Re: CVE-2009-3725

To: debian-security-tracker@lists.debian.org
Subject: Re: CVE-2009-3725
From: Laurent Bonnaud <Laurent.Bonnaud@inpg.fr>
Date: Tue, 10 Nov 2009 09:49:00 +0100
Message-id: <[🔎] 1257842940.29589.114.camel@localhost>
In-reply-to: <[🔎] 20091108100802.GA4552@galadriel.inutil.org>
References: <[🔎] 1257673575.21003.16.camel@localhost> <[🔎] 20091108100802.GA4552@galadriel.inutil.org>

On Sun, 2009-11-08 at 11:08 +0100, Moritz Muehlenhoff wrote:

> Thanks, fixed in SVN.

Thanks !  However version 2.6.31-1 in sid is still marked as vulnerable.
The comment at the end of the page says:

  two issues fixed in 2.6.31-1 and two issues still yet to be resolved

However, when I look at:

  http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.5 

it seems that the 4 issues are fixed:

  uvesafb/connector: Disallow unpliviged users to send netlink packets
  pohmelfs/connector: Disallow unpliviged users to configure pohmelfs
  dst/connector: Disallow unpliviged users to configure dst
  dm/connector: Only process connector packages from privileged processes

-- 
Laurent Bonnaud.
http://www.lis.inpg.fr/pages_perso/bonnaud/

Reply to:

Follow-Ups:
- Re: CVE-2009-3725
  - From: Michael Gilbert <michael.s.gilbert@gmail.com>

References:
- CVE-2009-3725
  - From: Laurent Bonnaud <Laurent.Bonnaud@inpg.fr>
- Re: CVE-2009-3725
  - From: Moritz Muehlenhoff <jmm@inutil.org>

Prev by Date: Re: [Secure-testing-commits] r13252 - data
Next by Date: Re: CVE-2009-3725
Previous by thread: Re: CVE-2009-3725
Next by thread: Re: CVE-2009-3725
Index(es):
- Date
- Thread