[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[plamo:27321] linux-2.6.16.21が出ています。
-
From:名倉昭一
-
Date:Tue, 20 Jun 2006 19:57:03 +0900 (JST)
- Subject: [plamo:27321] linux-2.6.16.21が出ています。
- From: 名倉昭一<nagura-s@xxxxxxxxxxxx>
- Date: Tue, 20 Jun 2006 19:57:13 +0900
名倉 です。
linux-2.6.17リリース後ですが
linux-2.6.16.2が出ています。すこし長いですが以下ChangeLogの全文です。
commit 4ece57945f296ab05a8a958089c9a382cbb700b4
Author: Chris Wright <chrisw@sous-sol.org>
Date: Tue Jun 20 01:55:00 2006 -0700
Linux 2.6.16.21
commit ab46ee26dc90c5608c0d51c33a029fe514c0a49d
Author: Patrick McHardy <kaber@trash.net>
Date: Mon Jun 19 19:14:21 2006 +0200
[PATCH] xt_sctp: fix endless loop caused by 0 chunk length (CVE-2006-3085)
Fix endless loop in the SCTP match similar to those already fixed in the
SCTP conntrack helper (was CVE-2006-1527).
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
commit 0ba239cc0ef0ebf9d38cd733754fcf657ae79b2b
Author: Oleg Nesterov <oleg@tv-sign.ru>
Date: Thu Jun 15 20:11:43 2006 +0400
[PATCH] run_posix_cpu_timers: remove a bogus BUG_ON() (CVE-2006-2445)
do_exit() clears ->it_##clock##_expires, but nothing prevents
another cpu to attach the timer to exiting process after that.
arm_timer() tries to protect against this race, but the check
is racy.
After exit_notify() does 'write_unlock_irq(&tasklist_lock)' and
before do_exit() calls 'schedule() local timer interrupt can find
tsk->exit_state != 0. If that state was EXIT_DEAD (or another cpu
does sys_wait4) interrupted task has ->signal == NULL.
At this moment exiting task has no pending cpu timers, they were
cleanuped in __exit_signal()->posix_cpu_timers_exit{,_group}(),
so we can just return from irq.
John Stultz recently confirmed this bug, see
http://marc.theaimsgroup.com/?l=linux-kernel&m=115015841413687
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
commit 5705264e83bd9f8918895d8f5ddddbdeb062c719
Author: Oleg Nesterov <oleg@tv-sign.ru>
Date: Thu Jun 15 20:11:15 2006 +0400
[PATCH] check_process_timers: fix possible lockup
If the local timer interrupt happens just after do_exit() sets PF_EXITING
(and before it clears ->it_xxx_expires) run_posix_cpu_timers() will call
check_process_timers() with tasklist_lock + ->siglock held and
check_process_timers:
t = tsk;
do {
....
do {
t = next_thread(t);
} while (unlikely(t->flags & PF_EXITING));
} while (t != tsk);
the outer loop will never stop.
Actually, the window is bigger. Another process can attach the timer
after ->it_xxx_expires was cleared (see the next commit) and the 'if
(PF_EXITING)' check in arm_timer() is racy (see the one after that).
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
commit ad325de56677938d8c58b376e1d7813b50527263
Author: Paul Mackerras <paulus@samba.org>
Date: Fri Jun 9 13:02:59 2006 +1000
[PATCH] powerpc: Fix machine check problem on 32-bit kernels (CVE-2006-2448)
This fixes a bug found by Dave Jones that means that it is possible
for userspace to provoke a machine check on 32-bit kernels. This
also fixes a couple of other places where I found similar problems
by inspection.
Signed-off-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
自分ははやまって可能なマシンは2.6.17にしてしまった。今回はしまったって感じ。
- Follow-Ups
-
- [plamo:27323] Re: linux-2.6.16.21が出ています。, KATOH Yasufumi
[検索ページ]
[メール一覧]
Plamo ML 公開システム