Package: kernel-source-2.6.8 Version: 2.6.8-14 Severity: normal Tags: security patch
CAN-2004-1191 reads: Race condition ... when run on SMP systems that have more than 4GB of memory, could allow local users to read unauthorized memory from "foreign memory pages." Apparantly it also allows remote attackers to obtain sensitive information, caused by a vulnerability in the smb_recv_trans2 function, could also send a specially-crafted TRANS2 SMB packet to cause a kernel memory leak. More information about this is here: http://www.novell.com/linux/security/advisories/2004_42_kernel.html http://xforce.iss.net/xforce/xfdb/18137 2.6.8 needs both these patches: http://linux.bkbits.net:8080/linux-2.6/[EMAIL PROTECTED]@1.1938.197.15 http://linux.bkbits.net:8080/linux-2.6/cset%4041e9a86bi4MvUzMJ8Ru62gdkFgHKtg The second patch has been applied to Debian's kernel-source-2.6.8, but the first is also needed. Micah -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (300, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.10-1-k7 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages kernel-source-2.6.8 depends on: ii binutils 2.15-5 The GNU assembler, linker and bina ii bzip2 1.0.2-5 high-quality block-sorting file co ii coreutils [fileutils] 5.2.1-2 The GNU core utilities ii fileutils 5.2.1-2 The GNU file management utilities -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
