Package: kernel-source-2.6.8 Version: 2.6.8-13 Severity: critical Tags: security Justification: root security hole
Cite: " Linux kernel 2.6.10 and 2.6.11rc1-bk6 uses different size types for offset arguments to the proc_file_read and locks_read_proc functions, which leads to a heap-based buffer overflow when a signed comparison causes negative integers to be used in a positive context." The offending code is also in 2.6.8. A fix is at: http://linux.bkbits.net:8080/linux-2.6/[EMAIL PROTECTED] The original advisory is at: http://marc.theaimsgroup.com/?l=full-disclosure&m=110846727602817&w=2 The corresponding code in 2.4.27 lacks the bogus ssize_t cast. Therefore 2.4.27 should not be affected. Please also fix 2.6.9 and 2.6.10. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
