[Lucid][CVE-2014-4608]PATCH 0/3] lzo: properly check for overruns
Andy Whitcroft
apw at canonical.com
Mon Jun 30 12:13:57 UTC 2014
On Fri, Jun 27, 2014 at 06:04:13PM +0100, Luis Henriques wrote:
> On Fri, Jun 27, 2014 at 10:52:13AM -0600, Tim Gardner wrote:
> > Well, I hope you got it right 'cause thats a lot of new code. Were you
> > able to test it ?
> >
> > --
> > Tim Gardner tim.gardner at canonical.com
>
> No, I didn't tested them (other than build-testing).
>
> I believe 2.6.32 kernels don't support lzo compressed kernels, so I
> would need find some other test case for that (shouldn't be too
> difficult, I guess). If you want me to test them, just NAK the Lucid
> patches and I'll see what I can do to test it next week.
>
> Anyway, lots of these changes are just moving code around and the
> difference between the backports and the original commits are
> virtually zero. But I share your concerns: I *really* hope I got this
> right as well :-)
When you say that we do not support LZO compressed kernels, does that
imply we could just turn this code off instead of fixing it? Or indeed
that it is already off?
On a quick inspection it is hard to tell what it is consumed by sadly.
But worth spending half an hour checking.
-apw
More information about the kernel-team
mailing list