From Ubuntu's latest : CAN-2005-0756 Alexander Nyberg discovered that ptrace() insufficiently validated addresses on the amd64 platform so that it was possible to set an invalid segment base. A local attacker could exploit this to crash the kernel. This does not affect the i386 and powerpc platforms in any way.
OK, there are more (from SuSE latest) : ptrace-canonical Local DoS issue (2.4+2.6) CAN-2005-1762 http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=d1099e8a18960693c04507bdd7b9403db70bfd97 ptrace-check-segment Local DoS issue (2.4+2.6) CAN-2005-0756 http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=f6b8d4778c04148729cc0b0dcd335a4411c44276 syscall-page-fix Local DoS issue (2.6 only) CAN-2005-1765 diff -urNp linux-2.6.11/arch/x86_64/mm/fault.c linux-2.6.11.SUSE/arch/x86_64/mm/fault.c --- linux-2.6.11/arch/x86_64/mm/fault.c 2005-06-02 16:18:33.999340707 +0200 +++ linux-2.6.11.SUSE/arch/x86_64/mm/fault.c 2005-06-02 16:21:36.922002147 +0200 @@ -474,7 +474,7 @@ bad_area_nosemaphore: #ifdef CONFIG_IA32_EMULATION /* 32bit vsyscall. map on demand. */ - if (test_thread_flag(TIF_IA32) && + if (test_thread_flag(TIF_IA32) && ((error_code & 0x6) == 0x4) && address >= VSYSCALL32_BASE && address < VSYSCALL32_END) { if (map_syscall32(mm, address) < 0) goto out_of_memory2; x86_64-sysret-fix Local DoS issue (2.6 only) CAN-2005-1764 http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=637716a3825e186555361574aa1fa3c0ebf8018b
Non-issue for 2.4 here as Gentoo/AMD64 only uses 2.6.
(In reply to comment #1) > ptrace-canonical Local DoS issue (2.4+2.6) CAN-2005-1762 > http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=d1099e8a18960693c04507bdd7b9403db70bfd97 This one is fixed in 2.6.11.11
CAN-2005-0756 and CAN-2005-1764 are also fixed in 2.6.11, leaving only syscall-page-fix Local DoS issue (2.6 only) CAN-2005-1765
Fixed in genpatches 2.6.11-14 Fixed in gentoo-sources-2.6.11-r11
kang: 2.6.11 requires CAN-2005-1765 fix, see comment #1 for details.
All fixed, closing.