Date: Sun, 8 Jun 2014 00:16:17 +0200 (CEST) From: Thomas Gleixner <tglx@...utronix.de> To: rf@...eap.de cc: oss-security@...ts.openwall.com Subject: Re: Linux kernel futex local privilege escalation (CVE-2014-3153) On Fri, 6 Jun 2014, rf@...eap.de wrote: > >>>>> "Thomas" == Thomas Gleixner <tglx@...utronix.de> writes: > > Hi Thomas, > > >> On Thu, Jun 05, 2014 at 11:38:27PM -0400, Rich Felker wrote: > >> > On Thu, Jun 05, 2014 at 06:45:45PM +0400, Solar Designer wrote: > >> > > I've attached patches by Thomas Gleixner (four e-mails, in > >> > > mbox format), as well as back-ports of those by John Johansen > >> > > of Canonical, who wrote: > >> > > >> > Maybe I'm missing something, but I can't find any statement of > >> > what version these patches are intended to apply cleanly > >> > to. They don't apply to latest stable. > >> > >> Thomas - can you answer Rich's question? This is about patches > >> you sent on June 3 to linux-distros, which Kees then saved into > >> an mbox file. > > Thomas> They should apply cleanly, if all stable tagged futex > Thomas> patches before that are applied. > > could you please clarify whether > > f0d71b3dcb8332f7971b5f2363632573e6d9486a futex: Prevent attaching to kernel threads > 866293ee54227584ffcb4a42f69c1f365974ba7f futex: Add another early deadlock detection check > > absolutely have to be applied as well for the CVE's to be fixed and > functionality being OK otherwise? I need to backport to 3.12.x. The patches > for 3.13 sent by Alexander applied cleanly to latest 3.12. I really recommend f0d71b3dcb8332f7971b5f2363632573e6d9486a. 866293ee54227584ffcb4a42f69c1f365974ba7f is made obsolete by the 4 real fixes, but applying it first gets rid of the rejects. Thanks, tglx
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ