Re: Linux 2.6.16.16
From: Nick Warne
Date: Sat May 13 2006 - 13:29:34 EST
On 13/05/06, Adrian Bunk <bunk@xxxxxxxxx> wrote:
The CVE should be enough for easily getting all information you
requested.
Information whether it's a DoS or a root exploit is helpful, but any
qualified person doing risk management will anyways lookup the CVE.
Well, yes, but some people do *actually* use the latest kernel at home
and not in labs (et al), and as Maciej asked, we are not sure whether
the (whatever) latest patch is needed or not on whatever our current
config is the way the latest stable fixes are announced.
" [PATCH] fs/locks.c: Fix lease_init (CVE-2006-1860)
It is insane to be giving lease_init() the task of freeing the lock it is
supposed to initialise, given that the lock is not guaranteed to be
allocated on the stack. This causes lockups in fcntl_setlease().
Problem diagnosed by Daniel Hokka Zakrisson <daniel@xxxxxxxxx>
Also fix a slab leak in __setlease() due to an uninitialised return value.
Problem diagnosed by Bj�¶rn Steinbrink.
"
OK, great. But what does it mean?
It would be nice to have a short explanation of what the fix is for in
real world terms.
Nick
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/