oss-sec mailing list archives

Re: CVE requests - kernel security regressions for CVE-2009-1385/and -1389

From: "Steven M. Christey" <coley () linus mitre org>
Date: Thu, 31 Dec 2009 14:37:22 -0500 (EST)

Issue #1
Fabian claimed that CVE-2009-1385 has an incorrect fix:
http://git.kernel.org/linus/ea30e11970a96cfe5e32c03a29332554573b4a10.

[...]


Use CVE-2009-4536

Issue #2
The fix for CVE-2009-1389 regarding the r8169 driver introduces a
similar security problem as this:
http://git.kernel.org/linus/fdd7b4c3302c93f6833e338903ea77245eb510b4 is
a revert of this:
http://git.kernel.org/linus/126fa4b9ca5d9d7cb7d46f779ad3bd3631ca387c.


Patches update can be found here:
https://bugzilla.redhat.com/show_bug.cgi?id=550907#c4


Use CVE-2009-4537

Issue #3
I noticed that the e1000e driver also needs a similar fix as issue #1.
https://bugzilla.redhat.com/show_bug.cgi?id=551214


Use CVE-2009-4538


- Steve

Current thread:

CVE requests - kernel security regressions for CVE-2009-1385/and -1389 Eugene Teo (Dec 27)
- Re: CVE requests - kernel security regressions for CVE-2009-1385/and -1389 Eugene Teo (Dec 28)
  - Re: CVE requests - kernel security regressions for CVE-2009-1385/and -1389 Eugene Teo (Dec 29)
    - Re: CVE requests - kernel security regressions for CVE-2009-1385/and -1389 Steven M. Christey (Dec 31)