tag 300163 +pending thanks On Thu, Mar 17, 2005 at 10:42:28PM -0600, Micah Anderson wrote: > Package: kernel-source-2.6.8 > Version: 2.6.8-14 > Severity: normal > Tags: security patch > > CAN-2004-1191 reads: > > Race condition ... when run on SMP systems that have more than 4GB of > memory, could allow local users to read unauthorized memory from > "foreign memory pages." Apparantly it also allows remote attackers to > obtain sensitive information, caused by a vulnerability in the > smb_recv_trans2 function, could also send a specially-crafted TRANS2 > SMB packet to cause a kernel memory leak. > > More information about this is here: > http://www.novell.com/linux/security/advisories/2004_42_kernel.html > http://xforce.iss.net/xforce/xfdb/18137 > > 2.6.8 needs both these patches: > http://linux.bkbits.net:8080/linux-2.6/[EMAIL PROTECTED]@1.1938.197.15 > http://linux.bkbits.net:8080/linux-2.6/cset%4041e9a86bi4MvUzMJ8Ru62gdkFgHKtg > > The second patch has been applied to Debian's kernel-source-2.6.8, but > the first is also needed.
Thanks, it was included once upon a time, but was removed as it was thought that the second patch replaced it, rather than adding to the fix. I have reinstated it in SVN and it should appear in kernel-source-2.6.8-16 -- Horms -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
