CVE-2013-2224 RHEL-specific?

To: Moritz Muehlenhoff <jmm@debian.org>
Cc: Debian kernel maintainers <debian-kernel@lists.debian.org>, debian-security-tracker@lists.debian.org
Subject: CVE-2013-2224 RHEL-specific?
From: Steven Chamberlain <steven@pyro.eu.org>
Date: Fri, 05 Jul 2013 10:54:26 +0100
Message-id: <[🔎] 51D697D2.8020101@pyro.eu.org>

Hi,

I notice CVE-2013-2224 was marked in the security tracker as affecting
only RHEL kernels, but I just wanted to double-check that:

The issue was allegedly introduced into RHEL by a backport of a mainline
commit, to try to fix CVE-2012-3552:

> f6d8bd051c391c1c0458a30b2a7abcd939329259 (inet: add RCU protection to inet->opt)

But the Debian changelog[0] for 2.6.32-48squeeze3 (aka squeeze2)
mentions something similar was done:

* inet: add RCU protection to inet->opt (CVE-2012-3552)

and the actual same commit was seemingly applied as a patch[1].

[0]:
http://anonscm.debian.org/viewvc/kernel/dists/squeeze-security/linux-2.6/debian/changelog?revision=20073&view=markup

[1]:
http://anonscm.debian.org/viewvc/kernel/dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/inet-add-RCU-protection-to-inet-opt.patch?view=markup&pathrev=19969

Thanks,
Regards,
-- 
Steven Chamberlain
steven@pyro.eu.org

Reply to:

Follow-Ups:
- Re: CVE-2013-2224 RHEL-specific?
  - From: Ben Hutchings <ben@decadent.org.uk>

Prev by Date: External check
Next by Date: Re: CVE-2013-2224 RHEL-specific?
Previous by thread: External check
Next by thread: Re: CVE-2013-2224 RHEL-specific?
Index(es):
- Date
- Thread