[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Missing security fixes for Woody kernel

Philip Ross a écrit :
The latest 2.4 kernel for Woody (kernel-image-2.4.18-1-686 version 2.4.18-13.1) is still vulnerable to the FPU crash CAN-2004-0554 discovered back in June 2004 and fixed in the 2.4.27 kernel. The code available at http://www.securiteam.com/exploits/5ZP0N0AD5A.html will crash an up to date Woody system.

In the kernel-source 2.4.27-6 changelog
I see that the "FPU crash CAN-2004-0554" is fixed:
kernel-source-2.4.26 (2.4.26-3) unstable; urgency=low
   * Fix clear_cpu() marco [CAN-2004-0554]
    . include/asm-i386/i387.h
    . include/asm-x86_64/i387.h

Is there going to be a backported fix for this issue for Woody?

Dont know. I simply installed a 2.4.27 kernel on the Woody box.


Reply to: