Date: Wed, 7 Dec 2016 08:48:35 -0500 From: Brad Spengler <spender@...ecurity.net> To: oss-security@...ts.openwall.com Subject: Re: Re: CVE-2016-8655 Linux af_packet.c race condition (local root) 4.8.12 doesn't have the fix included, despite being released on the same day the commit was merged into net/ and despite the advance notice in private via security@...nel.org. It's currently in the net/ "stable" queue which operates seperately from the rest of the kernel. It'll be merged whenever that process plays itself out. -Brad On Wed, Dec 07, 2016 at 02:15:15PM +0100, Hanno B??ck wrote: > Hi, > > I'm running kernel 4.8.12, which has the fix you pointed out included, > however: > > > You can also run it with "crash" as the first argument to force a > > panic. > > running your code with the "crash" parameter reliably panics this > kernel. > This doesn't seem right. Is this an incomplete or nonworking fix? > > -- > Hanno B??ck > https://hboeck.de/ > > mail/jabber: hanno@...eck.de > GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ