Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 158783 (CVE-2006-5823)

Summary: Linux 2.6.x zlib_inflate memory corruption (CVE-2006-5823)
Product: Gentoo Security Reporter: Daniel Drake (RETIRED) <dsd>
Component: KernelAssignee: Gentoo Security <security>
Severity: normal CC: gentoomail, unnamedrambler
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: [linux <][gp < 2.6.18-8][gp >= 2.6.19-1 < 2.6.19-4][gentoo >= 2.6.19 < 2.6.19-r3]
Package list:
Runtime testing required: ---
Description Flags
patch none

Description Daniel Drake (RETIRED) gentoo-dev 2006-12-21 18:48:15 UTC
Linux 2.6.x zlib_inflate function can be abused by filesystems that depend on zlib compression, such as cramfs. A failure to handle crafted data, result of a read operation in a corrupted filesystem stream, may lead to memory corruption and potential arbitrary code execution.
Comment 1 Daniel Drake (RETIRED) gentoo-dev 2006-12-23 08:33:41 UTC
Created attachment 104639 [details, diff]
Comment 2 Daniel Drake (RETIRED) gentoo-dev 2007-01-01 20:14:25 UTC
*** Bug 154432 has been marked as a duplicate of this bug. ***
Comment 3 Daniel Drake (RETIRED) gentoo-dev 2007-01-05 06:31:57 UTC
Fixed versions:
Comment 4 unnamedrambler 2008-03-07 01:08:36 UTC
Proposed metadata:
[linux <] via
[gp < 2.6.18-8]
[gp > 2.6.18-8 < 2.6.19-4]
the following may be redundant:
[gentoo < 2.6.18-r6]
[gentoo > 2.6.18-r6 < 2.6.19-4]
Comment 5 unnamedrambler 2008-03-07 01:12:44 UTC
Woo.. this was the first go so please excuse my mistake:
[gentoo > 2.6.18-r6 < 2.6.19-4] should read
[gentoo > 2.6.18-r6 < 2.6.19-r3]