[PATCH 00/11] [lucid/master] CVE-2010-4251 v2
Paolo Pisati
paolo.pisati at canonical.com
Mon Jul 11 16:03:37 UTC 2011
On 07/11/2011 05:23 PM, Tim Gardner wrote:
>
> While researching these patches I stumbled across some further analysis
> of this vulnerability by Eugene Teo at
> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4251 in which he
> includes a 2.6.35 patch from Eric Duzamet which really, really fixes the
> problem.
you mean c377411f24 ("net: sk_add_backlog() take rmem_alloc into
account")? saw that, and is handled in another CVE in our db
(CVE-2010-4805), so i wanted to issue a subsequent pull.
> If we're gonna wreak this level of havoc on the network layer, then we
^^^^^^^^^^^^^^^^^^^^^^^^^
and you didn't see what it takes to make it to hardy...
--
bye,
p.
More information about the kernel-team
mailing list