Re: [stable] [PATCH] vmsplice exploit fix (was: splice: fix userpointer access in get_iovec_page_array)

From: Greg KH
Date: Mon Feb 11 2008 - 02:49:06 EST


On Sun, Feb 10, 2008 at 11:29:50PM -0800, Daniel Phillips wrote:
> Kudos to all involved in the rapid response. But.
>
> Information on patching this vulnerability is not available front and
> center in many of the places you would expect: kernel.org front page,
> debian.org front page, covered on planet.debian.org but without a
> pointer to the patch, and so on. So this post provides a subject line
> for Google to find, and for good measure mentions the word
> vulnerability.

All currently active Linux kernel versions are now released with a fix
for this problem. We have released them through our normal channels,
with the needed information as to what the problem is, a pointer to the
CVE number, and the patch itself.

I don't think there's much more we need to do here, do you?

thanks,

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/