Package: kernel-image-2.6.8-i386 Severity: normal Seen at http://www.securityfocus.com/bid/14470, where they say "Linux Kernel is affected by a remote denial of service vulnerability when handling XDR data for the nfsacl protocol."
I've tried to work out if sarge is vulnerable. They say that it was fixed in 2.6.13, and I _think_ a relevant commit is: http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=23ec6965c20db96bc8ea7af0ec178f074dd31c40 I had a look at fs/nfs/nfs4xdr.c, and it certainly looks to my naive eye that the 2.6.8 kernel has the same code, without the patch. So I think sarge is affected. However I don't really know how severe the vulnerability is, or what mitigating factors there might be. Anyway, I didn't see CAN-2005-2500 listed at http://svn.debian.org/wsvn/kernel/patch-tracking/, so I thought I'd add this bug report. -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-2-686-smp Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
