Summary: | net-wireless/ndiswrapper <1.53-r1 Multiple buffer overflows (CVE-2008-4395) | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> | ||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | major | CC: | mobile+disabled, peper, vladimir | ||||||
Priority: | High | ||||||||
Version: | unspecified | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
URL: | https://bugs.launchpad.net/ubuntu/+source/linux/+bug/275860 | ||||||||
Whiteboard: | B0? [glsa] | ||||||||
Package list: | Runtime testing required: | --- | |||||||
Attachments: |
|
Description
Robert Buchholz (RETIRED)
2008-10-02 20:27:08 UTC
Piotr, please prepare an updated ebuild applying the patch and attach it to this bug. We will do prestable testing here. Do not commit anything to CVS. Created attachment 167023 [details, diff]
ndiswrapper-CVE-2008-4395.patch
Created attachment 167029 [details]
ndiswrapper-1.53.ebuild
Arch Security Liaisons, please test the attached ebuild and report it stable on this bug. Target keywords : "x86" CC'ing current Liaisons: x86 : maekke, armin76 looks good on x86 This is now public via: http://www.mail-archive.com/frugalware-git@frugalware.org/msg22366.html Please commit to CVS with the stable keyword gathered in this bug. done Please don't close security bugs right after your part of the work is done, the security team's is not done necessarily. :) Time for GLSA vote. Note that the Ubuntu advisory [1] talks about "arbitrary code [execution] with root privileges", so maybe we need to reclassify this. [1] http://www.ubuntu.com/usn/usn-662-1 CVE does so, too. Filed a request GLSA 200901-01, sorry for delay. |