[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Some new 2.4.27 security patches

On Fri, Oct 14, 2005 at 04:30:10PM +0900, Horms wrote:
> > Also this patch:
> > http://linux.bkbits.net:8080/linux-2.4/diffs/fs/xfs/xfs_inode.c@1.131?nav=index.html|src/|src/fs|src/fs/xfs|related/fs/xfs/xfs_dinode.h|cset@1.1448.45.6|hist/fs/xfs/xfs_inode.c
> > ([XFS] Handle inode creation race) should also be applied since it
> > appears to be a security issue.
> Fixed in 2.4.29-pre1
> Patch: http://linux.bkbits.net:8080/linux-2.4/cset@1.1448.45.21?nav=index.html|src/|src/fs|src/fs/xfs|related/fs/xfs/xfs_inode.c
> ChangeLog: http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.29
> I'll get this into SVN for 2.4.27.
> It does not seem to relate to 2.6 at all.
> > I am having trouble locating CAN numbers for these, does anyone know if
> > there are any?
> I don't think there are any. Perhaps we should file for the 2nd one.
> I noice that hlh was involved in that patch, perhaps
> he can provide a slightly longer description.

It turns out that this patch introduces a bug in the form of a missing
symbol (#343970).


The fix for this is to add an additional patch, which was also included
in 2.4.29-pre1


I have added this for inclusion in Sid's (trunk) 2.4.27-13.

I have removed the original patch from sarge-security's 2.4.27-10sarge2
as I believe that these patches are far to large for a security release.
I don't believe they have been closely examined. And we don't even
have a CVE for them. Should we add a patch-tracker entry for them
and consider them for "sarge3"?


Reply to: