Bug#323173: CAN-2005-245[89]: Two vulnerabilities in the kernel's zlib
On Mon, Aug 15, 2005 at 07:53:03PM +0900, Horms wrote:
> On Mon, Aug 15, 2005 at 10:24:51AM +0200, Moritz Muehlenhoff wrote:
> > Package: linux-2.6
> > Severity: important
> > Tags: security patch
> >
> > There are another two vulnerabilities fixed in 2.6.12.5, that might require
> > backporting to 2.6.8 and 2.4.27. Please see
> > http://kernel.org/git/?p=linux/kernel/git/chrisw/linux-2.6.12.y.git;a=commit;h=885605316d76c3fdce23dffe9c59e20539287c6b
> > for descriptions, links and patches.
>
> I have added this to linux-2.6 (except the bit that updates the kernel version).
>
> For the record:
>
> sys_set_mempolicy-mode-check.patch
> 2.6.8: Does not appear to have this problem
2.4.27: Does not appear to have this problem
> x86_64-srat-dual-core-amd.patch
> 2.6.8: Does not appear to have this problem
2.4.27: Does not appear to have this problem
> x86_64-fix-smpboot-timing-problem.patch
> 2.6.8: Does not appear to have this problem
2.4.27: Does not appear to have this problem
> linux-zlib-fixes.patch (CAN-2005-2458, CAN-2005-2459)
> 2.6.8: Added as linux-zlib-fixes.dpatch
2.4.27: Added as 182_linux-zlib-fixes.diff
> zisofs.patch
> 2.6.8: Added as zisofs.dpatch
Added as 183_zisofs.diff
This smells like something that averts an overrun to me
> key-session-join.patch: CAN-2005-2098
> 2.6.8: Does not appear to have this problem
2.4.27: Does not appear to have this problem
> failed-keyring-oops.patch: CAN-2005-2099
> 2.6.8: Does not appear to have this problem
2.4.27: Does not appear to have this problem
> module-per-cpu-alignment-fix.patch
> 2.6.8: added as module-per-cpu-alignment-fix.dpatch
2.4.27: Does not appear to have this problem
> I will try to get to 2.4.27 tomorrow.
Done :)
--
Horms
Reply to: