[kernel-sec-discuss] r2172 - dsa-texts
Dann Frazier
dannf at alioth.debian.org
Wed Jan 26 14:06:56 UTC 2011
Author: dannf
Date: 2011-01-26 14:06:44 +0000 (Wed, 26 Jan 2011)
New Revision: 2172
Modified:
dsa-texts/2.6.26-26lenny2
Log:
document CVE-2010-4656
Modified: dsa-texts/2.6.26-26lenny2
===================================================================
--- dsa-texts/2.6.26-26lenny2 2011-01-26 02:58:08 UTC (rev 2171)
+++ dsa-texts/2.6.26-26lenny2 2011-01-26 14:06:44 UTC (rev 2172)
@@ -12,7 +12,7 @@
CVE-2010-4163 CVE-2010-4242 CVE-2010-4243 CVE-2010-4248
CVE-2010-4249 CVE-2010-4258 CVE-2010-4342 CVE-2010-4346
CVE-2010-4526 CVE-2010-4527 CVE-2010-4529 CVE-2010-4565
- CVE-2010-4649 CVE-2010-4668 CVE-2011-0521
+ CVE-2010-4649 CVE-2010-4656 CVE-2010-4668 CVE-2011-0521
Debian Bug(s) :
Several vulnerabilities have been discovered in the Linux kernel that may lead
@@ -126,6 +126,12 @@
subsystem. A potential buffer overflow may allow local users to cause a
denial of service (memory corruption) by passing in a large cmd.ne value.
+CVE-2010-4656
+
+ Kees Cook reported an issue in the driver for I/O-Warrior USB devices.
+ Local users with access to these devices maybe able to overrun kernel
+ buffers, resulting in a denial of service or privilege escalation.
+
CVE-2010-4668
Dan Rosenberg reported an issue in the block subsystem. A local user can
More information about the kernel-sec-discuss
mailing list