Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S964808AbWENEBv (ORCPT ); Sun, 14 May 2006 00:01:51 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S964810AbWENEBv (ORCPT ); Sun, 14 May 2006 00:01:51 -0400 Received: from ns2.suse.de ([195.135.220.15]:39145 "EHLO mx2.suse.de") by vger.kernel.org with ESMTP id S964808AbWENEBu (ORCPT ); Sun, 14 May 2006 00:01:50 -0400 Date: Sat, 13 May 2006 20:59:37 -0700 From: Greg KH To: nick@linicks.net Cc: Adrian Bunk , Ingo Oeser , Chris Wright , Maciej Soltysiak , linux-kernel@vger.kernel.org Subject: Re: Linux 2.6.16.16 Message-ID: <20060514035937.GA6498@kroah.com> References: <20060511022547.GE25010@moss.sous-sol.org> <296295514.20060511123419@dns.toxicfilms.tv> <20060511173312.GI25010@moss.sous-sol.org> <200605131735.20062.ioe-lkml@rameria.de> <20060513155610.GB6931@stusta.de> <7c3341450605131029l194174f3v7339dce0e234b555@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <7c3341450605131029l194174f3v7339dce0e234b555@mail.gmail.com> User-Agent: Mutt/1.5.11 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1782 Lines: 43 On Sat, May 13, 2006 at 06:29:25PM +0100, Nick Warne wrote: > On 13/05/06, Adrian Bunk wrote: > >The CVE should be enough for easily getting all information you > >requested. > > > >Information whether it's a DoS or a root exploit is helpful, but any > >qualified person doing risk management will anyways lookup the CVE. > > Well, yes, but some people do *actually* use the latest kernel at home > and not in labs (et al), and as Maciej asked, we are not sure whether > the (whatever) latest patch is needed or not on whatever our current > config is the way the latest stable fixes are announced. > > " [PATCH] fs/locks.c: Fix lease_init (CVE-2006-1860) > > It is insane to be giving lease_init() the task of freeing the lock it is > supposed to initialise, given that the lock is not guaranteed to be > allocated on the stack. This causes lockups in fcntl_setlease(). > Problem diagnosed by Daniel Hokka Zakrisson > > Also fix a slab leak in __setlease() due to an uninitialised return > value. > Problem diagnosed by Bj????rn Steinbrink. > " > > OK, great. But what does it mean? > > It would be nice to have a short explanation of what the fix is for in > real world terms. To be fair, the extra work of writing out a detailed exploit, complete with example code, for every security update, would just take way too long. If you look for where this patch was discussed on lkml, you will see a full description of the problem, and how to hit it. thanks, greg k-h - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/