Ubuntu
linux-meta package

[linux-source] multiple DoS vulnerabilities

Bug #164011 reported by disabled.user on 2007-11-20

254

Affects		Status	Importance	Assigned to	Milestone
	linux-meta (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

Binary package hint: linux-source

References:
[1]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6058
[2]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4997

Quoting [1]:
"The minix filesystem code in Linux kernel 2.6.x up to 2.6.18, and possibly other versions, allows local users to cause a denial of service (hang) via a malformed minix file stream that triggers an infinite loop in the minix_bmap function. NOTE: this issue might be due to an integer overflow or signedness error."

Quoting [2]:
"Integer underflow in the ieee80211_rx function in net/ieee80211/ieee80211_rx.c in the Linux kernel 2.6.x before 2.6.23 allows remote attackers to cause a denial of service (crash) via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA flag is set, aka an "off-by-two error.""

CVE References

Revision history for this message

disabled.user (disabled.user-deactivatedaccount) wrote on 2007-12-11:

See also:
DSA-1428-1 (http://www.debian.org/security/2007/dsa-1428)

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2008-10-16:

These were fixed long ago in:
http://www.ubuntu.com/usn/usn-574-1
http://www.ubuntu.com/usn/usn-578-1
http://www.ubuntu.com/usn/usn-558-1

Changed in linux-meta:
status:	New → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux-meta package