When the package maintainers backported CVE-2007-2878, [1] they made a
typo while adapting the code to kernel 2.6.15.
With [2] applied to the 2.6.15 source code, fat_ioctl_readdir() is as
follows:
...
down(&inode->i_sem);
ret = -ENOENT;
if (!IS_DEADDIR(inode)) {
ret = __fat_readdir(inode, filp, &buf, filldir, short_only, both);
}
down(&inode->i_sem);
...
The second down() should be an up().
This only affect the dapper kernels 2.6.15-28-51, but not later kernels
used in Ubuntu 6.10+, which kept the mutex_lock() / mutex_unlock() from
the original commit in kernel 2.6.21.2.
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2878
[2]
http://archive.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-source-2.6.15_2.6.15-51.66.diff.gz
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2007-2878
--
Wine causes process hang in kernel when running applications from FAT partition
https://bugs.launchpad.net/bugs/137978
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
