oss-sec mailing list archives
Re: Linux kernel race condition with PTRACE_SETREGS (CVE-2013-0871)
From: Greg KH <greg () kroah com>
Date: Tue, 19 Feb 2013 17:47:23 -0800
On Tue, Feb 19, 2013 at 12:40:50PM -0800, Julien Tinnes wrote:
On Sat, Feb 16, 2013 at 2:49 AM, Solar Designer <solar () openwall com> wrote:The mainline commits from January are by Oleg Nesterov of Red Hat. Why wasn't(?) the issue handled with due severity within Red Hat, then - such that Red Hat would at the very least have a statement on whether and which of their kernels are affected by now. My guess is that the full severity of the issue might not have been understood by Oleg at the time, but it's only a guess.That's the eternal debate :) Since upstream doesn't want to handle security and disclosure, I sure wish that distro vendors could regroup, step-up and do it.
I know some people don't "like" how the kernel team handles bug reports and fixes, but seriously, this should have been pretty obvious by anyone watching the stable kernel releases, which all distros do. The fact that the distros didn't notify others is not the kernel community's fault, sorry. greg k-h
Current thread:
- Linux kernel race condition with PTRACE_SETREGS (CVE-2013-0871) Julien Tinnes (Feb 15)
- Re: Linux kernel race condition with PTRACE_SETREGS (CVE-2013-0871) Solar Designer (Feb 16)
- Re: Linux kernel race condition with PTRACE_SETREGS (CVE-2013-0871) Julien Tinnes (Feb 19)
- Re: Linux kernel race condition with PTRACE_SETREGS (CVE-2013-0871) Solar Designer (Feb 19)
- Re: Linux kernel race condition with PTRACE_SETREGS (CVE-2013-0871) Solar Designer (Mar 15)
- Re: Linux kernel race condition with PTRACE_SETREGS (CVE-2013-0871) Greg KH (Feb 19)
- Re: Linux kernel race condition with PTRACE_SETREGS (CVE-2013-0871) Greg KH (Feb 19)
- Re: Linux kernel race condition with PTRACE_SETREGS (CVE-2013-0871) Julien Tinnes (Feb 19)
- Re: Linux kernel race condition with PTRACE_SETREGS (CVE-2013-0871) Solar Designer (Feb 16)