Re: Missing security fixes for Woody kernel

To: debian-security@lists.debian.org
Subject: Re: Missing security fixes for Woody kernel
From: Christophe Chisogne <christophe@publicityweb.com>
Date: Thu, 30 Dec 2004 11:27:12 +0100
Message-id: <[🔎] 41D3D800.5030307@publicityweb.com>
In-reply-to: <co4cku$9i$1@sea.gmane.org>
References: <co4cku$9i$1@sea.gmane.org>

Philip Ross a écrit :

The latest 2.4 kernel for Woody (kernel-image-2.4.18-1-686 version2.4.18-13.1) is still vulnerable to the FPU crash CAN-2004-0554discovered back in June 2004 and fixed in the 2.4.27 kernel. The codeavailable at http://www.securiteam.com/exploits/5ZP0N0AD5A.html willcrash an up to date Woody system.


In the kernel-source 2.4.27-6 changelog
http://packages.debian.org/changelogs/pool/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-6/changelog
I see that the "FPU crash CAN-2004-0554" is fixed:
(...)
kernel-source-2.4.26 (2.4.26-3) unstable; urgency=low
   * Fix clear_cpu() marco [CAN-2004-0554]
    . include/asm-i386/i387.h
    . include/asm-x86_64/i387.h

Is there going to be a backported fix for this issue for Woody?


Dont know. I simply installed a 2.4.27 kernel on the Woody box.

Christophe

Reply to:

Follow-Ups:
- Re: Missing security fixes for Woody kernel
  - From: Christophe Chisogne <christophe@publicityweb.com>

Prev by Date: Re: Kernel Vulnerabilities
Next by Date: Re: Missing security fixes for Woody kernel
Previous by thread: Re: Kernel Vulnerabilities
Next by thread: Re: Missing security fixes for Woody kernel
Index(es):
- Date
- Thread