From $URL : Description A vulnerability has been reported in Linux Kernel, which can be exploited by malicious, local users to gain knowledge of potentially sensitive information. The vulnerability is caused due to an error in the HIDP Bluetooth implementation within the "hidp_setup_hid()" function (net/bluetooth/hidp/core.c) as the HID device name, physical location, and unique identifier variables may not be properly NULL terminated when handling long strings. This can be exploited to disclose memory content via a specially crafted program executing a ioctl(HIDPCONNADD) call. Successful exploitation requires that the kernel is built with Bluetooth stack and HIDP support. The vulnerability is reported in versions prior to 3.7.6, 3.4.29, 3.2.38, and 3.0.62 Solution Update to version 3.7.6, 3.4.29, 3.2.38, or 3.0.62 Provided and/or discovered by Anderson Lizardo Original Advisory Kernel.org: http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.7.6 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.4.29 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.38 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.62
There are no longer any 2.x or <3.7.6 kernels available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security.
