retitle 330353 kernel-source-2.6.8: CAN-2005-3053 reassign 330353 kernel-source-2.6.8 tags 330353 + sarge thanks
On Tue, 2005-09-27 at 19:37 +0200, Moritz Muehlenhoff wrote: > Package: linux-2.6 > Severity: important > Tags: security > > Two more local denial-of-service vulnerabilities have been > found in the Linux 2.6 kernel: > > CAN-2005-3055: > Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial of > service > (kernel OOPS) via a userspace process that issues a USB Request Block (URB) > to a > USB device and terminates before the URB is finished, which leads to a stale > pointer reference. Thanks Moritz. This one is already covered by #330287, so let's track it there. In general, its easier to deal with one issue per bug report. > CAN-2005-3053: > The sys_set_mempolicy function in mempolicy.c in Linux kernel 2.6.x allows > local > users to cause a denial of service (kernel BUG()) via a negative first > argument. > > http://linux.bkbits.net:8080/linux-2.6/[EMAIL PROTECTED] I've included this patch in our sarge and sarge-security branches of 2.6.8. This patch is part of the patch-2.6.12.5 patch, which was included as part of linux-2.6 (2.6.12-3). This patch was already included in the upstream release of 2.6.13. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]