Re: CVE-2005-2709 - Another local DoS in the kernel

To: debian-kernel@lists.debian.org
Subject: Re: CVE-2005-2709 - Another local DoS in the kernel
From: Horms <horms@verge.net.au>
Date: Wed, 9 Nov 2005 14:42:16 +0000 (UTC)
Message-id: <dkt1s8$e3g$3@sea.gmane.org>
References: <20051109134810.GA4889@informatik.uni-bremen.de> <20051109142259.GA3077@localhost.localdomain>

Sven Luther <sven.luther@wanadoo.fr> wrote:
> On Wed, Nov 09, 2005 at 02:48:10PM +0100, Moritz Muehlenhoff wrote:
>> Hi Horms and the rest of debian-kernel,
>> Al Viro has found another local DoS vulnerability in the kernel; one
>> can trigger an oops in sysctl. The fix is the only code change in
>> 2.6.14.1 and has been assigned CVE-2005-2709.
> 
> Sadly, Manoj uploaded an untried kernel-package version to unstable, which
> broke kernel builds, this is currently being worked on, but at this time there
> has not been a confirmed fix yet, so it is not possible to upload packages
> containign 2.6.14.1 which fix this CVE and was mentioned here a coupe of hours
> ago. The patches are already in our SVN repo though, so you could try building
> them yourself with the older kernel-package, or wait a bit.

I think that the kernel-package problems have advanced this afternoon,
I put in one or two changes into trunk/linux-2.6. I haven't checked
the results of a build, but I encourage others to do so.

-- 
Horms

Reply to:

References:
- CVE-2005-2709 - Another local DoS in the kernel
  - From: Moritz Muehlenhoff <jmm@inutil.org>
- Re: CVE-2005-2709 - Another local DoS in the kernel
  - From: Sven Luther <sven.luther@wanadoo.fr>

Prev by Date: Re: CVE-2005-2709 - Another local DoS in the kernel
Next by Date: Re: CVE-2005-2709 - Another local DoS in the kernel
Previous by thread: Re: 2.6.14-3 Release [includes 2.6.14.1/CVE-2005-2709]
Next by thread: Re: CVE-2005-2709 - Another local DoS in the kernel
Index(es):
- Date
- Thread