[Frugalware-darcs] homepage-ng: FSA192-kernel

voroskoi voroskoi at frugalware.org
Thu Jun 7 12:08:06 CEST 2007


Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=homepage-ng;a=darcs_commitdiff;h=20070607100013-dd049-6a1938104a70ef0e2ae13fc7102f0907bffeb8da.gz;

[FSA192-kernel
voroskoi <voroskoi at frugalware.org>**20070607100013] {
hunk ./frugalware/xml/security.xml 29
+	<fsa>
+		<id>192</id>
+		<date>2007-06-07</date>
+		<author>voroskoi</author>
+		<package>kernel</package>
+		<vulnerable>2.6.20-5terminus3</vulnerable>
+		<unaffected>2.6.20-5terminus4</unaffected>
+		<bts>http://bugs.frugalware.org/task/2097</bts>
+		<cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2007-2480
+			http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2007-2525</cve>
+		<desc>Some vulnerabilities have been reported in the Linux Kernel, which=
 potentially can be exploited by malicious, local users to cause a DoS (Den=
ial of Service) or disclose potentially sensitive information.
+			1) A memory leak exists when releasing PPPoE sockets after they are con=
nected, but before the "PPPIOCGCHAN" ioctl is called. This can be exploited=
 to cause a DoS due to memory exhaustion.
+			2) An error within the "_udp_lib_get_port()" function in net/ipv4/udp.c=
 can be exploited to intercept traffic by binding to a port using a local a=
ddress if a wildcard bind exists with a local address to that port.</desc>
+	</fsa>
}


More information about the Frugalware-darcs mailing list