Your friendly security team received the following report via oss-security.
Please respond ASAP.
The issue is public.

AFAICS we don't have CONFIG_TIPC set

------------------------------------------------------------------------------
Date: Fri, 22 Oct 2010 09:11:18 -0400
From: Dan Rosenberg <dan.j.rosenberg@gmail.com>
Subject: [oss-security] CVE request: kernel: heap overflow in TIPC

The tipc_msg_build() function in net/tipc/msg.c contains an
exploitable kernel heap overflow that would allow a local user to
escalate privileges to root by issuing maliciously crafted sendmsg()
calls via TIPC sockets.

Fortunately, none of the distributions I tested actually define a
module alias for TIPC even though it is compiled as a module on nearly
all of them (I suspect this is a lucky accident).  Since in these
situations, the TIPC module will not be loaded automatically on
creation of a TIPC socket, an administrator would have had to
explicitly load the TIPC kernel module in order for a system to be
vulnerable.

I checked Ubuntu, Debian, and Fedora, none of which define an alias.
Any distributions that define a module alias for TIPC (i.e. "alias
net-pf-30 tipc") should treat this as a serious vulnerability.  Even
if your distribution does not, I highly recommend backporting the fix
for this, since it's a bit of defensive programming in the core
networking code that handles verifying user-supplied iovecs, which
likely resolves other undiscovered (or undisclosed) security issues
elsewhere.  I'll post a link to the fix when it's finalized and
committed.

Reference:
http://marc.info/?l=linux-netdev&m=128770476511716&w=2

-Dan