Package: kernel-source-2.6.8 Version: 2.6.8-16sarge5 Severity: critical Justification: root security hole
Noticed: Intel LAN Driver Buffer Overflow Local Privilege Escalation http://support.intel.com/support/network/sb/CS-023726.htm The Intel blurb says Linux, and specifically Debian, is affected also: Product Family OS Affected Driver Versions Corrected Driver Versions Intel PRO 10/100 Adapters Linux* 3.5.14 or previous 3.5.17 or later Intel PRO/1000 Adapters Linux 7.2.7 or previous 7.3.15 or later and it seems that: kernel-source-2.6.8/drivers/net/e100.c #define DRV_NAME "e100" #define DRV_VERSION "3.0.18" #define DRV_DESCRIPTION "Intel(R) PRO/100 Network Driver" #define DRV_COPYRIGHT "Copyright(c) 1999-2004 Intel Corporation" kernel-source-2.6.8/drivers/net/e1000/e1000_main.c char e1000_driver_name[] = "e1000"; char e1000_driver_string[] = "Intel(R) PRO/1000 Network Driver"; char e1000_driver_version[] = "5.2.52-k4"; char e1000_copyright[] = "Copyright (c) 1999-2004 Intel Corporation."; are quite old (so seem to be affected). Cheers, Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-spm1.6 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages kernel-source-2.6.8 depends on: ii binutils 2.15-6 The GNU assembler, linker and bina ii bzip2 1.0.2-7 high-quality block-sorting file co ii coreutils [fileutils] 5.2.1-2 The GNU core utilities ii fileutils 5.2.1-2 The GNU file management utilities -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
