WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-devel] general kernel NULL pointer vulnerability

from [netz-haut - stephan seitz] [Permanent Link][Original]
To: <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-devel] general kernel NULL pointer vulnerability
From: "netz-haut - stephan seitz" <s.seitz@xxxxxxxxxxxx>
Date: Fri, 14 Aug 2009 13:43:20 +0200
Delivery-date: Fri, 14 Aug 2009 04:44:06 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: Acoc1GvDqgYJmIjHEd7GhwBQBPU9LA==
Thread-topic: general kernel NULL pointer vulnerability 
Hi there,

Due to http://lwn.net/Articles/347006/
or http://lists.grok.org.uk/pipermail/full-disclosure/2009-August/070197.html

the xenified 2.6.18 is also vulnerable.

Linus did a working but questionable fix

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blobdiff;f=net/socket.c;h=6d47165590473daa4990bf69b0435d5c49b41302;hp=791d71a36a93dfec5166fe05e2e0cb394cfa904b;hb=e694958388c50148389b0e9b9e9e8945cf0f1b98;hpb=a3620f7545344f932873bf98fbdf416b49409c8e

I'd like to ask if you're going to add a patch to net/socket.c: sock_sendpage() 
in your xen repository?

Regards,




Mit freundlichen Gruessen

--
Stephan Seitz
Senior System Administrator

*netz-haut* e.K.
multimediale kommunikation

zweierweg 22
97074 würzburg

fon: +49 931 2876247
fax: +49 931 2876248

web: http://www.netz-haut.de/

registriergericht: amtsgericht würzburg, hra 5054




_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] [XCI] Mesa build problem, Vincent Hanquez
Next by Date:  Re: [Xen-devel] general kernel NULL pointer vulnerability, Keir Fraser
Previous by Thread:  Re: [Xen-devel] [XCI] Mesa build problem, Vincent Hanquez
Next by Thread:  Re: [Xen-devel] general kernel NULL pointer vulnerability, Keir Fraser
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy