Fwd: [VulnWatch] Linux kernel file offset pointer races
matthew at linuxfromscratch.org
Wed Aug 4 11:32:57 PDT 2004
On Wed, 4 Aug 2004 09:49:23 -0600
Archaic <archaic at linuxfromscratch.org> wrote:
> Synopsis: Linux kernel file offset pointer handling
> Product: Linux kernel
> Version: 2.4 up to to and including 2.4.26, 2.6 up to to and
> including 2.6.7
I caught that one on lwn.net today. We're in version-freeze mode now
for LFS-6.0 but I'd be willing to break that if linux-2.6.8 comes
out. Alternatively, if someone can backport a patch to the pristine
2.6.7 tarball I'll put that in the book. The quote below suggests that
such a patch isn't/wasn't available.
> Tested and known to be vulnerable kernel versions are all <= 2.4.26
> and<= 2.6.7. All users are encouraged to patch all vulnerable
> systems as soon as appropriate vendor patches are released. There is
> no hotfix for this vulnerability.
As we're the "vendor" we should be locating and passing on this fix IMO.
More information about the lfs-security