Wow! Lots of kernel flaws...

Gilbert Sebenste sebenste at weather.admin.niu.edu
Wed Nov 22 20:27:47 UTC 2006 

Wowsers: a bunch of them released today...

CVE-2006-6058  Publish Date: 11/21/2006
The minix filesystem code in Linux kernel 2.6.x up to 2.6.18, and possibly 
other versions, allows local users to cause a denial of service (hang) via 
a malformed minix file stream that triggers an infinite loop in the 
minix_bmap function. NOTE: this issue might be due to an integer overflow 
or signedness error.

CVE-2006-6057  Publish Date: 11/21/2006
The Linux kernel 2.6.x up to 2.6.18, and possibly other versions, on 
Fedora Core 6 and possibly other operating systems, allows local users to 
cause a denial of service (crash) via a malformed gfs2 file stream that 
triggers a NULL pointer dereference in the init_journal function.

CVE-2006-6056  Publish Date: 11/21/2006
Linux kernel 2.6.x up to 2.6.18 and possibly other versions, when SELinux 
hooks are enabled, allows local users to cause a denial of service (crash) 
via a malformed file stream that triggers a NULL pointer dereference in 
the superblock_doinit function, as demonstrated using an HFS filesystem 
image.

CVE-2006-6055  Publish Date: 11/21/2006
Stack-based buffer overflow in A5AGU.SYS 1.0.1.41 for the D-Link DWL-G132 
wireless adapter allows remote attackers to execute arbitrary code via a 
802.11 beacon request with a long Rates information element (IE).

CVE-2006-6054  Publish Date: 11/21/2006
The ext2 file system code in Linux kernel 2.6.x allows local users to 
cause a denial of service (crash) via an ext2 stream with malformed data 
structures that triggers an error in the ext2_check_page due to a length 
that is smaller than the minimum.

CVE-2006-6053  Publish Date: 11/21/2006
The ext3fs_dirhash function in Linux kernel 2.6.x allows local users to 
cause a denial of service (crash) via an ext3 stream with malformed data 
structures.

----
I can file a bugzilla...

*******************************************************************************
Gilbert Sebenste                                                     ********
(My opinions only!)                                                  ******
Staff Meteorologist, Northern Illinois University                      ****
E-mail: sebenste at weather.admin.niu.edu                                  ***
web: http://weather.admin.niu.edu                                      **
*******************************************************************************

More information about the fedora-test-list mailing list