Re: Patch for CVE-2016-0774 missing from stable 3.4 and 3.10 kernels
From: Willy Tarreau
Date: Sat Jun 04 2016 - 07:33:34 EST
Hi,
On Mon, Mar 28, 2016 at 04:53:48PM -0700, Jeffrey Vander Stoep wrote:
> https://lkml.org/lkml/2016/2/23/812 "pipe: Fix buffer offset after
> partially failed read" is missing from the stable 3.4.y and 3.10.y
> kernels. It has been included in 3.2.y and 3.14.y.
>
> I am able to cause a kernel panic without this patch.
Just a heads up on this one, it is *not* included in 3.14 as of 3.14.71.
It's in 3.2 and 3.4 however. Greg, you can pick commit feae3ca2e5e1a
from kernel 3.2, it will apply with an offset.
Regards,
Willy