Package: linux-2.6 Version: 2.6.25-6 Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for linux-2.6. CVE-2008-0598[0]: | Unspecified vulnerability in the 32-bit and 64-bit emulation in the | Linux kernel 2.6.9, 2.6.18, and probably other versions allows local | users to read uninitialized memory via unknown vectors involving a | crafted binary. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. A patch can be found in the redhat report: https://bugzilla.redhat.com/attachment.cgi?id=311794 The path to this file changed, it's x86/lib/copy_user_64.S in our source packages. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0598 http://security-tracker.debian.net/tracker/CVE-2008-0598 -- Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
pgp9lmSPxVutc.pgp
Description: PGP signature