[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CVE-2005-2709 - Another local DoS in the kernel

Sven Luther <sven.luther@wanadoo.fr> wrote:
> On Wed, Nov 09, 2005 at 03:22:59PM +0100, Sven Luther wrote:
>> On Wed, Nov 09, 2005 at 02:48:10PM +0100, Moritz Muehlenhoff wrote:
>> > Hi Horms and the rest of debian-kernel,
>> > Al Viro has found another local DoS vulnerability in the kernel; one
>> > can trigger an oops in sysctl. The fix is the only code change in
>> > 2.6.14.1 and has been assigned CVE-2005-2709.
>> 
>> Sadly, Manoj uploaded an untried kernel-package version to unstable, which
>> broke kernel builds, this is currently being worked on, but at this time there
>> has not been a confirmed fix yet, so it is not possible to upload packages
>> containign 2.6.14.1 which fix this CVE and was mentioned here a coupe of hours
>> ago. The patches are already in our SVN repo though, so you could try building
>> them yourself with the older kernel-package, or wait a bit.
> 
> Well, i was wrong Manoj uploaded k-p 10.008 to experimental, i was confunded
> by the fact that he told us on irc that he was uploading to unstable, which
> was probably a typo on his part, so forget anything about the above.

I guess we can upload at will then.

-- 
Horms
Reply to: