Wow! Lots of kernel flaws...
Arjan van de Ven
arjan at fenrus.demon.nl
Wed Nov 22 20:51:00 UTC 2006
On Wed, 2006-11-22 at 14:27 -0600, Gilbert Sebenste wrote:
> Wowsers: a bunch of them released today...
>
> CVE-2006-6058 Publish Date: 11/21/2006
> The minix filesystem code in Linux kernel 2.6.x up to 2.6.18, and possibly
> other versions, allows local users to cause a denial of service (hang) via
> a malformed minix file stream that triggers an infinite loop in the
> minix_bmap function. NOTE: this issue might be due to an integer overflow
> or signedness error.
not THAT exciting at least :)
> CVE-2006-6055 Publish Date: 11/21/2006
> Stack-based buffer overflow in A5AGU.SYS 1.0.1.41 for the D-Link DWL-G132
> wireless adapter allows remote attackers to execute arbitrary code via a
> 802.11 beacon request with a long Rates information element (IE).
this is a WINDOWS driver!
the rest is basically the known set of "if you get enough power to have
a fully malformed filesystem the kernel oopses" category.. not that
urgent..
(should be fixed at some point of course like any kernel crash. But to
consider them as serious security issue... you could classify every
kernel oops as security that way)
More information about the fedora-test-list
mailing list