Secure testing team - Apr 2009 - Bug#523365: linux-source-2.6.26: CIFS Buffer Overflow as Reported on Full Disclosure

Package: linux-source-2.6.26
Version: 2.6.26-13
Severity: critical
Tags: security
Justification: root security hole


I don''t know if this has already been reported or if you guys are
already working
on a fix, but I thought I should be extra sure you all heard about it:

  http://seclists.org/fulldisclosure/2009/Apr/0080.html

If this is as serious as it is advertised to be, it would be nice to see
a back patch ASAP.

thanks,
tim


-- System Information:
Debian Release: 5.0
  APT prefers testing
  APT policy: (500, ''testing'')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.18
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash

Versions of packages linux-source-2.6.26 depends on:
ii  binutils                      2.19.1-1   The GNU assembler, linker and bina
ii  bzip2                         1.0.5-1    high-quality block-sorting file co

Versions of packages linux-source-2.6.26 recommends:
pn  gcc                           <none>     (no description available)
ii  libc6-dev [libc-dev]          2.7-18     GNU C Library: Development Librari
ii  make                          3.81-5     The GNU version of the
"make" util

Versions of packages linux-source-2.6.26 suggests:
ii  kernel-package                11.017     A utility for building Linux kerne
pn  libncurses-dev | ncurses-dev  <none>     (no description available)
pn  libqt3-mt-dev                 <none>     (no description available)

-- no debconf information