FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian Kernel

 
 
LinkBack Thread Tools
 
Old 08-27-2011, 03:18 AM
Ben Hutchings
 
Default Bug#639426: Changes from longterm 2.6.32.45

Package: linux-2.6
Version: 2.6.32-35

d792afe crypto: Move md5_transform to lib/md5.c

Preparation for following patch.

263b893 net: Compute protocol sequence numbers and fragment IDs using MD5.

Fixes cryptographic weakness that allows blind spoofing of TCP/IP
packets (i.e. the attacker does not need access to a switch or router
between the connection endpoints). This may allow privilege escalation
or denial of service, depending on the protocols and authentication
schemes used by a targetted system.

b80a782 ALSA: timer - Fix Oops at closing slave timer

Fixes local denial of service, I think.

43e94c2 ALSA: snd-usb-caiaq: Fix keymap for RigKontrol3

Fixes decoding of some keys on this music controller device.

f562aba powerpc: Fix device tree claim code

Fixes crash at boot on some systems.

2b3fde0 powerpc: pseries: Fix kexec on machines with more than 4TB of RAM

Yeah, like Debian powerpc users have those.

Ben.
 
Old 08-27-2011, 03:23 AM
Ben Hutchings
 
Default Bug#639426: Changes from longterm 2.6.32.45

On Sat, 2011-08-27 at 04:18 +0100, Ben Hutchings wrote:
> 263b893 net: Compute protocol sequence numbers and fragment IDs using MD5.
>
> Fixes cryptographic weakness that allows blind spoofing of TCP/IP
> packets (i.e. the attacker does not need access to a switch or router
> between the connection endpoints). This may allow privilege escalation
> or denial of service, depending on the protocols and authentication
> schemes used by a targetted system.

This is CVE-2011-3188, and will be included in 2.6.32-35squeeze1.

Ben.
 

Thread Tools




All times are GMT. The time now is 03:20 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org