[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] fs: pipe.c null pointer dereference - CVE-2009-3547
On 22/11/2010 16:27, "Shaun Reitan" <mailinglists@xxxxxxxxxxxxxxxx> wrote: > We've been applying this patch since the fix was discovered but i just > realized yesterday when building a new kernel that the Xen kernel does > not have this fix applied yet. > > I also have verified that this exploit works to gain root access on the > current http://xenbits.xensource.com/linux-2.6.18-xen.hg branch It has to be said, very clearly, that our 2.6.18 tree is only really of use now as a repository of Xen patches for vendors to pull into their own, *properly maintained and secured* kernels. We are very interested in fixing Xen-related security issues in our 2.6.18 tree (precisely because others use it as a repository of good Xen patches). We are less interested in general kernel fixes, although of course as a matter of good form we will consider a security fix such as you propose. However, the patch you supplied does not apply to the 2.6.18 tree. Thanks, Keir _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |