| Summary: | Kernel: UDF filesystem has some bugs on truncating (CVE-2006-4145) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> |
| Component: | Kernel | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | gimli, kang |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.17.y.git;a=commit;h=7127be29378b1230eb8dd8b84f18d6b69c56e959 | ||
| Whiteboard: | [linux <2.6.16.28] [linux >=2.6.17 <2.6.17.10] | ||
| Package list: | Runtime testing required: | --- | |
public now CVE-2006-4145, thanks gustavoz Maintainers, please bump. rsbac-sources-2.6: kang sh-sources-2.6: sh herd suspend2-sources-2.6: phreak usermode-sources-2.6: dang xbox-sources-2.6: gimli, chrb xen-sources-2.6: xen herd suspend2-sources bumped as of 13:16 UTC. usermode-sources-2.6.16-r5 added. xen-sources bumped to 2.6.16.28 RSBAC, Xbox, SH, please bump or patch. rsbac-sources bumped to 2.6.18 in ~ Xbox and SH are not covered by Security. Closing. |
Found by Alan Cox from Red Hat. Not sure wether this is public. > > Hi all, > > I found that UDF has bugs on truncating. > > When you do this: > > dd if=/dev/zero of=aaa bs=1024k count=2 seek=3000 > > , Linux will hang and die. > > The platform is Linux 2.6.16 on MIPS malta board. > > Ok I eventually sort of reproduced this on x86-64. It took a while > because in my environment I see a crash 2 or 3 hours after the test is > run, and that crash is on hardware that doesn't otherwise crash and > seems to be repeatable.