[kernel-sec-discuss] r1423 - active
Michael Gilbert
gilbert-guest at alioth.debian.org
Fri Jul 17 06:58:47 UTC 2009
Author: gilbert-guest
Date: 2009-07-17 06:58:46 +0000 (Fri, 17 Jul 2009)
New Revision: 1423
Added:
active/spengler-0day
Log:
new issue
Copied: active/spengler-0day (from rev 1412, active/00boilerplate)
===================================================================
--- active/spengler-0day (rev 0)
+++ active/spengler-0day 2009-07-17 06:58:46 UTC (rev 1423)
@@ -0,0 +1,19 @@
+Candidate:
+Description:
+ Exploitable null pointer dereference bypass
+References:
+ http://seclists.org/fulldisclosure/2009/Jul/0241.html
+ http://grsecurity.net/~spender/cheddar_bay.tgz
+Ubuntu-Description:
+Notes:
+ According to description, vulnerability introduced in commit 33dccbb050bbe35b88ca8cf1228dcf3e4d4b3554, so apparently only 2.6.30 affected? Notes also say commit backported to RHEL5's 2.6.18, and this it is affected; doubt debian kernels would have gotten the same, but it should be checked.
+Bugs:
+upstream:
+linux-2.6:
+2.6.18-etch-security:
+2.6.24-etch-security:
+2.6.26-lenny-security:
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
Property changes on: active/spengler-0day
___________________________________________________________________
Added: svn:mergeinfo
+
More information about the kernel-sec-discuss
mailing list