r4399 - in people/horms/patch_notes: . misc
Simon Horman
horms at costa.debian.org
Tue Oct 11 05:34:55 UTC 2005
Author: horms
Date: 2005-10-11 05:34:55 +0000 (Tue, 11 Oct 2005)
New Revision: 4399
Added:
people/horms/patch_notes/misc/
people/horms/patch_notes/misc/auditsyscall_leak
Log:
Added auditsyscall_leak
Added: people/horms/patch_notes/misc/auditsyscall_leak
===================================================================
--- people/horms/patch_notes/misc/auditsyscall_leak 2005-10-11 05:33:01 UTC (rev 4398)
+++ people/horms/patch_notes/misc/auditsyscall_leak 2005-10-11 05:34:55 UTC (rev 4399)
@@ -0,0 +1,22 @@
+Date: Mon, 10 Oct 2005 21:45:01 +0200
+To: horms at debian.org
+Cc: secure-testing-team at lists.alioth.debian.org
+Subject: Another kernel vulnerability
+Message-ID: <20051010194459.GA5119 at informatik.uni-bremen.de>
+
+Hi,
+I found this in an Ubuntu advisory, no CVE assignment seems yet to have
+been made.
+
+Robert Derr discovered a memory leak in the system call auditing code.
+On a kernel which has the CONFIG_AUDITSYSCALL option enabled, this
+leads to memory exhaustion and eventually a Denial of Service. A local
+attacker could also speed this up by excessively calling system calls.
+This only affects customized kernels built from the kernel source
+packages. The standard Ubuntu kernel does not have the
+CONFIG_AUDITSYSCALL option enabled, and is therefore not affected by
+this.
+(http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=829841146878e082613a49581ae252c071057c23)
+
+Cheers,
+ Moritz
More information about the Kernel-svn-changes
mailing list