Bug#564110: r8169: Fix for CVE-2009-1389 introduces denial of service issue
On Wed, Mar 17, 2010 at 06:01:43PM +0100, maximilian attems wrote:
> issue got fixed in 2.6.32.9.
> is stable affected?
It's not properly fixed - if you ever change MTU the vulnerability will
be reopened. And the fix introduces a severe performance regression even
for hardware that doesn't have the issue.
Unfortunately there seems to be no intersection between the groups of
people with affected hardware and people who have a clue how to write
drivers.
Ben.
--
Ben Hutchings
We get into the habit of living before acquiring the habit of thinking.
- Albert Camus
Reply to: