[kernel-sec-discuss] r757 - active
Martin Pitt
mpitt at alioth.debian.org
Fri Apr 27 10:39:30 UTC 2007
Author: mpitt
Date: 2007-04-27 10:39:30 +0000 (Fri, 27 Apr 2007)
New Revision: 757
Modified:
active/CVE-2007-0005
Log:
CVE-2007-0005: ubuntu status, git url
Modified: active/CVE-2007-0005
===================================================================
--- active/CVE-2007-0005 2007-04-27 10:27:58 UTC (rev 756)
+++ active/CVE-2007-0005 2007-04-27 10:39:30 UTC (rev 757)
@@ -1,8 +1,12 @@
Candidate: CVE-2007-0005
References:
+ http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=059819a41d4331316dd8ddcf977a24ab338f4300
Description:
Buffer Overflow in Omnikey CardMan 4040 cmx driver
Ubuntu-Description:
+ The Omnikey CardMan 4040 driver (cm4040_cs) did not limit the size of
+ buffers passed to read() and write(). A local attacker could exploit
+ this to execute arbitrary code with kernel privileges.
Notes:
dannf> Driver wasn't in sarge
Bugs:
@@ -11,6 +15,6 @@
2.6.18-etch-security: pending (2.6.18.dfsg.1-12etch1) [bugfix/cm4040-buffer-overflow.patch]
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
-2.6.12-breezy-security:
-2.6.15-dapper-security:
-2.6.17-edgy-security:
+2.6.15-dapper-security: needed
+2.6.17-edgy-security: needed
+2.6.20-feisty-security: needed
More information about the kernel-sec-discuss
mailing list