Re: CVE-2009-3725
On Sun, 2009-11-08 at 11:08 +0100, Moritz Muehlenhoff wrote:
> Thanks, fixed in SVN.
Thanks ! However version 2.6.31-1 in sid is still marked as vulnerable.
The comment at the end of the page says:
two issues fixed in 2.6.31-1 and two issues still yet to be resolved
However, when I look at:
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.5
it seems that the 4 issues are fixed:
uvesafb/connector: Disallow unpliviged users to send netlink packets
pohmelfs/connector: Disallow unpliviged users to configure pohmelfs
dst/connector: Disallow unpliviged users to configure dst
dm/connector: Only process connector packages from privileged processes
--
Laurent Bonnaud.
http://www.lis.inpg.fr/pages_perso/bonnaud/
Reply to: