On Wed, 2006-11-22 at 14:27 -0600, Gilbert Sebenste wrote: > Wowsers: a bunch of them released today... > > CVE-2006-6058 Publish Date: 11/21/2006 > The minix filesystem code in Linux kernel 2.6.x up to 2.6.18, and possibly > other versions, allows local users to cause a denial of service (hang) via > a malformed minix file stream that triggers an infinite loop in the > minix_bmap function. NOTE: this issue might be due to an integer overflow > or signedness error. not THAT exciting at least :) > CVE-2006-6055 Publish Date: 11/21/2006 > Stack-based buffer overflow in A5AGU.SYS 1.0.1.41 for the D-Link DWL-G132 > wireless adapter allows remote attackers to execute arbitrary code via a > 802.11 beacon request with a long Rates information element (IE). this is a WINDOWS driver! the rest is basically the known set of "if you get enough power to have a fully malformed filesystem the kernel oopses" category.. not that urgent.. (should be fixed at some point of course like any kernel crash. But to consider them as serious security issue... you could classify every kernel oops as security that way) -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list