Bug#639426: Changes from longterm 2.6.32.45

08-27-2011, 03:18 AM

Package: linux-2.6
Version: 2.6.32-35

d792afe crypto: Move md5_transform to lib/md5.c

Preparation for following patch.

263b893 net: Compute protocol sequence numbers and fragment IDs using MD5.

Fixes cryptographic weakness that allows blind spoofing of TCP/IP
packets (i.e. the attacker does not need access to a switch or router
between the connection endpoints). This may allow privilege escalation
or denial of service, depending on the protocols and authentication
schemes used by a targetted system.

b80a782 ALSA: timer - Fix Oops at closing slave timer

Fixes local denial of service, I think.

43e94c2 ALSA: snd-usb-caiaq: Fix keymap for RigKontrol3

Fixes decoding of some keys on this music controller device.

f562aba powerpc: Fix device tree claim code

Fixes crash at boot on some systems.

2b3fde0 powerpc: pseries: Fix kexec on machines with more than 4TB of RAM

Yeah, like Debian powerpc users have those.

Ben.

08-27-2011, 03:23 AM

On Sat, 2011-08-27 at 04:18 +0100, Ben Hutchings wrote:
> 263b893 net: Compute protocol sequence numbers and fragment IDs using MD5.
>
> Fixes cryptographic weakness that allows blind spoofing of TCP/IP
> packets (i.e. the attacker does not need access to a switch or router
> between the connection endpoints). This may allow privilege escalation
> or denial of service, depending on the protocols and authentication
> schemes used by a targetted system.

This is CVE-2011-3188, and will be included in 2.6.32-35squeeze1.

Ben.