CVE-2013-2224 RHEL-specific?
Hi,
I notice CVE-2013-2224 was marked in the security tracker as affecting
only RHEL kernels, but I just wanted to double-check that:
The issue was allegedly introduced into RHEL by a backport of a mainline
commit, to try to fix CVE-2012-3552:
> f6d8bd051c391c1c0458a30b2a7abcd939329259 (inet: add RCU protection to inet->opt)
But the Debian changelog[0] for 2.6.32-48squeeze3 (aka squeeze2)
mentions something similar was done:
* inet: add RCU protection to inet->opt (CVE-2012-3552)
and the actual same commit was seemingly applied as a patch[1].
[0]:
http://anonscm.debian.org/viewvc/kernel/dists/squeeze-security/linux-2.6/debian/changelog?revision=20073&view=markup
[1]:
http://anonscm.debian.org/viewvc/kernel/dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/inet-add-RCU-protection-to-inet-opt.patch?view=markup&pathrev=19969
Thanks,
Regards,
--
Steven Chamberlain
steven@pyro.eu.org
Reply to: