* planned 2.6.35.x -stable release for critical x86-64 vulnerabilities ? @ 2010-09-20 16:53 Mathieu Desnoyers 2010-09-20 17:23 ` Greg KH 0 siblings, 1 reply; 4+ messages in thread From: Mathieu Desnoyers @ 2010-09-20 16:53 UTC (permalink / raw) To: Greg Kroah-Hartman, Ingo Molnar, Andrew Morton, Linus Torvalds, linux-kernel, stable, H. Peter Anvin, Roland McGrath, Ben Hawkes Hi Greg, Sorry to have to ask this, but I was wondering about the ETA for the next round of -stable releases including fixes for the following bugs that seems to be actively exploited in the wild (http://blog.iweb.com/en/2010/09/64bits-linux-important-security-vulnerability-identified/5437.html http://isc.sans.edu/diary.html?storyid=9574): CVE-2010-3081 (fixed by upstream commit c41d68a513c71e35a14f66d71782d27a79a81ea6) "compat: Make compat_alloc_user_space() incorporate the access_ok()" and CVE-2010-3301 (fixed by upstream commit 36d001c70d8a0144ac1d038f6876c484849a74de "x86-64, compat: Test %rax for the syscall number, not %eax" and commit commit eefdca043e8391dcd719711716492063030b55ac "x86-64, compat: Retruncate rax after ia32 syscall entry tracing") I'd like to rebase the LTTng tree on top of -stable as soon as it incorporates these fixes. I could just pull the fixes in my own tree, but this would be duplicated effort. Again, sorry for the hassle, but I feel these bugs require immediate attention. Thanks, Mathieu -- Mathieu Desnoyers Operating System Efficiency R&D Consultant EfficiOS Inc. http://www.efficios.com ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: planned 2.6.35.x -stable release for critical x86-64 vulnerabilities ? 2010-09-20 16:53 planned 2.6.35.x -stable release for critical x86-64 vulnerabilities ? Mathieu Desnoyers @ 2010-09-20 17:23 ` Greg KH 2010-09-20 17:38 ` Mathieu Desnoyers 0 siblings, 1 reply; 4+ messages in thread From: Greg KH @ 2010-09-20 17:23 UTC (permalink / raw) To: Mathieu Desnoyers Cc: Ingo Molnar, Andrew Morton, Linus Torvalds, linux-kernel, stable, H. Peter Anvin, Roland McGrath, Ben Hawkes On Mon, Sep 20, 2010 at 12:53:20PM -0400, Mathieu Desnoyers wrote: > Hi Greg, > > Sorry to have to ask this, but I was wondering about the ETA for the next round > of -stable releases including fixes for the following bugs that seems to be > actively exploited in the wild > (http://blog.iweb.com/en/2010/09/64bits-linux-important-security-vulnerability-identified/5437.html > http://isc.sans.edu/diary.html?storyid=9574): > > CVE-2010-3081 (fixed by upstream > commit c41d68a513c71e35a14f66d71782d27a79a81ea6) > "compat: Make compat_alloc_user_space() incorporate the access_ok()" > > and > CVE-2010-3301 (fixed by upstream > commit 36d001c70d8a0144ac1d038f6876c484849a74de > "x86-64, compat: Test %rax for the syscall number, not %eax" > and > commit > commit eefdca043e8391dcd719711716492063030b55ac > "x86-64, compat: Retruncate rax after ia32 syscall entry tracing") > > I'd like to rebase the LTTng tree on top of -stable as soon as it incorporates > these fixes. I could just pull the fixes in my own tree, but this would be > duplicated effort. > > Again, sorry for the hassle, but I feel these bugs require immediate attention. Does NOBODY frickin read my -rc stable announcements? This is only the 8th email today that I've gotten about this issue. {sigh} I don't know why I even bother at times... Sorry, I don't mean to take it out on you, but please people, at least do some basic searching. Like look at the -stable queue git tree which shows that a -rc has been released and is under review, or look at the lkml traffic, or, subscribe to the stable-review mailing list or look at its archives. greg k-h ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: planned 2.6.35.x -stable release for critical x86-64 vulnerabilities ? 2010-09-20 17:23 ` Greg KH @ 2010-09-20 17:38 ` Mathieu Desnoyers 2010-09-20 17:45 ` Greg KH 0 siblings, 1 reply; 4+ messages in thread From: Mathieu Desnoyers @ 2010-09-20 17:38 UTC (permalink / raw) To: Greg KH Cc: Ingo Molnar, Andrew Morton, Linus Torvalds, linux-kernel, stable, H. Peter Anvin, Roland McGrath, Ben Hawkes * Greg KH (gregkh@suse.de) wrote: > On Mon, Sep 20, 2010 at 12:53:20PM -0400, Mathieu Desnoyers wrote: > > Hi Greg, > > > > Sorry to have to ask this, but I was wondering about the ETA for the next round > > of -stable releases including fixes for the following bugs that seems to be > > actively exploited in the wild > > (http://blog.iweb.com/en/2010/09/64bits-linux-important-security-vulnerability-identified/5437.html > > http://isc.sans.edu/diary.html?storyid=9574): > > > > CVE-2010-3081 (fixed by upstream > > commit c41d68a513c71e35a14f66d71782d27a79a81ea6) > > "compat: Make compat_alloc_user_space() incorporate the access_ok()" > > > > and > > CVE-2010-3301 (fixed by upstream > > commit 36d001c70d8a0144ac1d038f6876c484849a74de > > "x86-64, compat: Test %rax for the syscall number, not %eax" > > and > > commit > > commit eefdca043e8391dcd719711716492063030b55ac > > "x86-64, compat: Retruncate rax after ia32 syscall entry tracing") > > > > I'd like to rebase the LTTng tree on top of -stable as soon as it incorporates > > these fixes. I could just pull the fixes in my own tree, but this would be > > duplicated effort. > > > > Again, sorry for the hassle, but I feel these bugs require immediate attention. > > Does NOBODY frickin read my -rc stable announcements? This is only the > 8th email today that I've gotten about this issue. > > {sigh} > > I don't know why I even bother at times... > > Sorry, I don't mean to take it out on you, but please people, at least > do some basic searching. Like look at the -stable queue git tree which > shows that a -rc has been released and is under review, or look at the > lkml traffic, or, subscribe to the stable-review mailing list or look at > its archives. I did look at the stable-queue.git tree, and did not find anything about 2.6.35. The tree only specify "start .27/.32 review cycle". Nothing about .35. This is why I thought it was appropriate to email you about 2.6.35.x. I'll also read the -rc stable announcements next time, point taken. Thanks, Mathieu -- Mathieu Desnoyers Operating System Efficiency R&D Consultant EfficiOS Inc. http://www.efficios.com ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: planned 2.6.35.x -stable release for critical x86-64 vulnerabilities ? 2010-09-20 17:38 ` Mathieu Desnoyers @ 2010-09-20 17:45 ` Greg KH 0 siblings, 0 replies; 4+ messages in thread From: Greg KH @ 2010-09-20 17:45 UTC (permalink / raw) To: Mathieu Desnoyers Cc: Ingo Molnar, Andrew Morton, Linus Torvalds, linux-kernel, stable, H. Peter Anvin, Roland McGrath, Ben Hawkes On Mon, Sep 20, 2010 at 01:38:41PM -0400, Mathieu Desnoyers wrote: > * Greg KH (gregkh@suse.de) wrote: > > On Mon, Sep 20, 2010 at 12:53:20PM -0400, Mathieu Desnoyers wrote: > > > Hi Greg, > > > > > > Sorry to have to ask this, but I was wondering about the ETA for the next round > > > of -stable releases including fixes for the following bugs that seems to be > > > actively exploited in the wild > > > (http://blog.iweb.com/en/2010/09/64bits-linux-important-security-vulnerability-identified/5437.html > > > http://isc.sans.edu/diary.html?storyid=9574): > > > > > > CVE-2010-3081 (fixed by upstream > > > commit c41d68a513c71e35a14f66d71782d27a79a81ea6) > > > "compat: Make compat_alloc_user_space() incorporate the access_ok()" > > > > > > and > > > CVE-2010-3301 (fixed by upstream > > > commit 36d001c70d8a0144ac1d038f6876c484849a74de > > > "x86-64, compat: Test %rax for the syscall number, not %eax" > > > and > > > commit > > > commit eefdca043e8391dcd719711716492063030b55ac > > > "x86-64, compat: Retruncate rax after ia32 syscall entry tracing") > > > > > > I'd like to rebase the LTTng tree on top of -stable as soon as it incorporates > > > these fixes. I could just pull the fixes in my own tree, but this would be > > > duplicated effort. > > > > > > Again, sorry for the hassle, but I feel these bugs require immediate attention. > > > > Does NOBODY frickin read my -rc stable announcements? This is only the > > 8th email today that I've gotten about this issue. > > > > {sigh} > > > > I don't know why I even bother at times... > > > > Sorry, I don't mean to take it out on you, but please people, at least > > do some basic searching. Like look at the -stable queue git tree which > > shows that a -rc has been released and is under review, or look at the > > lkml traffic, or, subscribe to the stable-review mailing list or look at > > its archives. > > I did look at the stable-queue.git tree, and did not find anything about 2.6.35. > The tree only specify "start .27/.32 review cycle". Nothing about .35. This is > why I thought it was appropriate to email you about 2.6.35.x. Ah, sorry, I forgot to move the .35 tree in the queue quilt series, my mistake. It's now done and pushed out. thanks, greg k-h ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2010-09-20 17:47 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2010-09-20 16:53 planned 2.6.35.x -stable release for critical x86-64 vulnerabilities ? Mathieu Desnoyers 2010-09-20 17:23 ` Greg KH 2010-09-20 17:38 ` Mathieu Desnoyers 2010-09-20 17:45 ` Greg KH
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox