blob: fa0257004b8fa9f93284d9f96e3b7bab9f749c34 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
Candidate: CVE-2009-4537
Description:
regression in r8169 driver
References:
http://www.openwall.com/lists/oss-security/2009/12/31/1
http://marc.info/?t=126202986900002&r=1&w=2
Notes:
the patch for this issue is partial; in the sense that any deviation from the
default settings opens the hole right back up. Ben Hutchings has volunteered
to work on a comprehensive fix if someone provides him the hardware. see:
http://lkml.org/lkml/2010/3/29/448
Bugs:
upstream: released (2.6.34-rc3) [c0cd884a]
2.6.32-upstream-stable: released (2.6.32.12)
linux-2.6: released (2.6.32-11) [bugfix/all/net-r8169-improved-rx-length-check-errors.patch]
2.6.26-lenny-security: released (2.6.26-22lenny1) [bugfix/all/net-r8169-improved-rx-length-check-errors.patch, bugfix/all/r8169-offical-fix-for-cve-2009-4537-overlength-frame-dmas.patch]
2.6.32-squeeze-security: released (2.6.32-11) [bugfix/all/net-r8169-improved-rx-length-check-errors.patch]
|