Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!
Not eligible to see or edit group visibility for this bug.
View Bug Activity | Format For Printing | XML | Clone This Bug
9 From: Ian Abbott <abbotti@mev.co.uk> 10 11 This patch limits the amount of outstanding 'write' data that can be 12 queued up for the ftdi_sio driver, to prevent userspace DoS attacks (or 13 simple accidents) that use up all the system memory by writing lots of 14 data to the serial port. 15 16 The original patch was by Guillaume Autran, who in turn based it on the 17 same mechanism implemented in the 'visor' driver. I (Ian Abbott) 18 re-targeted the patch to the latest sources, fixed a couple of errors, 19 renamed his new structure members, and updated the implementations of 20 the 'write_room' and 'chars_in_buffer' methods to take account of the 21 number of outstanding 'write' bytes. It seems to work fine, though at 22 low baud rates it is still possible to queue up an amount of data that 23 takes an age to shift (a job for another day!).
Also never ASSIGNED.
Maintainers, please patch or preferrably bump to 2.6.17.7 (That's included in genpatches 2.6.16-6) rsbac-sources-2.6: kang sh-sources-2.6: sh herd usermode-sources-2.6: dang xbox-sources-2.6: chrb, gimli xen-sources-2.6: xen herd
Sorry for the spam, it's genpatches 2.6.17-6
This patch doesn't apply to 2.16, and you can't actually drive a USB serial dongle from UML anyway, so usermode-sources is okay without this one.
xen-sources bumped to 2.6.16.28
SH, RSBAC, still vulnerable in this one as well. Please patch or bump.
rsbac-sources bumped to 2.6.18 in ~
SH Sources no longer covered by Gentoo Security. Closing bug.
