[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CVE-2005-2709 - Another local DoS in the kernel

On Wed, Nov 09, 2005 at 03:22:59PM +0100, Sven Luther wrote:
> On Wed, Nov 09, 2005 at 02:48:10PM +0100, Moritz Muehlenhoff wrote:
> > Hi Horms and the rest of debian-kernel,
> > Al Viro has found another local DoS vulnerability in the kernel; one
> > can trigger an oops in sysctl. The fix is the only code change in
> > 2.6.14.1 and has been assigned CVE-2005-2709.
> 
> Sadly, Manoj uploaded an untried kernel-package version to unstable, which
> broke kernel builds, this is currently being worked on, but at this time there
> has not been a confirmed fix yet, so it is not possible to upload packages
> containign 2.6.14.1 which fix this CVE and was mentioned here a coupe of hours
> ago. The patches are already in our SVN repo though, so you could try building
> them yourself with the older kernel-package, or wait a bit.

Well, i was wrong Manoj uploaded k-p 10.008 to experimental, i was confunded
by the fact that he told us on irc that he was uploading to unstable, which
was probably a typo on his part, so forget anything about the above.

Friendly,

Sven Luther
Reply to: