Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Mon, 01 Feb 2010 13:41:22 +0800
From: Eugene Teo <eugeneteo@...nel.sg>
To: "Steven M. Christey" <coley@...us.mitre.org>
CC: oss-security@...ts.openwall.com
Subject: Re: CVE requests - kernel security regressions for
 CVE-2009-1385/and -1389

On 01/01/2010 03:37 AM, Steven M. Christey wrote:
>>>> Issue #1
>>>> Fabian claimed that CVE-2009-1385 has an incorrect fix:
>>>> http://git.kernel.org/linus/ea30e11970a96cfe5e32c03a29332554573b4a10.
>>> [...]
>
> Use CVE-2009-4536

upstream commit 40a14deaf411592b57cb0720f0e8004293ab9865

>>>> Issue #2
>>>> The fix for CVE-2009-1389 regarding the r8169 driver introduces a
>>>> similar security problem as this:
>>>> http://git.kernel.org/linus/fdd7b4c3302c93f6833e338903ea77245eb510b4 is
>>>> a revert of this:
>>>> http://git.kernel.org/linus/126fa4b9ca5d9d7cb7d46f779ad3bd3631ca387c.
>>>
>>> Patches update can be found here:
>>> https://bugzilla.redhat.com/show_bug.cgi?id=550907#c4
>
> Use CVE-2009-4537

http://marc.info/?t=126202986900002&r=1&w=2.

>> Issue #3
>> I noticed that the e1000e driver also needs a similar fix as issue #1.
>> https://bugzilla.redhat.com/show_bug.cgi?id=551214
>
> Use CVE-2009-4538

upstream commit b94b50289622e816adc9f94111cfc2679c80177c

Thanks, Eugene

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ