Re: Linux 2.6.16.16

[Nick Warne]

On 13/05/06, Adrian Bunk <bunk@xxxxxxxxx> wrote:
> The CVE should be enough for easily getting all information you
> requested.
>
> Information whether it's a DoS or a root exploit is helpful, but any
> qualified person doing risk management will anyways lookup the CVE.

Well, yes, but some people do *actually* use the latest kernel at home
and not in labs (et al), and as Maciej asked, we are not sure whether
the (whatever) latest patch is needed or not on whatever our current
config is the way the latest stable fixes are announced.

"    [PATCH] fs/locks.c: Fix lease_init (CVE-2006-1860)

   It is insane to be giving lease_init() the task of freeing the lock it is
   supposed to initialise, given that the lock is not guaranteed to be
   allocated on the stack. This causes lockups in fcntl_setlease().
   Problem diagnosed by Daniel Hokka Zakrisson <daniel@xxxxxxxxx>

   Also fix a slab leak in __setlease() due to an uninitialised return value.
   Problem diagnosed by Bj�¶rn Steinbrink.
"

OK, great.  But what does it mean?

It would be nice to have a short explanation of what the fix is for in
real world terms.

Nick
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/