Package: linux-2.6 Severity: important Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for linux-2.6. CVE-2007-4571[0]: | The snd_mem_proc_read function in sound/core/memalloc.c in the | Advanced Linux Sound Architecture (ALSA) in the Linux kernel before | 2.6.22.8 does not return the correct write size, which allows local | users to obtain sensitive information (kernel memory contents) via a | small count argument, as demonstrated by multiple reads of | /proc/driver/snd-page-alloc. If you fix this vulnerability please also include the CVE id in your changelog entry. You can find a fix on: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ccec6e2c4a74adf76ed4e2478091a311b1806212 For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4571 Kind regards Nico -- Nico Golde - http://ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
pgplQmD6XS5Sm.pgp
Description: PGP signature