On tiisdei 9 Juny 2009, Ben Hutchings wrote:
> Package: linux-2.6
> Version: 2.6.29-5
> Severity: critical
> Tags: security patch
> Some or all NICs supported by r8169 seem to ignore the buffer sizes in
> RX descriptors, and will write up to the global maximum frame size.
> This means a remote attacker can overflow RX buffers, probably
> allowing for code injection.  This should be fixed by the patch posted
> in:
> http://article.gmane.org/gmane.linux.network/130114

This is CVE-2009-1389.

The severity of this issue is still debated.


Attachment: signature.asc
Description: This is a digitally signed message part.

Reply via email to