[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#308584: kernel-source-2.4.27: missing sysctl slot for ia64 results in local DoS

On Wed, 2005-05-11 at 18:30 +0900, Horms wrote:
> Package: kernel-source-2.4.27
> Version: 2.4.27-10
> Severity: important
> Tags: patch, security, pending
> 
> 
> I got this from Moritz Muehlenhoff <jmm@inutil.org>:
> 
>    http://www.redhat.com/support/errata/RHSA-2005-284.html This is
>    CAN-2005-0137 : Linux kernel 2.6 on Itanium (ia64) architectures
>    allows local users to cause a denial of service via a "missing
>    Itanium syscall table entry."
> 
> On investigation I found that 
> 
>    2.4.27 is vulnerable to this. 2.6.8 and 2.6.11 are not.
>    The bug has been fixed upstream for both 2.4 and 2.6 and
>    I have put a this patch into SVN for 2.4.27

Actually, this fix is already in kernel-patch-2.4.27-ia64 (2.4.27-3).
It was included when I resync'd with upstream; I didn't include a
reference in the changelog because I was unsure if the CAN ID was public
yet.

kernel-patch-2.4.27-ia64 has already made its way into sarge, and: 

<vorlon> anyway, yeah, 2.4 kernels are also being synced up; I've already approved 2.4.27-8 in for ia64

2.4.27-8 was built against -3, so it sounds like this fix should already
be going in.
Reply to: