[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] general kernel NULL pointer vulnerability

To: <xen-devel@xxxxxxxxxxxxxxxxxxx>
From: "netz-haut - stephan seitz" <s.seitz@xxxxxxxxxxxx>
Date: Fri, 14 Aug 2009 13:43:20 +0200
Delivery-date: Fri, 14 Aug 2009 04:44:06 -0700
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
Thread-index: Acoc1GvDqgYJmIjHEd7GhwBQBPU9LA==
Thread-topic: general kernel NULL pointer vulnerability

Hi there,

Due to http://lwn.net/Articles/347006/
or http://lists.grok.org.uk/pipermail/full-disclosure/2009-August/070197.html

the xenified 2.6.18 is also vulnerable.

Linus did a working but questionable fix

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blobdiff;f=net/socket.c;h=6d47165590473daa4990bf69b0435d5c49b41302;hp=791d71a36a93dfec5166fe05e2e0cb394cfa904b;hb=e694958388c50148389b0e9b9e9e8945cf0f1b98;hpb=a3620f7545344f932873bf98fbdf416b49409c8e

I'd like to ask if you're going to add a patch to net/socket.c: sock_sendpage() 
in your xen repository?

Regards,




Mit freundlichen Gruessen

--
Stephan Seitz
Senior System Administrator

*netz-haut* e.K.
multimediale kommunikation

zweierweg 22
97074 würzburg

fon: +49 931 2876247
fax: +49 931 2876248

web: http://www.netz-haut.de/

registriergericht: amtsgericht würzburg, hra 5054




_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

Follow-Ups:
- Re: [Xen-devel] general kernel NULL pointer vulnerability
  - From: Keir Fraser

Prev by Date: Re: [Xen-devel] [XCI] Mesa build problem
Next by Date: Re: [Xen-devel] general kernel NULL pointer vulnerability
Previous by thread: Re: [Xen-devel] [XCI] Mesa build problem
Next by thread: Re: [Xen-devel] general kernel NULL pointer vulnerability
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.