Some more kernel fun: zlib and the missing FreeBSD UFS issue (related to MOKB-03-11-2006).

[L.M.H <lmh () info-pull com>]

Hi,

Two issues (I just want to make sure at least the first one gets out
before FUD/silent patches start going through the cli... err, git):

MOKB-07-11-2006: Linux 2.6.x zlib_inflate memory corruption:
http://projects.info-pull.com/mokb/MOKB-07-11-2006.html

MOKB-08-11-2006: FreeBSD 6.1 UFS filesystem ffs_rdextattr() integer overflow
http://projects.info-pull.com/mokb/MOKB-08-11-2006.html
(this one was weird to check)

On MOKB-07-11-2006, check the comment at Kernel Fun:
http://kernelfun.blogspot.com/2006/11/mokb-07-11-2006-linux-26x-zlibinflate.html

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=211668
-- quote
So, is anyone going to send the patch to lkml? The fix should be public before
the month of kernel bugs starts (nov 1).
-- end quote

No comments.

And: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=211237
-- quote
(...)
btw, infamy! http://projects.info-pull.com/mokb/MOKB-02-11-2006.html
(...)
A listing on MOKB, and the second bug too...  Sadly not my idea of a good
advertisement.
-- end quote

Since when does security have to do with advertisement? Ah, since
Apple started those scary commercials. Nevermind :>

Note: Nothing against Red Hat, there are nice guys working there as
well. Thanks to Eric for letting me know about the patches, he's doing
a good job fixing the issues.

If you try to hide shit under the carpet, it will stink anyway...
Food for thought, as usual.

Cheers.
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave