Package: kernel-source-2.4.27 Version: 2.4.27-10 Severity: normal Tags: security
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1768 reads: Race condition in the ia32 compatibility code for the execve system call in Linux kernel 2.4 before 2.4.31 and 2.6 before 2.6.6 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via a concurrent thread that increments a pointer count after the nargs function has counted the pointers, but before the count is copied from user space to kernel space, which leads to a buffer overflow. I looked in the pending Changelog for 2.4.27 and did not see this CAN number listed. Please be sure to reference this CAN number in the changelog when fixed, as you always do. Additional reference: http://marc.theaimsgroup.com/?l=bugtraq&m=112110120216116&w=2 Micah -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (990, 'testing'), (300, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.8-2-k7 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages kernel-source-2.4.27 depends on: ii binutils 2.16.1-2 The GNU assembler, linker and bina ii bzip2 1.0.2-7 high-quality block-sorting file co ii coreutils [fileutils] 5.2.1-2 The GNU core utilities ii fileutils 5.2.1-2 The GNU file management utilities Versions of packages kernel-source-2.4.27 recommends: ii gcc 4:4.0.0-2 The GNU C compiler ii libc6-dev [libc-dev] 2.3.2.ds1-22 GNU C Library: Development Librari ii make 3.80-9 The GNU version of the "make" util -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
