Bug#300783: marked as done (kernel-source-2.6.8: [CAN-2005-0815] Multiple range checking flaws in ISO9660 filesystem handler)

[Debian Bug Tracking System]

Your message dated Thu, 6 Oct 2005 13:38:11 +0900
with message-id <[EMAIL PROTECTED]>
and subject line #300783: kernel-source-2.6.8: [CAN-2005-0815] Multiple range 
checking flaws in ISO9660 filesystem handler
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 21 Mar 2005 20:53:55 +0000
>From [EMAIL PROTECTED] Mon Mar 21 12:53:55 2005
Return-path: <[EMAIL PROTECTED]>
Received: from inutil.org (vserver151.vserver151.serverflex.de) 
[193.22.164.111] 
        by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1DDTuN-0001al-00; Mon, 21 Mar 2005 12:53:55 -0800
Received: from p54894440.dip.t-dialin.net ([84.137.68.64] 
helo=localhost.localdomain)
        by vserver151.vserver151.serverflex.de with esmtpsa 
(TLS-1.0:RSA_AES_256_CBC_SHA:32)
        (Exim 4.44)
        id 1DDTuK-0005v4-Tv
        for [EMAIL PROTECTED]; Mon, 21 Mar 2005 21:53:53 +0100
Received: from jmm by localhost.localdomain with local (Exim 4.50)
        id 1DDTuK-0001nz-3D
        for [EMAIL PROTECTED]; Mon, 21 Mar 2005 21:53:52 +0100
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Moritz Muehlenhoff <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: kernel-source-2.6.8: [CAN-2005-0815] Multiple range checking flaws in
 ISO9660 filesystem handler
X-Mailer: reportbug 3.8
Date: Mon, 21 Mar 2005 21:53:51 +0100
X-Debbugs-Cc: [EMAIL PROTECTED]
Message-Id: <[EMAIL PROTECTED]>
X-SA-Exim-Connect-IP: 84.137.68.64
X-SA-Exim-Mail-From: [EMAIL PROTECTED]
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond 
expanded to false
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
        X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: kernel-source-2.6.8
Version: 2.6.8-14
Severity: important
Tags: security

Quoting an advisory by ISS:
Linux Kernel versions prior to 2.6.12-rc1 are vulnerable to unspecified
vulnerabilities in the ISO9660 filesystem handler, including the Rock Ridge
and Juliet extensions. A remote attacker could send a specially-crafted
filesystem to cause a denial of service or execute arbitrary code on the
system.

It's been fixed as of 2.6.12-rc1, according to
http://www.securityfocus.com/bid/12837 kernel 2.4 is affected as well.

There's a test program at http://www.securityfocus.com/archive/1/393590.

Cheers,
        Moritz 

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)

Versions of packages kernel-source-2.6.8 depends on:
ii  binutils                      2.15-5     The GNU assembler, linker and bina
ii  bzip2                         1.0.2-5    high-quality block-sorting file co
ii  coreutils [fileutils]         5.2.1-2    The GNU core utilities

---------------------------------------
Received: (at 300783-done) by bugs.debian.org; 6 Oct 2005 05:11:26 +0000
>From [EMAIL PROTECTED] Wed Oct 05 22:11:26 2005
Return-path: <[EMAIL PROTECTED]>
Received: from koto.vergenet.net [210.128.90.7] 
        by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
        id 1ENO2Q-0004Cd-00; Wed, 05 Oct 2005 22:11:26 -0700
Received: by koto.vergenet.net (Postfix, from userid 7100)
        id 9976334003; Thu,  6 Oct 2005 14:10:54 +0900 (JST)
Date: Thu, 6 Oct 2005 13:38:11 +0900
From: Horms <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: #300783: kernel-source-2.6.8: [CAN-2005-0815] Multiple range checking 
flaws in ISO9660 filesystem handler
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Cluestick: seven
User-Agent: Mutt/1.5.11
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no 
        version=2.60-bugs.debian.org_2005_01_02

#300783: kernel-source-2.6.8: [CAN-2005-0815] Multiple range checking flaws in 
ISO9660 filesystem handler

Fixed in 2.6.8-16

-- 
Horms


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]