[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

new 2.4.28 package to clse smbfs kernel vulnerability?

A new vuln (smbfs) found in linux kernel [1,2] affects
all 2.4 but 2.4.28 and all 2.6 (till 2.6.9),
according to securityfocus [1]. Thanks Slashdot...

Is someone working on it (new 2.4.27 or 2.4.28 kernel package)?
Perhaps I should download/compile a 2.4.28 from kernel.org,
but I dont want to miss additional Debian patches :)
Perhaps I'll only wait for kernel-source.2.4.28 deb

PS If someone know _if_ a bug report is needed and where post it,
   dont hesitate to do it. I dont know if this will affect
   the new (rc2) debian installer (based on 2.4.27?)


[1] Linux Kernel SMBFS Multiple Remote Vulnerabilities

[2] Changelog kernel 2.4.28

From [2]:

"2.4.28-rc4 was released as 2.4.28 with no changes.(...)
Summary of changes from v2.4.28-rc2 to v2.4.28-rc3(...)
Stefan Esser:
  o Improved smbfs client overflow fix (...)
Summary of changes from v2.4.28-rc1 to v2.4.28-rc2 (...)
Marcelo Tosatti:
  o Urban Widmark: Fix smbfs client overflow

Reply to: