Bug#300783: marked as done (kernel-source-2.6.8: [CAN-2005-0815] Multiple range checking flaws in ISO9660 filesystem handler)

To: Horms <horms@debian.org>
Cc: Debian kernel team <debian-kernel@lists.debian.org>
Subject: Bug#300783: marked as done (kernel-source-2.6.8: [CAN-2005-0815] Multiple range checking flaws in ISO9660 filesystem handler)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Wed, 05 Oct 2005 23:18:14 -0700
Message-id: <[🔎] handler.300783.D300783.112857548616744.ackdone@bugs.debian.org>
In-reply-to: <20051006043811.GB19067@verge.net.au>
References: <20051006043811.GB19067@verge.net.au> <E1DDTuK-0001nz-3D@localhost.localdomain>

Your message dated Thu, 6 Oct 2005 13:38:11 +0900
with message-id <20051006043811.GB19067@verge.net.au>
and subject line #300783: kernel-source-2.6.8: [CAN-2005-0815] Multiple range checking flaws in ISO9660 filesystem handler
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 21 Mar 2005 20:53:55 +0000
>From jmm@inutil.org Mon Mar 21 12:53:55 2005
Return-path: <jmm@inutil.org>
Received: from inutil.org (vserver151.vserver151.serverflex.de) [193.22.164.111] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1DDTuN-0001al-00; Mon, 21 Mar 2005 12:53:55 -0800
Received: from p54894440.dip.t-dialin.net ([84.137.68.64] helo=localhost.localdomain)
	by vserver151.vserver151.serverflex.de with esmtpsa (TLS-1.0:RSA_AES_256_CBC_SHA:32)
	(Exim 4.44)
	id 1DDTuK-0005v4-Tv
	for submit@bugs.debian.org; Mon, 21 Mar 2005 21:53:53 +0100
Received: from jmm by localhost.localdomain with local (Exim 4.50)
	id 1DDTuK-0001nz-3D
	for submit@bugs.debian.org; Mon, 21 Mar 2005 21:53:52 +0100
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Moritz Muehlenhoff <jmm@inutil.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: kernel-source-2.6.8: [CAN-2005-0815] Multiple range checking flaws in
 ISO9660 filesystem handler
X-Mailer: reportbug 3.8
Date: Mon, 21 Mar 2005 21:53:51 +0100
X-Debbugs-Cc: security@debian.org
Message-Id: <E1DDTuK-0001nz-3D@localhost.localdomain>
X-SA-Exim-Connect-IP: 84.137.68.64
X-SA-Exim-Mail-From: jmm@inutil.org
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond expanded to false
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
	X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: kernel-source-2.6.8
Version: 2.6.8-14
Severity: important
Tags: security

Quoting an advisory by ISS:
Linux Kernel versions prior to 2.6.12-rc1 are vulnerable to unspecified
vulnerabilities in the ISO9660 filesystem handler, including the Rock Ridge
and Juliet extensions. A remote attacker could send a specially-crafted
filesystem to cause a denial of service or execute arbitrary code on the
system.

It's been fixed as of 2.6.12-rc1, according to
http://www.securityfocus.com/bid/12837 kernel 2.4 is affected as well.

There's a test program at http://www.securityfocus.com/archive/1/393590.

Cheers,
        Moritz 

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)

Versions of packages kernel-source-2.6.8 depends on:
ii  binutils                      2.15-5     The GNU assembler, linker and bina
ii  bzip2                         1.0.2-5    high-quality block-sorting file co
ii  coreutils [fileutils]         5.2.1-2    The GNU core utilities

---------------------------------------
Received: (at 300783-done) by bugs.debian.org; 6 Oct 2005 05:11:26 +0000
>From horms@koto.vergenet.net Wed Oct 05 22:11:26 2005
Return-path: <horms@koto.vergenet.net>
Received: from koto.vergenet.net [210.128.90.7] 
	by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
	id 1ENO2Q-0004Cd-00; Wed, 05 Oct 2005 22:11:26 -0700
Received: by koto.vergenet.net (Postfix, from userid 7100)
	id 9976334003; Thu,  6 Oct 2005 14:10:54 +0900 (JST)
Date: Thu, 6 Oct 2005 13:38:11 +0900
From: Horms <horms@debian.org>
To: 300783-done@bugs.debian.org
Subject: #300783: kernel-source-2.6.8: [CAN-2005-0815] Multiple range checking flaws in ISO9660 filesystem handler
Message-ID: <20051006043811.GB19067@verge.net.au>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Cluestick: seven
User-Agent: Mutt/1.5.11
Delivered-To: 300783-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no 
	version=2.60-bugs.debian.org_2005_01_02

#300783: kernel-source-2.6.8: [CAN-2005-0815] Multiple range checking flaws in ISO9660 filesystem handler

Fixed in 2.6.8-16

-- 
Horms

Reply to:

Prev by Date: Re: 2.6.13, experimental and 2.6.14-rc ...
Next by Date: Bug#295949: marked as done (kernel-source-2.6.8: [CAN-2005-0449] skb_checksum_help DoS)
Previous by thread: Processed: Re: Bug#321442: kernel-source-2.6.8: fails to compile on powerpc (drivers/ide/ppc/pmac.c)
Next by thread: Bug#295949: marked as done (kernel-source-2.6.8: [CAN-2005-0449] skb_checksum_help DoS)
Index(es):
- Date
- Thread