oss-sec mailing list archives
Re: CVE requests - kernel security regressions for CVE-2009-1385/and -1389
From: Eugene Teo <eugene () redhat com>
Date: Tue, 29 Dec 2009 22:21:01 +0800
On 12/29/2009 10:12 AM, Eugene Teo wrote:
On 12/28/2009 03:47 PM, Eugene Teo wrote:http://events.ccc.de/congress/2009/Fahrplan//events/3596.en.html In Fabian's talk, he describes two kernel NIC driver issues: Issue #1 Fabian claimed that CVE-2009-1385 has an incorrect fix: http://git.kernel.org/linus/ea30e11970a96cfe5e32c03a29332554573b4a10.[...]Issue #2 The fix for CVE-2009-1389 regarding the r8169 driver introduces a similar security problem as this: http://git.kernel.org/linus/fdd7b4c3302c93f6833e338903ea77245eb510b4 is a revert of this: http://git.kernel.org/linus/126fa4b9ca5d9d7cb7d46f779ad3bd3631ca387c.Patches update can be found here: https://bugzilla.redhat.com/show_bug.cgi?id=550907#c4
Issue #3 I noticed that the e1000e driver also needs a similar fix as issue #1. https://bugzilla.redhat.com/show_bug.cgi?id=551214 Progress on the patches can be found in either of the two bugs. Thanks, Eugene -- Eugene Teo / Red Hat Security Response Team
Current thread:
- CVE requests - kernel security regressions for CVE-2009-1385/and -1389 Eugene Teo (Dec 27)
- Re: CVE requests - kernel security regressions for CVE-2009-1385/and -1389 Eugene Teo (Dec 28)
- Re: CVE requests - kernel security regressions for CVE-2009-1385/and -1389 Eugene Teo (Dec 29)
- Re: CVE requests - kernel security regressions for CVE-2009-1385/and -1389 Steven M. Christey (Dec 31)
- Re: CVE requests - kernel security regressions for CVE-2009-1385/and -1389 Eugene Teo (Dec 29)
- Re: CVE requests - kernel security regressions for CVE-2009-1385/and -1389 Eugene Teo (Dec 28)