lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 4 Jun 2016 13:33:21 +0200 From: Willy Tarreau <w@....eu> To: Jeffrey Vander Stoep <jeffv@...gle.com> Cc: stable@...r.kernel.org, linux-kernel@...r.kernel.org, Greg KH <gregkh@...uxfoundation.org>, lizefan@...wei.com Subject: Re: Patch for CVE-2016-0774 missing from stable 3.4 and 3.10 kernels Hi, On Mon, Mar 28, 2016 at 04:53:48PM -0700, Jeffrey Vander Stoep wrote: > https://lkml.org/lkml/2016/2/23/812 "pipe: Fix buffer offset after > partially failed read" is missing from the stable 3.4.y and 3.10.y > kernels. It has been included in 3.2.y and 3.14.y. > > I am able to cause a kernel panic without this patch. Just a heads up on this one, it is *not* included in 3.14 as of 3.14.71. It's in 3.2 and 3.4 however. Greg, you can pick commit feae3ca2e5e1a from kernel 3.2, it will apply with an offset. Regards, Willy
Powered by blists - more mailing lists