Re: Squeeze vulnerable to CVE-2010-2943 (xfs+NFS unlinked inode access)
On Thu, 17 Feb 2011, dann frazier wrote:
> > http://security-tracker.debian.org/tracker/CVE-2010-2943
> > It is supposed to be vulnerable.
>
> I've backported a fix for this, but it was too late to make the
> initial release of squeeze. The fix is queued for the first update to
> squeeze, see:
> http://svn.debian.org/wsvn/kernel-sec/active/CVE-2010-2943
>
> > Upstream is sitting on backports of this one for some reason, because it is
> > not on any stable or longterm kernel as far as I can see.
>
> I forwarded our backport to stable, and it has been tentatively
> accepted for the 2.6.32-longterm tree.
Thank you!
> yes, but note that backport introduced a regression:
> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/692848
Which you took care of. Again, thank you very much.
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
Reply to: