Bug#601747: RDS protocol vulnerability

To: submit@bugs.debian.org
Subject: Bug#601747: RDS protocol vulnerability
From: Hideki Yamane <henrich@debian.or.jp>
Date: Fri, 29 Oct 2010 18:07:13 +0900
Message-id: <[🔎] AANLkTi=i-YmQUCySZ3ThZB50xsLmw-fQDGFf-REXLsVt@mail.gmail.com>
Reply-to: Hideki Yamane <henrich@debian.or.jp>, 601747@bugs.debian.org

Package: linux-2.6
Version: 2.6.32-26
Severity: critical
Tags: security, patch

Hi,

 You know, RDS protocol vulnerability was found in Linux kernel.
 US-Cert says (http://www.kb.cert.org/vuls/id/362983)

> The RDS protocol implementation of Linux kernels 2.6.30 through
> 2.6.38-rc8 contain a local privilege escalation vulnerability.

 And the patch from upstream git
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff_plain;h=799c10559d60f159ab2232203f222f18fa3c4a5f
 can apply to 2.6.32-26 with 1 hunk, please check it.

 thanks.

Reply to:

Follow-Ups:
- Bug#601747: RDS protocol vulnerability
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Re: Bug#601732: xserver-xorg-video-intel: render error upon S3 wakeup
Next by Date: Bug#601723: linux-image-2.6.32-5-686: /proc/net/dev report incorrect bytes number (both TX and RX)
Previous by thread: Bug#601732: xserver-xorg-video-intel: render error upon S3 wakeup
Next by thread: Bug#601747: RDS protocol vulnerability
Index(es):
- Date
- Thread