Bug#564110: r8169: Fix for CVE-2009-1389 introduces denial of service issue

To: maximilian attems <max@stro.at>
Cc: 564110@bugs.debian.org, dannf@debian.org
Subject: Bug#564110: r8169: Fix for CVE-2009-1389 introduces denial of service issue
From: Ben Hutchings <ben@decadent.org.uk>
Date: Wed, 17 Mar 2010 17:34:49 +0000
Message-id: <20100317173449.GC16821@decadent.org.uk>
Reply-to: Ben Hutchings <ben@decadent.org.uk>, 564110@bugs.debian.org
In-reply-to: <20100317170143.GE24621@baikonur.stro.at>
References: <20100317170143.GE24621@baikonur.stro.at>

On Wed, Mar 17, 2010 at 06:01:43PM +0100, maximilian attems wrote:
> issue got fixed in 2.6.32.9.
> is stable affected?

It's not properly fixed - if you ever change MTU the vulnerability will
be reopened.  And the fix introduces a severe performance regression even
for hardware that doesn't have the issue.

Unfortunately there seems to be no intersection between the groups of
people with affected hardware and people who have a clue how to write
drivers.

Ben.

-- 
Ben Hutchings
We get into the habit of living before acquiring the habit of thinking.
                                                              - Albert Camus

Reply to:

References:
- Bug#564110: r8169: Fix for CVE-2009-1389 introduces denial of service issue
  - From: maximilian attems <max@stro.at>

Prev by Date: Bug#574368: FTBFS on alpha and hppa
Next by Date: Bug#516374: Just one more question
Previous by thread: Bug#564110: r8169: Fix for CVE-2009-1389 introduces denial of service issue
Next by thread: Bug#570350: google-chrome makes reboot needed
Index(es):
- Date
- Thread