I wouldn't mask it, sounds more like a bug than a vulnerability anyway...

------- Comment #7 From Matthew Kennedy (RETIRED) 2006-09-27 20:39:06 0000 ------- 
i updated it

------- Comment #8 From Matthias Geerdsen 2006-09-29 04:23:46 0000 ------- 
thanks... closing since it is not stable on any arch