[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Squeeze vulnerable to CVE-2010-2943 (xfs+NFS unlinked inode access)

On Thu, 17 Feb 2011, dann frazier wrote:
> > http://security-tracker.debian.org/tracker/CVE-2010-2943
> > It is supposed to be vulnerable.
> I've backported a fix for this, but it was too late to make the
> initial release of squeeze. The fix is queued for the first update to
> squeeze, see:
>   http://svn.debian.org/wsvn/kernel-sec/active/CVE-2010-2943
> > Upstream is sitting on backports of this one for some reason, because it is
> > not on any stable or longterm kernel as far as I can see.
> I forwarded our backport to stable, and it has been tentatively
> accepted for the 2.6.32-longterm tree.

Thank you!

> yes, but note that backport introduced a regression:
>   https://bugs.launchpad.net/ubuntu/+source/linux/+bug/692848

Which you took care of.  Again, thank you very much.

  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to: