From: Greg KH <greg@kroah.com>
To: nick@linicks.net
Cc: Adrian Bunk <bunk@stusta.de>, Ingo Oeser <ioe-lkml@rameria.de>,
Chris Wright <chrisw@sous-sol.org>,
Maciej Soltysiak <solt2@dns.toxicfilms.tv>,
linux-kernel@vger.kernel.org
Subject: Re: Linux 2.6.16.16
Date: Sat, 13 May 2006 20:59:37 -0700 [thread overview]
Message-ID: <20060514035937.GA6498@kroah.com> (raw)
In-Reply-To: <7c3341450605131029l194174f3v7339dce0e234b555@mail.gmail.com>
On Sat, May 13, 2006 at 06:29:25PM +0100, Nick Warne wrote:
> On 13/05/06, Adrian Bunk <bunk@stusta.de> wrote:
> >The CVE should be enough for easily getting all information you
> >requested.
> >
> >Information whether it's a DoS or a root exploit is helpful, but any
> >qualified person doing risk management will anyways lookup the CVE.
>
> Well, yes, but some people do *actually* use the latest kernel at home
> and not in labs (et al), and as Maciej asked, we are not sure whether
> the (whatever) latest patch is needed or not on whatever our current
> config is the way the latest stable fixes are announced.
>
> " [PATCH] fs/locks.c: Fix lease_init (CVE-2006-1860)
>
> It is insane to be giving lease_init() the task of freeing the lock it is
> supposed to initialise, given that the lock is not guaranteed to be
> allocated on the stack. This causes lockups in fcntl_setlease().
> Problem diagnosed by Daniel Hokka Zakrisson <daniel@hozac.com>
>
> Also fix a slab leak in __setlease() due to an uninitialised return
> value.
> Problem diagnosed by Bj????rn Steinbrink.
> "
>
> OK, great. But what does it mean?
>
> It would be nice to have a short explanation of what the fix is for in
> real world terms.
To be fair, the extra work of writing out a detailed exploit, complete
with example code, for every security update, would just take way too
long. If you look for where this patch was discussed on lkml, you will
see a full description of the problem, and how to hit it.
thanks,
greg k-h
next prev parent reply other threads:[~2006-05-14 4:01 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-05-11 2:25 Linux 2.6.16.16 Chris Wright
2006-05-11 2:29 ` Chris Wright
2006-05-11 10:34 ` Maciej Soltysiak
2006-05-11 11:07 ` Nick Warne
2006-05-11 16:50 ` Daniel Barkalow
2006-05-11 17:33 ` Chris Wright
2006-05-11 18:03 ` BUG: soft lockup detected on CPU#0! Winn Johnston
2006-05-12 15:51 ` Winn Johnston
2006-05-13 15:35 ` Linux 2.6.16.16 Ingo Oeser
2006-05-13 15:56 ` Adrian Bunk
2006-05-13 17:29 ` Nick Warne
2006-05-14 3:59 ` Greg KH [this message]
2006-05-14 5:17 ` Willy Tarreau
2006-05-15 17:57 ` Chris Wright
2006-05-14 7:46 ` Maciej Soltysiak
2006-05-15 16:30 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060514035937.GA6498@kroah.com \
--to=greg@kroah.com \
--cc=bunk@stusta.de \
--cc=chrisw@sous-sol.org \
--cc=ioe-lkml@rameria.de \
--cc=linux-kernel@vger.kernel.org \
--cc=nick@linicks.net \
--cc=solt2@dns.toxicfilms.tv \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox