Not sure wether this is fixed in all 2.6.18 sources: ------- Additional Comment #8 From David Howells 2007-02-06 03:12 ------- Okay... Found it: the key serial number collision avoidance code is wrong. This didn't use to be a problem as the key serial numbers were allocated from a simple incremented counter, and you'd have to go through 2 billion keys before encountering a collision. However, now that random numbers are used instead, collisions are much more likely.
CVE-2007-0006
proposed metadata: [linux < 2.6.16.42] a0cd22f8e3a0cd4f6d8b08103629cbbc29a0c9fb [linux >= 2.6.17 < 2.6.19.5] 76d21f587d66f8508f6448c7253e46ff1881bec9 [linux >= 2.6.20 < 2.6.20.2] dbd60d51abaf4c31f4c4b5e521745af301535447 also patched in linux 2.6.21 9ad0830f307bcd8dc285cfae58998d43b21727f4 [gp < 2.6.19-8] [gp >= 2.6.20-1 < 2.6.20-3]