lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAG-aW04YvZVxKBhSAYqhr5OBFovA3HHHWgdfEQU_jXKzQK7QdA@mail.gmail.com>
Date:	Sun, 7 Sep 2014 02:47:55 +0200
From:	Matt <jackdachef@...il.com>
To:	Greg KH <gregkh@...uxfoundation.org>
Cc:	Linux Kernel <linux-kernel@...r.kernel.org>,
	ReiserFS Mailing List <reiserfs-devel@...r.kernel.org>
Subject: Re: linux-3.16.2 queue (3.16.1+)

On Thu, Aug 28, 2014 at 9:18 PM, Matt <jackdachef@...il.com> wrote:
> On Thu, Aug 28, 2014 at 5:32 PM, Greg KH <gregkh@...uxfoundation.org> wrote:
>> On Thu, Aug 28, 2014 at 05:27:27PM +0200, Matt wrote:
>>> On Thu, Aug 28, 2014 at 5:22 PM, Greg KH <gregkh@...uxfoundation.org> wrote:
>>> > On Thu, Aug 28, 2014 at 05:16:58PM +0200, Matt wrote:
>>> >> Hi Greg,
>>> >>
>>> >>
>>> >> please consider adding the following 2 patches to 3.16.2:
>>> >>
>>> >> Jan Kara (1):
>>> >>       reiserfs: Fix use after free in journal teardown
>>> >>
>>> >> Jeff Mahoney (1):
>>> >>       reiserfs: fix corruption introduced by balance_leaf refactor
>>> >>
>>> >>
>>> >>
>>> >> Reason/Related:
>>> >>
>>> >> https://bugzilla.kernel.org/show_bug.cgi?id=83121
>>> >>
>>> >> https://bugzilla.kernel.org/show_bug.cgi?id=83321
>>> >>
>>> >> http://forums.gentoo.org/viewtopic-t-998538-postdays-0-postorder-asc-start-0.html
>>> >>
>>> >>
>>> >> Many thanks in advance
>>> >
>>> > I need git commit ids of these patches in Linus's tree, can you provide
>>> > those please?
>>> >
>>> > thanks,
>>> >
>>> > greg k-h
>>>
>>>
>>> Sure:
>>>
>>> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=27d0e5bc85f3341b9ba66f0c23627cf9d7538c9d
>>> reiserfs: fix corruption introduced by balance_leaf refactor
>>>
>>>
>>> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=01777836c87081e4f68c4a43c9abe6114805f91e
>>> reiserfs: Fix use after free in journal teardown
>>>
>>>
>>>
>>> are checkpatch warnings usually also fixed within stable releases ?
>>
>> No, not at all, please read Documentation/stable_kernel_patches.txt for
>> what is acceptable for stable kernel patches.
>>
>> thanks,
>>
>> greg k-h
>
>
> okay, will do
>
> thanks for pointing that out
>
>
> Regards
>
> Matt

Hi Greg,

could you please add the above mentioned two patches

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=27d0e5bc85f3341b9ba66f0c23627cf9d7538c9d
reiserfs: fix corruption introduced by balance_leaf refactor


https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=01777836c87081e4f68c4a43c9abe6114805f91e
reiserfs: Fix use after free in journal teardown

in next stable (3.16.3) kernel ?

more and more people seem to be affected by the data corruption
introduced by the recent changes.


Reading through Documentation/stable_kernel_rules.txt,
http://cwe.mitre.org/data/definitions/416.html and
http://www.hpenterprisesecurity.com/vulncat/en/vulncat/cpp/use_after_free.html

both patches seem relevant enough (concerning data integrity
filesystem-wise and security) to be included for the stable branch


Thanks & Regards

Matt
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ