Author: dannf Date: Sun Jan 29 23:36:14 2006 New Revision: 5625 Modified: patch-tracking/CVE-2005-0178 Log: mark 2.4 unaffected
Modified: patch-tracking/CVE-2005-0178 ============================================================================== --- patch-tracking/CVE-2005-0178 (original) +++ patch-tracking/CVE-2005-0178 Sun Jan 29 23:36:14 2006 @@ -11,16 +11,20 @@ Race condition in the setsid function in Linux before 2.6.8.1 allows local users to cause a denial of service (crash) and possibly access portions of kernel memory, related to TTY changes, locking, and semaphores. -Notes: +Notes: + dannf> Alan Cox suggested that this is not a 2.4 issue: + Alan> Is it actually needed for 2.4. In the 2.4 case your controlling tty is + Alan> private not thread group so a setsid() can't race because you can't + Alan> setsid in the same thread as is opening current->tty. Bugs: upstream: released (2.6.8.1, 2.6.11) linux-2.6: N/A 2.6.8-sarge-security: released (2.6.8-14) [setsid-race.dpatch] -2.4.27-sarge-security: -2.4.19-woody-security: -2.4.18-woody-security: -2.4.17-woody-security: -2.4.16-woody-security: -2.4.17-woody-security-hppa: -2.4.17-woody-security-ia64: -2.4.18-woody-security-hppa: +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A +2.4.18-woody-security-hppa: N/A _______________________________________________ Kernel-svn-changes mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
