On Mon, Jun 9, 2014 at 3:30 PM, Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote: > On Wed, May 28, 2014 at 11:09:58PM -0400, Eric Paris wrote: >> From: Andy Lutomirski <luto@xxxxxxxxxxxxxx> >> >> Fixes an easy DoS and possible information disclosure. >> >> This does nothing about the broken state of x32 auditing. >> >> eparis: If the admin has enabled auditd and has specifically loaded audit >> rules. This bug has been around since before git. Wow... >> >> Cc: stable@xxxxxxxxxxxxxxx >> Signed-off-by: Andy Lutomirski <luto@xxxxxxxxxxxxxx> >> Signed-off-by: Eric Paris <eparis@xxxxxxxxxx> >> --- >> kernel/auditsc.c | 27 ++++++++++++++++++--------- >> 1 file changed, 18 insertions(+), 9 deletions(-) > > Did this patch get dropped somewhere? Isn't it a valid bugfix, or did I > miss a later conversation about this? Hmm. It seems that it didn't make it into Linus' tree. Crap. IMO we need some kind of real tracking system for issues reported to security@. This shouldn't have been possible (and if I'd realized that the patch got dropped, I wouldn't have publicly disclosed it). For whoever applies this: it's CVE-2014-3917. --Andy -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html