Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932071AbWEMR31 (ORCPT ); Sat, 13 May 2006 13:29:27 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S932106AbWEMR31 (ORCPT ); Sat, 13 May 2006 13:29:27 -0400 Received: from wr-out-0506.google.com ([64.233.184.228]:10346 "EHLO wr-out-0506.google.com") by vger.kernel.org with ESMTP id S932071AbWEMR30 convert rfc822-to-8bit (ORCPT ); Sat, 13 May 2006 13:29:26 -0400 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=tj1/WHi8dOI1C8Dff+R6EREWpFd/iIsFxluYQCaVlus04e2B+c38TkVhPn2oVcSTFSjJ9jRtLiOZ7iEx8fKNMw/SCWx1z2KG7ygHiOBckHqgdcS+BNnn2SzGThKRjpUv2Zhrt9sbKnBLshMruQsdj1AKkrhXRagSJTQrLqkiq5s= Message-ID: <7c3341450605131029l194174f3v7339dce0e234b555@mail.gmail.com> Date: Sat, 13 May 2006 18:29:25 +0100 From: "Nick Warne" Reply-To: nick@linicks.net To: "Adrian Bunk" Subject: Re: Linux 2.6.16.16 Cc: "Ingo Oeser" , "Chris Wright" , "Maciej Soltysiak" , linux-kernel@vger.kernel.org In-Reply-To: <20060513155610.GB6931@stusta.de> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8BIT Content-Disposition: inline References: <20060511022547.GE25010@moss.sous-sol.org> <296295514.20060511123419@dns.toxicfilms.tv> <20060511173312.GI25010@moss.sous-sol.org> <200605131735.20062.ioe-lkml@rameria.de> <20060513155610.GB6931@stusta.de> Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1387 Lines: 34 On 13/05/06, Adrian Bunk wrote: > The CVE should be enough for easily getting all information you > requested. > > Information whether it's a DoS or a root exploit is helpful, but any > qualified person doing risk management will anyways lookup the CVE. Well, yes, but some people do *actually* use the latest kernel at home and not in labs (et al), and as Maciej asked, we are not sure whether the (whatever) latest patch is needed or not on whatever our current config is the way the latest stable fixes are announced. " [PATCH] fs/locks.c: Fix lease_init (CVE-2006-1860) It is insane to be giving lease_init() the task of freeing the lock it is supposed to initialise, given that the lock is not guaranteed to be allocated on the stack. This causes lockups in fcntl_setlease(). Problem diagnosed by Daniel Hokka Zakrisson Also fix a slab leak in __setlease() due to an uninitialised return value. Problem diagnosed by Björn Steinbrink. " OK, great. But what does it mean? It would be nice to have a short explanation of what the fix is for in real world terms. Nick - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/