r4462 - people/micah
Dann Frazier
dannf at costa.debian.org
Fri Oct 14 17:08:46 UTC 2005
Author: dannf
Date: 2005-10-14 17:08:37 +0000 (Fri, 14 Oct 2005)
New Revision: 4462
Modified:
people/micah/pending_CVE_requests
Log:
more info on fs-exec-posix-timers-leak-*
Modified: people/micah/pending_CVE_requests
===================================================================
--- people/micah/pending_CVE_requests 2005-10-14 12:55:51 UTC (rev 4461)
+++ people/micah/pending_CVE_requests 2005-10-14 17:08:37 UTC (rev 4462)
@@ -25,12 +25,14 @@
* fs-exec-posix-timers-leak-2.dpatch
Draft CVE text:
-Leaks were discovered in the exec structure of linux-2.6, resulting in
-pending signal loss... how is this a security problem?
-dannf: I don't think this is a security problem; the patch name is a misnomer - it was submitted
-dannf: at the same time as a patch that fixes a leak, but this patch actual prevents a signal loss
+Pending signals maybe lost during a multithreaded exec in Linux 2.6 kernels
+prior to 2.6.10. This is a violation of the POSIX specification, and can give
+unexpected results when a signal delivered during an exec vanishes.
+dannf: I don't think this is a security problem; the patch name is a misnomer -
+dannf: it was submitted at the same time as a patch that fixes a leak, but this
+dannf: patch actual prevents a signal loss.
URL: http://linux.bkbits.net:8080/linux-2.6/cset@4174ac1exFxpMg163OsRuPZLQrlBKg
-TODO: Description is weak, also what upstream version is this fixed in?
+URL: http://www.ussg.iu.edu/hypermail/linux/kernel/0409.1/1107.html
* net-bridge-forwarding-poison-1.dpatch,
net-bridge-forwarding-poison-2.dpatch:
More information about the Kernel-svn-changes
mailing list