Package: kernel-image-2.6.8-3-686-smp Version: 2.6.8-16sarge4 Severity: important Tags: security http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0457 Race condition in the (1) add_key, (2) request_key, and (3) keyctl functions in Linux kernel 2.6.x allows local users to cause a denial of service (crash) or read sensitive kernel memory by modifying the length of a string argument between the time that the kernel calculates the length and when it copies the data into kernel memory. It's fixed at http://www.ubuntu.com/usn/usn-263-1 , so possibly a patch could be gotten from them. Thanks, -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-3-686-smp Locale: LANG=en_US.ISO-8859-1, LC_CTYPE=en_US.ISO-8859-1 (charmap=ISO-8859-1) (ignored: LC_ALL set to en_US.ISO-8859-1) Versions of packages kernel-image-2.6.8-3-686-smp depends on: ii coreutils [fileutils] 5.2.1-2 The GNU core utilities ii fileutils 5.2.1-2 The GNU file management utilities ii initrd-tools 0.1.81.1 tools to create initrd image for p ii module-init-tools 3.2-pre1-2 tools for managing Linux kernel mo -- no debconf information -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : sgran@debian.org | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
Attachment:
signature.asc
Description: Digital signature