Upstream information
Description
The do_splice_from function in fs/splice.c in the Linux kernel before 2.6.27 does not reject file descriptors that have the O_APPEND flag set, which allows local users to bypass append mode and make arbitrary changes to other locations in the file.NVD CVSS v2 Base Score: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Novell/SUSE information
Novell Bugzilla entry: 435151 SUSE Security Advisories:- SUSE-SA:2009:003, published Tue, 20 Jan 2009 18:00:00 +0000
- SUSE-SA:2009:030, published Mon, 08 Jun 2009 18:00:00 +0000
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| openSUSE 10.3 |
|
