Bug 217009

Summary: CVE-2006-6056 SELinux superblock_doinit denial of service
Product: Red Hat Enterprise Linux 5 Reporter: Marcel Holtmann <holtmann>
Component: kernelAssignee: Eric Paris <eparis>
Status: CLOSED CURRENTRELEASE QA Contact: Brian Brock <bbrock>
Severity: low Docs Contact:
Priority: medium    
Version: 5.0CC: dzickus, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=low,source=internet,reported=20061114,public=20061114
Fixed In Version: RC Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-02-08 00:52:48 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Marcel Holtmann 2006-11-23 06:02:33 UTC
From MOKB-14-11-2006:

http://projects.info-pull.com/mokb/MOKB-14-11-2006.html

Failure to handle mounting of corrupt filesystem streams may lead to a local
denial of service condition when SELinux hooks are enabled. This particular
vulnerability is caused by a null pointer dereference in the superblock_doinit
function.

Comment 1 Linda Wang 2006-11-30 20:07:08 UTC
since eric paris has the rhel4 one, aassign this one to him as well.


Comment 2 Don Zickus 2006-12-05 19:52:36 UTC
in 2.6.18-1.2817.el5

Comment 6 Jay Turner 2007-01-02 18:48:15 UTC
Marking dev ack since bug is in Modified.

Comment 7 RHEL Program Management 2007-02-08 00:52:48 UTC
A package has been built which should help the problem described in 
this bug report. This report is therefore being closed with a resolution 
of CURRENTRELEASE. You may reopen this bug report if the solution does 
not work for you.