From: Greg KH <greg@kroah.com>
To: nick@linicks.net
Cc: Adrian Bunk <bunk@stusta.de>, Ingo Oeser <ioe-lkml@rameria.de>,
Chris Wright <chrisw@sous-sol.org>,
Maciej Soltysiak <solt2@dns.toxicfilms.tv>,
linux-kernel@vger.kernel.org
Subject: Re: Linux 2.6.16.16
Date: Sat, 13 May 2006 20:59:37 -0700 [thread overview]
Message-ID: <20060514035937.GA6498@kroah.com> (raw)
In-Reply-To: <7c3341450605131029l194174f3v7339dce0e234b555@mail.gmail.com>
On Sat, May 13, 2006 at 06:29:25PM +0100, Nick Warne wrote:
> On 13/05/06, Adrian Bunk <bunk@stusta.de> wrote:
> >The CVE should be enough for easily getting all information you
> >requested.
> >
> >Information whether it's a DoS or a root exploit is helpful, but any
> >qualified person doing risk management will anyways lookup the CVE.
>
> Well, yes, but some people do *actually* use the latest kernel at home
> and not in labs (et al), and as Maciej asked, we are not sure whether
> the (whatever) latest patch is needed or not on whatever our current
> config is the way the latest stable fixes are announced.
>
> " [PATCH] fs/locks.c: Fix lease_init (CVE-2006-1860)
>
> It is insane to be giving lease_init() the task of freeing the lock it is
> supposed to initialise, given that the lock is not guaranteed to be
> allocated on the stack. This causes lockups in fcntl_setlease().
> Problem diagnosed by Daniel Hokka Zakrisson <daniel@hozac.com>
>
> Also fix a slab leak in __setlease() due to an uninitialised return
> value.
> Problem diagnosed by Bj????rn Steinbrink.
> "
>
> OK, great. But what does it mean?
>
> It would be nice to have a short explanation of what the fix is for in
> real world terms.
To be fair, the extra work of writing out a detailed exploit, complete
with example code, for every security update, would just take way too
long. If you look for where this patch was discussed on lkml, you will
see a full description of the problem, and how to hit it.
thanks,
greg k-h
next prev parent reply other threads:[~2006-05-14 4:01 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-05-11 2:25 Linux 2.6.16.16 Chris Wright
2006-05-11 2:29 ` Chris Wright
2006-05-11 10:34 ` Maciej Soltysiak
2006-05-11 11:07 ` Nick Warne
2006-05-11 16:50 ` Daniel Barkalow
2006-05-11 17:33 ` Chris Wright
2006-05-11 18:03 ` BUG: soft lockup detected on CPU#0! Winn Johnston
2006-05-12 15:51 ` Winn Johnston
2006-05-13 15:35 ` Linux 2.6.16.16 Ingo Oeser
2006-05-13 15:56 ` Adrian Bunk
2006-05-13 17:29 ` Nick Warne
2006-05-14 3:59 ` Greg KH [this message]
2006-05-14 5:17 ` Willy Tarreau
2006-05-15 17:57 ` Chris Wright
2006-05-14 7:46 ` Maciej Soltysiak
2006-05-15 16:30 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060514035937.GA6498@kroah.com \
--to=greg@kroah.com \
--cc=bunk@stusta.de \
--cc=chrisw@sous-sol.org \
--cc=ioe-lkml@rameria.de \
--cc=linux-kernel@vger.kernel.org \
--cc=nick@linicks.net \
--cc=solt2@dns.toxicfilms.tv \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.