Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 142596 - app-crypt/cfs - integer overflow (CVE-2006-3123)
Summary: app-crypt/cfs - integer overflow (CVE-2006-3123)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High trivial (vote)
Assignee: Gentoo Security
URL:
Whiteboard: ~3 [tomask?] jaervosz
Keywords:
Depends on:
Blocks:
 
Reported: 2006-08-02 18:24 UTC by Carsten Lohrke (RETIRED)
Modified: 2006-09-29 04:23 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Carsten Lohrke (RETIRED) gentoo-dev 2006-08-02 18:24:47 UTC 
from DSA 1138-1:

Carlo Contavalli discovered an integer overflow in CFS, a cryptographic
filesystem, which allows local users to crash the encryption daemon.

For the stable distribution (sarge) this problem has been fixed in
version 1.4.1-15sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 1.4.1-17.
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2006-08-12 08:00:11 UTC 
mkennedy, please bump to latest version.
Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-09-05 06:25:58 UTC 
mkennedy, please bump to latest version.
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-09-13 23:29:10 UTC 
-dev mailed for assistance.
Comment 4 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-09-19 00:28:32 UTC 
taviso/vapier could you try a bump?
Comment 5 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-09-26 09:34:16 UTC 
No response in 6 weeks, I suggest a mask. Security any comments?
Comment 6 Thierry Carrez (RETIRED) gentoo-dev 2006-09-27 12:55:54 UTC 
I wouldn't mask it, sounds more like a bug than a vulnerability anyway...
Comment 7 Matthew Kennedy (RETIRED) gentoo-dev 2006-09-27 20:39:06 UTC 
i updated it
Comment 8 Matthias Geerdsen (RETIRED) gentoo-dev 2006-09-29 04:23:46 UTC 
thanks... closing since it is not stable on any arch