On Sat, 18 Sep 2010 00:02:36 +0100 moog wrote: > > The kernel was tagged at 2.6.26 a few days before this commit, so that > > tag, and therefore the Debian package linux-2.6 version 2.6.26-25, do > > not include this commit. So based on Ben Hawkes' description of the > > problem, I don't believe lenny is vulnerable to it, although squeeze > > certainly is, as Ben's exploit code demonstrates. > > I see <http://security-tracker.debian.org/tracker/CVE-2010-3301> has now > been updated to say that lenny is not vulnerable. Further to this, I > would like to suggest that etch,etch(security), i.e. linux-2.6 > version 2.6.18.dfsg.1-26etch2, and etch-backports, i.e. linux-2.6 > version 2.6.26-21~bpo40+1, are not vulnerable either, for the same > reason, namely that they predate the problematic commit. > > (According to <http://sota.gen.nz/compat2/>, the commit reintroduced > essentially the same vulnerabilty as CVE-2007-4573, but that was fixed > in etch in version 2.6.18.dfsg.1-13etch4; see DSA-1381-2.)
etch is no longer supported, so any info there is very likely not up to date. the etch entries need to be removed. i'll fix that at some point. > Finally, although 2.6.35-1~experimental.3 is described as fixed, I've > now looked at the code and the LOAD_ARGS32 macro is still missing a > setting of %eax so I believe it is still vulnerable. that's a limitation of the tracker since its based on unstable. anything greater than unstables 2.6.32-23 will be considered fixed. mike -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
