On Fri, Feb 25, 2005 at 03:05:58PM +0100, Stefan Fritsch wrote: > Package: kernel-source-2.6.8 > Version: 2.6.8-13 > Severity: critical > Tags: security > Justification: root security hole > > Cite: > "The reiserfs_copy_from_user_to_file_region function in reiserfs/file.c for > Linux kernel > 2.6.10 and 2.6.11 before 2.6.11-rc4, when running on 64-bit architectures, > may allow local > users to trigger a buffer overflow as a result of casting discrepancies > between size_t and > int data types." > > The offending code is also in 2.6.8. A fix is at > http://linux.bkbits.net:8080/linux-2.6/[EMAIL PROTECTED] > > The original advisory is at > http://marc.theaimsgroup.com/?l=full-disclosure&m=110846727602817&w=2 > > > Please fix 2.6.9 and 2.6.10 as well. I have also looked at 2.4.27 but > couldn't find any > similar code.
Thanks, that seems good to me. I will work on getting it into 2.4.8 and 2.6.10, and also double-check 2.4.27. 2.6.9 is no longer maintained. -- Horms -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
