oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE requests - kernel security regressions for CVE-2009-1385/and -1389

From: Eugene Teo <eugeneteo () kernel sg>
Date: Mon, 01 Feb 2010 13:41:22 +0800
On 01/01/2010 03:37 AM, Steven M. Christey wrote:

Issue #1
Fabian claimed that CVE-2009-1385 has an incorrect fix:
http://git.kernel.org/linus/ea30e11970a96cfe5e32c03a29332554573b4a10.

[...]


Use CVE-2009-4536


upstream commit 40a14deaf411592b57cb0720f0e8004293ab9865


Issue #2
The fix for CVE-2009-1389 regarding the r8169 driver introduces a
similar security problem as this:
http://git.kernel.org/linus/fdd7b4c3302c93f6833e338903ea77245eb510b4 is
a revert of this:
http://git.kernel.org/linus/126fa4b9ca5d9d7cb7d46f779ad3bd3631ca387c.


Patches update can be found here:
https://bugzilla.redhat.com/show_bug.cgi?id=550907#c4


Use CVE-2009-4537


http://marc.info/?t=126202986900002&r=1&w=2.


Issue #3
I noticed that the e1000e driver also needs a similar fix as issue #1.
https://bugzilla.redhat.com/show_bug.cgi?id=551214


Use CVE-2009-4538


upstream commit b94b50289622e816adc9f94111cfc2679c80177c

Thanks, Eugene
Previous By Date Next
Previous By Thread Next

Current thread: