Hallo list, dann frazier wrote: > ---------------------------------------------------------------------- > Debian Security Advisory DSA-1809-1 secur...@debian.org > http://www.debian.org/security/ dann frazier > Jun 01, 2009 http://www.debian.org/security/faq > ---------------------------------------------------------------------- > > Package : linux-2.6 > Vulnerability : denial of service, privilege escalation > Problem type : local/remote > Debian-specific: no > CVE Id(s) : CVE-2009-1630 CVE-2009-1633 CVE-2009-1758
[snip] > CVE-2009-1633 > > Jeff Layton and Suresh Jayaraman fixed several buffer overflows in > the CIFS filesystem which allow remote servers to cause memory > corruption. Apparently this is a different issue from #506586, I can still verify that bug on my system. In particular a simple 'du -hs' on the mounted cifs share leads to an immediate freeze of the system. I have two questions: Is a hard freeze, incurring data loss of all open/unsaved files considered a security issue? Since #506586 and #509428 are reported to be fixed in inux-image-2.6.29-1-686 2.6.29-2 inux-image-2.6.29-1-686 2.6.29-3 is there any chance that the fixes are backported for lenny or should users of stable upgrade to the kernel from testing/unstable/backports? FWIW, my tests seem to support the claim that this is fixed for backport's linux-image-2.6.29-bpo.2-amd64 (fingers crossed). Thanks for any clarification ;-) Johannes -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
