Package: linux-2.6 Version: 2.6.26 Severity: important Tags: security patch
Hi, The following CVE (Common Vulnerabilities & Exposures) id was published for linux-2.6. CVE-2009-1360[0]: | The __inet6_check_established function in net/ipv6/inet6_hashtables.c | in the Linux kernel before 2.6.29, when Network Namespace Support (aka | NET_NS) is enabled, allows remote attackers to cause a denial of | service (NULL pointer dereference and system crash) via vectors | involving IPv6 packets. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. Note that the kernel changelog says that this vulnerability was introduced in 2.6.27; however, I've checked and found that the 2.6.26 code is identical to vulnerable 2.6.27 code. Hence, it is my assessment that 2.6.26 is affected as well. Note also that etch-and-a-half (2.6.24) is likely affected as well, but I have not checked this. Since this is just a denial-of-service, it is of low severity/urgency. Patches are available [1] and more info [2]. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1360 http://security-tracker.debian.net/tracker/CVE-2009-1360 [1] http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=3f53a38131a4e7a053c0aa060aba0411242fb6b9;hp=0c9a3aaaf30e1d1994de58c554ef97a719e20892 [2] http://xorl.wordpress.com/2009/04/21/linux-kernel-net_ns-ipv6-null-pointer-dereference/ -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
