pending stable kernel security updates
Kees Cook
kees at ubuntu.com
Tue Jun 24 15:28:04 UTC 2008
On Tue, Jun 24, 2008 at 08:45:38AM -0600, Tim Gardner wrote:
> Kees Cook wrote:
> > I need help with CVE-2008-1615: the code has changed a lot between
> > revisions, has been touched by the virt bits, and is pretty non-obvious
> > to me.
>
> Kees - As far as I can tell CVE-2008-1615 does not apply to
> Dapper/Feisty/Gutsy/Hardy. See
That's what I was thinking too, except that I got seriously confused
comparing the upstream fix (a57dae3aa4d00a000b5bac4238025438204c78b2)
with what was in the RH bug and what Debian used:
https://bugzilla.redhat.com/attachment.cgi?id=294062
http://svn.debian.org/wsvn/kernel/dists/etch-security/linux-2.6/debian/patches/bugfix/amd64-cs-corruption.patch?op=file&rev=0&sc=0
It seems almost unrelated to the upstream commit. ?
> You can also read Roland McGrath's somewhat caustic commit log entry in
> a57dae3aa4d00a000b5bac4238025438204c78b2 if you are in need of some humor.
Yeah, owchy. :)
-Kees
--
Kees Cook
Ubuntu Security Team
More information about the kernel-team
mailing list