Re: Linux 2.6.16.16
From: Chris Wright
Date: Thu May 11 2006 - 13:29:29 EST
* Maciej Soltysiak (solt2@xxxxxxxxxxxxxxxxx) wrote:
> But this one looks important, something that every kernel build
> has in its code path, however I am unable to say if I need it badly
> or maybe not.
The patch fixes a possible user-triggerable system lockup or memory leak.
In both cases it's a local DoS.
BTW, the CVE folks have decided to track this as two separate issues:
CVE-2006-1860 - the system lockup
CVE-2006-1859 - the memory leak
> Could we have a word or two under each patchlet that would qualify them
> somehow?
> Like:
> "Important, not required for all, apply if using SCTP"
> "Important, required for all, may *do bad things*, apply ASAP"
> "Critical, required for all, surely will *do bad things*, apply ASAP"
Assigning any official severity is a bit of a slippery slope, but
making sure it's clear what type of issue (i.e. local DoS in this case)
is very reasonable.
thanks,
-chris
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/