Re: CVE-2005-2709 - Another local DoS in the kernel

To: Moritz Muehlenhoff <jmm@inutil.org>
Cc: horms@debian.org, debian-kernel@lists.debian.org, micah@riseup.net
Subject: Re: CVE-2005-2709 - Another local DoS in the kernel
From: Sven Luther <sven.luther@wanadoo.fr>
Date: Wed, 9 Nov 2005 15:22:59 +0100
Message-id: <20051109142259.GA3077@localhost.localdomain>
In-reply-to: <20051109134810.GA4889@informatik.uni-bremen.de>
References: <20051109134810.GA4889@informatik.uni-bremen.de>

On Wed, Nov 09, 2005 at 02:48:10PM +0100, Moritz Muehlenhoff wrote:
> Hi Horms and the rest of debian-kernel,
> Al Viro has found another local DoS vulnerability in the kernel; one
> can trigger an oops in sysctl. The fix is the only code change in
> 2.6.14.1 and has been assigned CVE-2005-2709.

Sadly, Manoj uploaded an untried kernel-package version to unstable, which
broke kernel builds, this is currently being worked on, but at this time there
has not been a confirmed fix yet, so it is not possible to upload packages
containign 2.6.14.1 which fix this CVE and was mentioned here a coupe of hours
ago. The patches are already in our SVN repo though, so you could try building
them yourself with the older kernel-package, or wait a bit.

Friendly,

Sven Luther

Reply to:

Follow-Ups:
- Re: CVE-2005-2709 - Another local DoS in the kernel
  - From: Sven Luther <sven.luther@wanadoo.fr>
- Re: CVE-2005-2709 - Another local DoS in the kernel
  - From: Horms <horms@verge.net.au>

References:
- CVE-2005-2709 - Another local DoS in the kernel
  - From: Moritz Muehlenhoff <jmm@inutil.org>

Prev by Date: CVE-2005-2709 - Another local DoS in the kernel
Next by Date: Re: CVE-2005-2709 - Another local DoS in the kernel
Previous by thread: CVE-2005-2709 - Another local DoS in the kernel
Next by thread: Re: CVE-2005-2709 - Another local DoS in the kernel
Index(es):
- Date
- Thread