[kernel] r5498 - patch-tracking
Dann Frazier
dannf at costa.debian.org
Tue Jan 17 06:09:42 UTC 2006
Author: dannf
Date: Tue Jan 17 06:09:41 2006
New Revision: 5498
Modified:
patch-tracking/CVE-2005-0977
Log:
2.4 probably needs this, but the backport isn't trivial enough for me
Modified: patch-tracking/CVE-2005-0977
==============================================================================
--- patch-tracking/CVE-2005-0977 (original)
+++ patch-tracking/CVE-2005-0977 Tue Jan 17 06:09:41 2006
@@ -9,10 +9,13 @@
2.6 does not properly verify the address argument, which allows local users
to cause a denial of service (kernel crash) via an invalid address.
Notes:
+ dannf> 2.4 does look vulnerable, but the 2.6 fix won't work directly because
+ 2.4 doesn't have i_size_read(). The 2.6 i_size_read() uses seqlocks, which
+ aren't in 2.4, so the port isn't trivial for me.
Bugs: 303177
upstream: released (2.6.11)
linux-2.6: N/A
-2.6.8-sarge-security: N/A
+2.6.8-sarge-security: released (2.6.8-16) [mm-shmem-truncate.dpatch]
2.4.27-sarge-security:
2.4.19-woody-security:
2.4.18-woody-security:
More information about the Kernel-svn-changes
mailing list