[kernel-sec-discuss] r4971 - active
Ben Hutchings
benh at moszumanska.debian.org
Tue Feb 21 20:12:43 UTC 2017
Author: benh
Date: 2017-02-21 20:12:43 +0000 (Tue, 21 Feb 2017)
New Revision: 4971
Modified:
active/CVE-2016-6786
active/CVE-2017-6001
Log:
Update notes for perf locking fixes
Modified: active/CVE-2016-6786
===================================================================
--- active/CVE-2016-6786 2017-02-21 19:49:15 UTC (rev 4970)
+++ active/CVE-2016-6786 2017-02-21 20:12:43 UTC (rev 4971)
@@ -2,9 +2,6 @@
References:
Notes:
bwh> The upstream fix was not complete; see CVE-2017-6001
- carnil> bwh pointed out to me (carnil) that the fix applied in jessie-security
- carnil> branch is not yet complete and a dependency commit is needed. Do not
- carnil> release in this state.
Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1403842
upstream: released (4.0-rc1) [f63a8daa5812afef4f06c962351687e1ff9ccb2b]
Modified: active/CVE-2017-6001
===================================================================
--- active/CVE-2017-6001 2017-02-21 19:49:15 UTC (rev 4970)
+++ active/CVE-2017-6001 2017-02-21 20:12:43 UTC (rev 4971)
@@ -1,7 +1,8 @@
Description: Possible privilege escalation due to lack of locking around changing event->ctx
References:
Notes:
- bwh> This is left over from an incomplete fix for CVE-2016-6786
+ bwh> This is left over from an incomplete fix for CVE-2016-6786.
+ bwh> Note dependency on commit 130056275ade "perf: Do not double free".
Bugs:
upstream: released (4.10-rc4) [321027c1fe77f892f4ea07846aeae08cefbbb290]
4.9-upstream-stable: released (4.9.7) [922813f4d66fb317e8602d058d03a1619af1ffd0]
More information about the kernel-sec-discuss
mailing list