Re: status of getting security fixes into sarge

To: debian-kernel@lists.debian.org
Cc: debian-release@lists.debian.org
Subject: Re: status of getting security fixes into sarge
From: Andres Salomon <dilinger@voxel.net>
Date: Thu, 16 Dec 2004 13:40:41 -0500
Message-id: <[🔎] pan.2004.12.16.18.40.40.896734@voxel.net>
References: <20041209212012.GA3607@kitenet.net> <[🔎] E1Cdubb-0001n5-Gu@localhost.localdomain>

On Mon, 13 Dec 2004 19:07:31 +0100, Moritz Muehlenhoff wrote:
[...]
> 
> It seems as if the local DoS in the a.out loader (only exploitable when
> VM memory overcommitment is turned on) is still unfixed in kernel-source-
> 2.6.8:
> The changelog for 2.6.8-9 mentions another unrelated elf/a.out vulnarability,
> but I can't find the proposed patch by Chris Wright in the diff.gz, so maybe
> this has slipped through until now or fixed in a different way, I don't know:
> http://marc.theaimsgroup.com/?l=linux-kernel&m=110023019006886&w=2
> 
> Cheers,
>         Moritz

Thanks for pointing that out, I committed the fix (plus
http://linux.bkbits.net:8080/linux-2.6/cset@1.2055.4.151 ) to SVN.  It
will be fixed in the next release (once we get this symbol crap sorted out).

Reply to:

References:
- Re: status of getting security fixes into sarge
  - From: Moritz Muehlenhoff <jmm@inutil.org>

Prev by Date: PROBLEM: Cross-compiling fails (patch included)
Next by Date: SONAME bumping and d-i
Previous by thread: Re: status of getting security fixes into sarge
Next by thread: Bug#285521: kernel-image-2.4.27-1: kernel-image-2.4.27-1 v6: thinkpad does not suspend upon lid closing
Index(es):
- Date
- Thread