new 2.4.28 package to clse smbfs kernel vulnerability?

To: debian-devel@lists.debian.org
Subject: new 2.4.28 package to clse smbfs kernel vulnerability?
From: Christophe Chisogne <christophe@publicityweb.com>
Date: Tue, 23 Nov 2004 11:44:27 +0100
Message-id: <[🔎] 41A3148B.8000207@publicityweb.com>


A new vuln (smbfs) found in linux kernel [1,2] affects
all 2.4 but 2.4.28 and all 2.6 (till 2.6.9),
according to securityfocus [1]. Thanks Slashdot...

Is someone working on it (new 2.4.27 or 2.4.28 kernel package)?
Perhaps I should download/compile a 2.4.28 from kernel.org,
but I dont want to miss additional Debian patches :)
Perhaps I'll only wait for kernel-source.2.4.28 deb

PS If someone know _if_ a bug report is needed and where post it,
   dont hesitate to do it. I dont know if this will affect
   the new (rc2) debian installer (based on 2.4.27?)

Christophe

[1] Linux Kernel SMBFS Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/11695/info

[2] Changelog kernel 2.4.28
http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.28

From [2]:

"2.4.28-rc4 was released as 2.4.28 with no changes.(...)
Summary of changes from v2.4.28-rc2 to v2.4.28-rc3(...)
Stefan Esser:
  o Improved smbfs client overflow fix (...)
Summary of changes from v2.4.28-rc1 to v2.4.28-rc2 (...)
Marcelo Tosatti:
  o Urban Widmark: Fix smbfs client overflow
"

Reply to:

Follow-Ups:
- Re: new 2.4.28 package to clse smbfs kernel vulnerability?
  - From: Henrique de Moraes Holschuh <hmh@debian.org>

Prev by Date: Re: deselect survey
Next by Date: I need some help
Previous by thread: Re: deselect survey
Next by thread: Re: new 2.4.28 package to clse smbfs kernel vulnerability?
Index(es):
- Date
- Thread