[kernel] r4841 - patch-tracking
Dann Frazier
dannf at costa.debian.org
Sat Nov 19 16:52:48 UTC 2005
Author: dannf
Date: Sat Nov 19 16:52:48 2005
New Revision: 4841
Added:
patch-tracking/CVE-2005-3527
- copied, changed from r4839, patch-tracking/00boilerplate
Log:
initial evaluation
Copied: patch-tracking/CVE-2005-3527 (from r4839, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate (original)
+++ patch-tracking/CVE-2005-3527 Sat Nov 19 16:52:48 2005
@@ -1,10 +1,21 @@
-Candidate:
+Candidate: CVE-2005-3527
References:
-Description:
+ CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/davem/sparc-2.6.git;a=commitdiff;h=788e05a67c343fa22f2ae1d3ca264e7f15c25eaf
+Description: Race condition in signal handling
+ Race condition in do_coredump in signal.c in Linux kernel 2.6 allows local users
+ to cause a denial of service by triggering a core dump in one thread while another
+ thread has a pending SIGSTOP
Notes:
+ dannf> The changed code doesn't exist in 2.6.8. That code was added later in:
+ http://linux.bkbits.net:8080/linux-2.6/cset@41db7d2cBjKGtCZDlUmwwo2dgMZ6Wg?nav=index.html|src/|src/kernel|related/kernel/signal.c
+ Its unclear to me whether or not that patch added the bug, or just made it
+ look different.
+ Applying all the prereq changes to get our code to resemble the fixed
+ code does not look feasible; there are a lot, and some add new features.
+ dannf> Same with 2.4.27.
Bugs:
-upstream:
-2.6.14:
+upstream: released (2.6.14)
+2.6.14: N/A
2.6.8-sarge-security:
2.4.27-sarge-security:
2.6.8:
More information about the Kernel-svn-changes
mailing list