Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 158783 (CVE-2006-5823) - Linux 2.6.x zlib_inflate memory corruption (CVE-2006-5823)
Summary: Linux 2.6.x zlib_inflate memory corruption (CVE-2006-5823)
Alias: CVE-2006-5823
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: [linux <][gp < 2.6.18-8][gp ...
: 154432 (view as bug list)
Depends on:
Reported: 2006-12-21 18:48 UTC by Daniel Drake (RETIRED)
Modified: 2013-09-05 02:49 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

patch (1910_cramfs-block-corruption.patch,1.67 KB, patch)
2006-12-23 08:33 UTC, Daniel Drake (RETIRED)
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Drake (RETIRED) gentoo-dev 2006-12-21 18:48:15 UTC
Linux 2.6.x zlib_inflate function can be abused by filesystems that depend on zlib compression, such as cramfs. A failure to handle crafted data, result of a read operation in a corrupted filesystem stream, may lead to memory corruption and potential arbitrary code execution.
Comment 1 Daniel Drake (RETIRED) gentoo-dev 2006-12-23 08:33:41 UTC
Created attachment 104639 [details, diff]
Comment 2 Daniel Drake (RETIRED) gentoo-dev 2007-01-01 20:14:25 UTC
*** Bug 154432 has been marked as a duplicate of this bug. ***
Comment 3 Daniel Drake (RETIRED) gentoo-dev 2007-01-05 06:31:57 UTC
Fixed versions:
Comment 4 unnamedrambler 2008-03-07 01:08:36 UTC
Proposed metadata:
[linux <] via
[gp < 2.6.18-8]
[gp > 2.6.18-8 < 2.6.19-4]
the following may be redundant:
[gentoo < 2.6.18-r6]
[gentoo > 2.6.18-r6 < 2.6.19-4]
Comment 5 unnamedrambler 2008-03-07 01:12:44 UTC
Woo.. this was the first go so please excuse my mistake:
[gentoo > 2.6.18-r6 < 2.6.19-4] should read
[gentoo > 2.6.18-r6 < 2.6.19-r3]