> > > [03/49] fuse: verify ioctl retries > > Kernel buffer overflow, but only CUSE servers could exploit it and > > /dev/cuse is normally restricted to root. > > Upstream fix: > http://git.kernel.org/linus/7572777eef78ebdee1ecb7c258c0ef94d35bad16 > Introduced in 2.6.29.
Please use CVE-2010-4650 > > [16/49] IB/uverbs: Handle large number of entries in poll CQ > > Fixes integer overflow and information leak which I assume can be > > triggered by unprivileged local users. > > Sounds like it - Documentation/infiniband/user_verbs.txt says: > > "Since the InfiniBand userspace verbs should be safe for use by > non-privileged processes, it may be useful to add an appropriate MODE > or GROUP to the udev rule." > > Upstream fix: > http://git.kernel.org/linus/7182afea8d1afd432a17c18162cc3fd441d0da93 > Introduced in 2.6.15. > Please use CVE-2010-4649 > > [20/49] orinoco: fix TKIP countermeasure behaviour > > Fixes cryptographic weakness potentially leaking information to remote > > (but physically nearby) users. > > Upstream fix: > http://git.kernel.org/linus/0a54917c3fc295cb61f3fb52373c173fd3b69f48 > Introduced in 2.6.28. > Please use CVE-2010-4648. > > [44/49] ima: fix add LSM rule bug > > Allows subversion of IMA. Not relevant to Debian kernel images since > > we > > don't build IMA. > > Upstream fix: > http://git.kernel.org/linus/867c20265459d30a01b021a9c1e81fb4c5832aa9 > Introoduced in 2.6.30. Please use CVE-2011-0006 Thanks. -- JB -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1961486340.193615.1294341196350.javamail.r...@zmail01.collab.prod.int.phx2.redhat.com