Bug#639426: Changes from longterm 2.6.32.45
Package: linux-2.6
Version: 2.6.32-35 d792afe crypto: Move md5_transform to lib/md5.c Preparation for following patch. 263b893 net: Compute protocol sequence numbers and fragment IDs using MD5. Fixes cryptographic weakness that allows blind spoofing of TCP/IP packets (i.e. the attacker does not need access to a switch or router between the connection endpoints). This may allow privilege escalation or denial of service, depending on the protocols and authentication schemes used by a targetted system. b80a782 ALSA: timer - Fix Oops at closing slave timer Fixes local denial of service, I think. 43e94c2 ALSA: snd-usb-caiaq: Fix keymap for RigKontrol3 Fixes decoding of some keys on this music controller device. f562aba powerpc: Fix device tree claim code Fixes crash at boot on some systems. 2b3fde0 powerpc: pseries: Fix kexec on machines with more than 4TB of RAM Yeah, like Debian powerpc users have those. Ben. |
Bug#639426: Changes from longterm 2.6.32.45
On Sat, 2011-08-27 at 04:18 +0100, Ben Hutchings wrote:
> 263b893 net: Compute protocol sequence numbers and fragment IDs using MD5. > > Fixes cryptographic weakness that allows blind spoofing of TCP/IP > packets (i.e. the attacker does not need access to a switch or router > between the connection endpoints). This may allow privilege escalation > or denial of service, depending on the protocols and authentication > schemes used by a targetted system. This is CVE-2011-3188, and will be included in 2.6.32-35squeeze1. Ben. |
| All times are GMT. The time now is 12:36 PM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.