Re: Linux 2.6.16.16

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, May 13, 2006 at 06:29:25PM +0100, Nick Warne wrote:
> On 13/05/06, Adrian Bunk <[email protected]> wrote:
> >The CVE should be enough for easily getting all information you
> >requested.
> >
> >Information whether it's a DoS or a root exploit is helpful, but any
> >qualified person doing risk management will anyways lookup the CVE.
> 
> Well, yes, but some people do *actually* use the latest kernel at home
> and not in labs (et al), and as Maciej asked, we are not sure whether
> the (whatever) latest patch is needed or not on whatever our current
> config is the way the latest stable fixes are announced.
> 
> "    [PATCH] fs/locks.c: Fix lease_init (CVE-2006-1860)
> 
>    It is insane to be giving lease_init() the task of freeing the lock it is
>    supposed to initialise, given that the lock is not guaranteed to be
>    allocated on the stack. This causes lockups in fcntl_setlease().
>    Problem diagnosed by Daniel Hokka Zakrisson <[email protected]>
> 
>    Also fix a slab leak in __setlease() due to an uninitialised return 
>    value.
>    Problem diagnosed by Bj????rn Steinbrink.
> "
> 
> OK, great.  But what does it mean?
> 
> It would be nice to have a short explanation of what the fix is for in
> real world terms.

To be fair, the extra work of writing out a detailed exploit, complete
with example code, for every security update, would just take way too
long.  If you look for where this patch was discussed on lkml, you will
see a full description of the problem, and how to hit it.

thanks,

greg k-h
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux