Please apply dd83c161fbcc ("kernel/exit.c: avoid undefined behaviour when calling wait4()") to v4.9.y and older
Hi Greg,
please apply commit dd83c161fbc ("kernel/exit.c: avoid undefined behaviour when calling wait4()") to v4.9.y and older to fix CVE-2018-10087.
Thanks, Guenter
On Fri, May 18, 2018 at 06:47:46AM -0700, Guenter Roeck wrote:
Hi Greg,
please apply commit dd83c161fbc ("kernel/exit.c: avoid undefined behaviour when calling wait4()") to v4.9.y and older to fix CVE-2018-10087.
Odd no one asked for that one to be backported before :(
Anyway, now applied, thanks.
greg k-h
On Fri, May 18, 2018 at 04:52:07PM +0200, Greg Kroah-Hartman wrote:
On Fri, May 18, 2018 at 06:47:46AM -0700, Guenter Roeck wrote:
Hi Greg,
please apply commit dd83c161fbc ("kernel/exit.c: avoid undefined behaviour when calling wait4()") to v4.9.y and older to fix CVE-2018-10087.
Odd no one asked for that one to be backported before :(
Not entirely surprising. The patch is from July 2017, it wasn't marked for stable, and the CVE has been created only recently (04/13/2018). CVE severity and the reference to the upstream commit were added yesterday, which caused our CVE tracker to barf at me.
Guenter
On Fri, May 18, 2018 at 09:00:07AM -0700, Guenter Roeck wrote:
On Fri, May 18, 2018 at 04:52:07PM +0200, Greg Kroah-Hartman wrote:
On Fri, May 18, 2018 at 06:47:46AM -0700, Guenter Roeck wrote:
Hi Greg,
please apply commit dd83c161fbc ("kernel/exit.c: avoid undefined behaviour when calling wait4()") to v4.9.y and older to fix CVE-2018-10087.
Odd no one asked for that one to be backported before :(
Not entirely surprising. The patch is from July 2017, it wasn't marked for stable, and the CVE has been created only recently (04/13/2018). CVE severity and the reference to the upstream commit were added yesterday, which caused our CVE tracker to barf at me.
Who applied for the CVE number? They should have been the ones to notify people of the issue, so who should I go kick about this? :)
thanks,
greg k-h
On 05/19/2018 12:44 AM, Greg Kroah-Hartman wrote:
On Fri, May 18, 2018 at 09:00:07AM -0700, Guenter Roeck wrote:
On Fri, May 18, 2018 at 04:52:07PM +0200, Greg Kroah-Hartman wrote:
On Fri, May 18, 2018 at 06:47:46AM -0700, Guenter Roeck wrote:
Hi Greg,
please apply commit dd83c161fbc ("kernel/exit.c: avoid undefined behaviour when calling wait4()") to v4.9.y and older to fix CVE-2018-10087.
Odd no one asked for that one to be backported before :(
Not entirely surprising. The patch is from July 2017, it wasn't marked for stable, and the CVE has been created only recently (04/13/2018). CVE severity and the reference to the upstream commit were added yesterday, which caused our CVE tracker to barf at me.
Who applied for the CVE number? They should have been the ones to notify people of the issue, so who should I go kick about this? :)
No idea, and no idea how to find out.
Guenter
linux-stable-mirror@lists.linaro.org
-
Greg Kroah-Hartman -
Guenter Roeck