Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 19 Apr 2010 09:46:44 +0800
From: Eugene Teo <eugene@...hat.com>
To: oss-security@...ts.openwall.com
CC: Michael Gilbert <michael.s.gilbert@...il.com>
Subject: Re: kernel: hvc_console: Fix race between hvc_close
 and hvc_remove

Hi Michael,

On 04/18/2010 06:15 AM, Michael Gilbert wrote:
> On Thu, 04 Mar 2010 17:03:58 +0800 Eugene Teo wrote:
>
>> Heads-up. You might want to backport this if your kernel is affected. We
>> are not requesting a CVE name for this as it does not affect any of our
>> Red Hat supported kernels.
>
> are you sure about this?  i see the vulnerable code upstream in both

Thanks for making sure.

> 2.6.26 and 2.6.32.  does redhat not ship hvc in their kernels?  i think
> this should get a cve id because the more vanilla distros will have
> shipped with this included.

At least not for the officially supported kernels as shipped in Red Hat 
Enterprise Linux. I don't speak for other vendors, so if they need a CVE 
name, they should request for one.

Thanks, Eugene
--
Eugene Teo / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ