LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Stable kernel updates

Stable kernel updates

Posted Sep 20, 2010 23:49 UTC (Mon) by linuxrocks123 (guest, #34648)
Parent article: Stable kernel updates

H. Peter Anvin (2):
x86-64, compat: Test %rax for the syscall number, not %eax
compat: Make compat_alloc_user_space() incorporate the access_ok()

I assume this means that this update fixes the very, very nasty x86-64 exploit (re)-discovered a few days ago?

---linuxrocks123

(Log in to post comments)

Stable kernel updates

Posted Sep 20, 2010 23:52 UTC (Mon) by nix (subscriber, #2304) [Link]

Yes, and the fairly nasty HPET timer bug which torpedoed my systems and many others (all so far known running Intel ICH10 chipsets, but I'm sure there are other affected ones out there). (It's only 'fairly nasty' because its side-effects are obvious -- slowdown to halt or insane timing -- while the ARM bug Al Viro spotted, now that was very, very nasty. Intermittent double-execution of completely arbitrary instructions. How the hell Al managed to debug *that* I have no idea, but I imagine it would make a good fireside story.)

Stable kernel updates

Posted Sep 21, 2010 2:02 UTC (Tue) by roelofs (guest, #2599) [Link]

How the hell Al managed to debug *that* I have no idea, but I imagine it would make a good fireside story.)

Heck, it would make a good Kernel-page (or Security-page?) story. Hint hint, Jon/Jake ...

Greg

Stable kernel updates

Posted Sep 21, 2010 10:04 UTC (Tue) by nix (subscriber, #2304) [Link]

Oh no, this sort of story is only any good if Al tells it. He has a gift for this sort of thing.

Stable kernel updates

Posted Sep 21, 2010 10:08 UTC (Tue) by epa (subscriber, #39769) [Link]

Intermittent double-execution of completely arbitrary instructions. How the hell Al managed to debug *that* I have no idea, but I imagine it would make a good fireside story.
Only at Halloween, I suggest.

marking known security fix as such

Posted Sep 21, 2010 10:50 UTC (Tue) by Trou.fr (subscriber, #26289) [Link]

I thought the current policy was to mark *known* fixes with CVE as such in the changelog. Has it changed ?

The 32bit compatibility issue has been actively exploited and not a single word about it in the announcement...

marking known security fix as such

Posted Sep 21, 2010 12:06 UTC (Tue) by spender (subscriber, #23067) [Link]

You must be new here.

Some reading material:
http://lwn.net/Articles/373581/
http://lwn.net/Articles/306365/
http://lwn.net/Articles/290227/
http://lwn.net/Articles/297366/
http://lwn.net/Articles/118952/
http://lwn.net/Articles/375335/
http://lwn.net/Articles/402328/
http://lwn.net/Articles/404043/
http://lwn.net/Articles/285438/
http://lwn.net/Articles/286263/
http://lwn.net/Articles/290308/

That should be enough to get you started.

-Brad

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds