From: "Rémi Denis-Courmont" <remi.denis-courmont@xxxxxxxxx> Date: Thu, 13 Jan 2011 14:32:57 +0200 > On Tuesday 11 January 2011 02:06:20 ext David Miller, you wrote: >> From: Dan Carpenter <error27@xxxxxxxxx> >> Date: Mon, 10 Jan 2011 17:06:58 +0300 >> >> > Dan Rosenberg pointed out that there were some signed comparison bugs >> > in the phonet protocol. >> > >> > http://marc.info/?l=full-disclosure&m=129424528425330&w=2 >> > >> > The problem is that we check for array overflows but "protocol" is >> > signed and we don't check for array underflows. If you have already >> > have CAP_SYS_ADMIN then you could use the bugs to get root, or someone >> > could cause an oops by mistake. >> > >> > Signed-off-by: Dan Carpenter <error27@xxxxxxxxx> >> >> Applied. > > Shouldn't this be sent to stable trees? It will be. -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
