document CVE-2010-4656

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@2172 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 7 insertions, 1 deletions

diff --git a/dsa-texts/2.6.26-26lenny2 b/dsa-texts/2.6.26-26lenny2
index abba2c04..40b9ed06 100644
--- a/dsa-texts/2.6.26-26lenny2
+++ b/dsa-texts/2.6.26-26lenny2
@@ -12,7 +12,7 @@ CVE Id(s)      : CVE-2010-0435 CVE-2010-3699 CVE-2010-4158 CVE-2010-4162
                  CVE-2010-4163 CVE-2010-4242 CVE-2010-4243 CVE-2010-4248 
                  CVE-2010-4249 CVE-2010-4258 CVE-2010-4342 CVE-2010-4346 
                  CVE-2010-4526 CVE-2010-4527 CVE-2010-4529 CVE-2010-4565 
-                 CVE-2010-4649 CVE-2010-4668 CVE-2011-0521
+                 CVE-2010-4649 CVE-2010-4656 CVE-2010-4668 CVE-2011-0521
 Debian Bug(s)  :
                  
 Several vulnerabilities have been discovered in the Linux kernel that may lead
@@ -126,6 +126,12 @@ CVE-2010-4649
     subsystem. A potential buffer overflow may allow local users to cause a
     denial of service (memory corruption) by passing in a large cmd.ne value.
 
+CVE-2010-4656
+
+    Kees Cook reported an issue in the driver for I/O-Warrior USB devices.
+    Local users with access to these devices maybe able to overrun kernel
+    buffers, resulting in a denial of service or privilege escalation.
+
 CVE-2010-4668
 
     Dan Rosenberg reported an issue in the block subsystem. A local user can