Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 158785

Summary: Linux 2.6.x ext2_check_page denial of service (CVE-2006-6054)
Product: Gentoo Security Reporter: Daniel Drake (RETIRED) <dsd>
Component: KernelAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: unnamedrambler
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://projects.info-pull.com/mokb/MOKB-12-11-2006.html
Whiteboard: [linux < 2.6.16.38][gp < 2.6.18-8][gp >= 2.6.19-1 < 2.6.19-4][gentoo < 2.6.18-r6][gentoo >= 2.6.19 < 2.6.19-r3]
Package list:
Runtime testing required: ---

Description Daniel Drake (RETIRED) gentoo-dev 2006-12-21 18:50:39 UTC 
Linux 2.6.x ext2 filesystem code fails to properly handle corrupted data structures, leading to an exploitable denial of service issue when read operation is being done on a crafted fs stream.
Comment 1 Daniel Drake (RETIRED) gentoo-dev 2006-12-22 11:53:37 UTC 
Patch here:
http://lkml.org/lkml/2006/12/21/208

Not yet upstream, but it was only sent yesterday.
Comment 2 Daniel Drake (RETIRED) gentoo-dev 2007-01-05 06:32:48 UTC 
Fixed versions:
gentoo-sources-2.6.18-r6
genpatches-2.6.18-8
gentoo-sources-2.6.19-r3
genpatches-2.6.19-4
Comment 3 unnamedrambler 2008-03-07 01:37:03 UTC 
Proposed metadata:
[linux < 2.6.16.38] via http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.38
[gp < 2.6.18-8]
[gp > 2.6.18-8 < 2.6.19-4]
[gentoo < 2.6.18-r6]
[gentoo > 2.6.18-r6 < 2.6.19-r3]