Fwd: [VulnWatch] Linux kernel file offset pointer races

Matthew Burgess matthew at linuxfromscratch.org
Wed Aug 4 11:32:57 PDT 2004


On Wed, 4 Aug 2004 09:49:23 -0600
Archaic <archaic at linuxfromscratch.org> wrote:

> 
> Synopsis:  Linux kernel file offset pointer handling
> Product:   Linux kernel
> Version:   2.4 up to to and including 2.4.26, 2.6 up to to and
>            including 2.6.7

I caught that one on lwn.net today.  We're in version-freeze mode now
for LFS-6.0 but I'd be willing to break that if linux-2.6.8 comes
out.  Alternatively, if someone can backport a patch to the pristine
2.6.7 tarball I'll put that in the book.  The quote below suggests that
such a patch isn't/wasn't available.

> Tested  and known to be vulnerable kernel versions are all <= 2.4.26
> and<= 2.6.7. All users are encouraged to patch all  vulnerable 
> systems  as soon  as appropriate vendor patches are released. There is
> no hotfix for this vulnerability.

As we're the "vendor" we should be locating and passing on this fix IMO.

Cheers,

Matt.



More information about the lfs-security mailing list