Summary: | Linux ptrace crash (CVE-2008-1615) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> | ||||
Component: | Kernel | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | normal | CC: | gengor, kernel | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | [linux >2.6.4 <2.6.25] | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Robert Buchholz (RETIRED)
2008-05-08 18:16:19 UTC
Created attachment 152509 [details, diff]
linux-2.6.9-fix-unprivileged-crash-on-x86_64-cs-corruption.patch
Extracted from kernel-2.6.9-67.0.15.EL.src.rpm
Other kernels are affected. Looks like 2.6.4->2.6.24 More info: http://article.gmane.org/gmane.linux.debian.devel.bugs.general/434570 http://security-tracker.debian.net/tracker/CVE-2008-1615 > http://article.gmane.org/gmane.linux.debian.devel.bugs.general/434570 Sorry, better link: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480390 not sure how to fix this in 2.6.24.. the patch linked here is for older kernels only, and i can't find any explanation of how this was fixed in 2.6.25 the patch can be ported to 2.6.24 quite easily (as Gordon has done) but it doesn't match what has been done upstream. I think the upstream fix is this one: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff_plain;h=a31f8dd7ee3b2f5645c220406b1e21f82971f32b It applies cleanly to 2.6.24. If someone wants to confirm that it makes the bug go away, I'll put it in genpatches. actually that's not it, I'm back to being not sure how upstream fixed it |