On Fri, 2013-07-05 at 10:54 +0100, Steven Chamberlain wrote: > Hi, > > I notice CVE-2013-2224 was marked in the security tracker as affecting > only RHEL kernels, but I just wanted to double-check that: > > The issue was allegedly introduced into RHEL by a backport of a mainline > commit, to try to fix CVE-2012-3552: > > > f6d8bd051c391c1c0458a30b2a7abcd939329259 (inet: add RCU protection to inet->opt) > > But the Debian changelog[0] for 2.6.32-48squeeze3 (aka squeeze2) > mentions something similar was done: > > * inet: add RCU protection to inet->opt (CVE-2012-3552) > > and the actual same commit was seemingly applied as a patch[1]. > > [0]: > http://anonscm.debian.org/viewvc/kernel/dists/squeeze-security/linux-2.6/debian/changelog?revision=20073&view=markup > > [1]: > http://anonscm.debian.org/viewvc/kernel/dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/inet-add-RCU-protection-to-inet-opt.patch?view=markup&pathrev=19969 Our backport is different. Ben. -- Ben Hutchings Tomorrow will be cancelled due to lack of interest.
Attachment:
signature.asc
Description: This is a digitally signed message part