Package: linux-2.6
Severity: important
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for linux-2.6.

CVE-2007-4571[0]:
| The snd_mem_proc_read function in sound/core/memalloc.c in the
| Advanced Linux Sound Architecture (ALSA) in the Linux kernel before
| 2.6.22.8 does not return the correct write size, which allows local
| users to obtain sensitive information (kernel memory contents) via a
| small count argument, as demonstrated by multiple reads of
| /proc/driver/snd-page-alloc.

If you fix this vulnerability please also include the CVE id
in your changelog entry.

You can find a fix on: 
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ccec6e2c4a74adf76ed4e2478091a311b1806212

For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4571

Kind regards
Nico

-- 
Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgpZrwsENFcca.pgp
Description: PGP signature

Reply via email to