[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20100920165320.GA28380@Krystal>
Date: Mon, 20 Sep 2010 12:53:20 -0400
From: Mathieu Desnoyers <mathieu.desnoyers@...icios.com>
To: Greg Kroah-Hartman <gregkh@...e.de>, Ingo Molnar <mingo@...e.hu>,
Andrew Morton <akpm@...ux-foundation.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
linux-kernel@...r.kernel.org, stable@...nel.org,
"H. Peter Anvin" <hpa@...ux.intel.com>,
Roland McGrath <roland@...hat.com>,
Ben Hawkes <hawkes@...a.gen.nz>
Subject: planned 2.6.35.x -stable release for critical x86-64
vulnerabilities ?
Hi Greg,
Sorry to have to ask this, but I was wondering about the ETA for the next round
of -stable releases including fixes for the following bugs that seems to be
actively exploited in the wild
(http://blog.iweb.com/en/2010/09/64bits-linux-important-security-vulnerability-identified/5437.html
http://isc.sans.edu/diary.html?storyid=9574):
CVE-2010-3081 (fixed by upstream
commit c41d68a513c71e35a14f66d71782d27a79a81ea6)
"compat: Make compat_alloc_user_space() incorporate the access_ok()"
and
CVE-2010-3301 (fixed by upstream
commit 36d001c70d8a0144ac1d038f6876c484849a74de
"x86-64, compat: Test %rax for the syscall number, not %eax"
and
commit
commit eefdca043e8391dcd719711716492063030b55ac
"x86-64, compat: Retruncate rax after ia32 syscall entry tracing")
I'd like to rebase the LTTng tree on top of -stable as soon as it incorporates
these fixes. I could just pull the fixes in my own tree, but this would be
duplicated effort.
Again, sorry for the hassle, but I feel these bugs require immediate attention.
Thanks,
Mathieu
--
Mathieu Desnoyers
Operating System Efficiency R&D Consultant
EfficiOS Inc.
http://www.efficios.com
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists