blob: 7636fdd76b807b88ba11df690bc4a641b3d3c705 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
Candidate: CVE-2006-1066
References:
Description: 2.6.8 ia64 kernel w/ PREEMPT enabled permits local DoS (oops)
Notes:
From: dann frazier <dannf@dannf.org>
To: team@security.debian.org
Subject: kernel-image-2.6.8-ia64 - disable preempt
Date: Fri, 25 Mar 2005 18:57:59 -0700
.
hey security team,
Its likely that kernel-image-2.6.8-ia64 (2.6.8-12) will be the version
that ships in sarge. This kernel has CONFIG_PREEMPT enabled, which has
at least one known issue in ptrace code that lets an unpriveleged
userspace process trigger an oops. This issue went away upstream by
2.6.9, but its unclear what actually fixed it. SuSE/RedHat disable
PREEMPT for ia64 (or so I'm told), so they are not affected. This same
test case does _not_ fail on x86, which also has PREEMPT enabled for
sarge.
.
This issue has been known for a while, but I waited until after d-i
RC3 to upload it, since it changes the ABI. This fix is in the 2.6.8-13
build in unstable, but the release team is blocking this kernel from
normal sarge propagation to keep the kernel udebs in sync.
.
.
dannf> This is only a config change, so it requires no changes to
dannf> kernel-source-2.6.8, but I'll use the kernel-source version
dannf> for the pending/released tags to match the others.
Bugs:
upstream:
linux-2.6: N/A
2.6.8-sarge-security: released (2.6.8-16sarge2)
2.4.27-sarge-security: N/A
2.6.8: needed
2.4.19-woody-security: N/A
2.4.18-woody-security: N/A
2.4.17-woody-security: N/A
2.4.16-woody-security: N/A
2.4.17-woody-security-hppa: N/A
2.4.17-woody-security-ia64: N/A
|