Linux 2.6.x zlib_inflate function can be abused by filesystems that depend on zlib compression, such as cramfs. A failure to handle crafted data, result of a read operation in a corrupted filesystem stream, may lead to memory corruption and potential arbitrary code execution.
Created attachment 104639 [details, diff] patch
*** Bug 154432 has been marked as a duplicate of this bug. ***
Fixed versions: gentoo-sources-2.6.18-r6 genpatches-2.6.18-8 gentoo-sources-2.6.19-r3 genpatches-2.6.19-4
Proposed metadata: [linux < 2.6.19.2] via http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.19.2 [gp < 2.6.18-8] [gp > 2.6.18-8 < 2.6.19-4] the following may be redundant: [gentoo < 2.6.18-r6] [gentoo > 2.6.18-r6 < 2.6.19-4]
Woo.. this was the first go so please excuse my mistake: [gentoo > 2.6.18-r6 < 2.6.19-4] should read [gentoo > 2.6.18-r6 < 2.6.19-r3]