Please apply dd83c161fbcc ("kernel/exit.c: avoid undefined behaviour when calling wait4()") to v4.9.y and older

All of lore.kernel.org
 help / color / mirror / Atom feed

* Please apply dd83c161fbcc ("kernel/exit.c: avoid undefined behaviour when calling wait4()") to v4.9.y and older
@ 2018-05-18 13:47 Guenter Roeck
  2018-05-18 14:52 ` Greg Kroah-Hartman
  0 siblings, 1 reply; 5+ messages in thread
From: Guenter Roeck @ 2018-05-18 13:47 UTC (permalink / raw)
  To: Greg Kroah-Hartman, stable

Hi Greg,

please apply commit dd83c161fbc ("kernel/exit.c: avoid undefined behaviour when calling wait4()")
to v4.9.y and older to fix CVE-2018-10087.

Thanks,
Guenter

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Please apply dd83c161fbcc ("kernel/exit.c: avoid undefined behaviour when calling wait4()") to v4.9.y and older
  2018-05-18 13:47 Please apply dd83c161fbcc ("kernel/exit.c: avoid undefined behaviour when calling wait4()") to v4.9.y and older Guenter Roeck
@ 2018-05-18 14:52 ` Greg Kroah-Hartman
  2018-05-18 16:00   ` Guenter Roeck
  0 siblings, 1 reply; 5+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-18 14:52 UTC (permalink / raw)
  To: Guenter Roeck; +Cc: stable

On Fri, May 18, 2018 at 06:47:46AM -0700, Guenter Roeck wrote:
> Hi Greg,
> 
> please apply commit dd83c161fbc ("kernel/exit.c: avoid undefined behaviour when calling wait4()")
> to v4.9.y and older to fix CVE-2018-10087.

Odd no one asked for that one to be backported before :(

Anyway, now applied, thanks.

greg k-h

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Please apply dd83c161fbcc ("kernel/exit.c: avoid undefined behaviour when calling wait4()") to v4.9.y and older
  2018-05-18 14:52 ` Greg Kroah-Hartman
@ 2018-05-18 16:00   ` Guenter Roeck
  2018-05-19  7:44     ` Greg Kroah-Hartman
  0 siblings, 1 reply; 5+ messages in thread
From: Guenter Roeck @ 2018-05-18 16:00 UTC (permalink / raw)
  To: Greg Kroah-Hartman; +Cc: stable

On Fri, May 18, 2018 at 04:52:07PM +0200, Greg Kroah-Hartman wrote:
> On Fri, May 18, 2018 at 06:47:46AM -0700, Guenter Roeck wrote:
> > Hi Greg,
> > 
> > please apply commit dd83c161fbc ("kernel/exit.c: avoid undefined behaviour when calling wait4()")
> > to v4.9.y and older to fix CVE-2018-10087.
> 
> Odd no one asked for that one to be backported before :(
> 

Not entirely surprising. The patch is from July 2017, it wasn't marked
for stable, and the CVE has been created only recently (04/13/2018).
CVE severity and the reference to the upstream commit were added
yesterday, which caused our CVE tracker to barf at me.

Guenter

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Please apply dd83c161fbcc ("kernel/exit.c: avoid undefined behaviour when calling wait4()") to v4.9.y and older
  2018-05-18 16:00   ` Guenter Roeck
@ 2018-05-19  7:44     ` Greg Kroah-Hartman
  2018-05-19 14:09       ` Guenter Roeck
  0 siblings, 1 reply; 5+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-19  7:44 UTC (permalink / raw)
  To: Guenter Roeck; +Cc: stable

On Fri, May 18, 2018 at 09:00:07AM -0700, Guenter Roeck wrote:
> On Fri, May 18, 2018 at 04:52:07PM +0200, Greg Kroah-Hartman wrote:
> > On Fri, May 18, 2018 at 06:47:46AM -0700, Guenter Roeck wrote:
> > > Hi Greg,
> > > 
> > > please apply commit dd83c161fbc ("kernel/exit.c: avoid undefined behaviour when calling wait4()")
> > > to v4.9.y and older to fix CVE-2018-10087.
> > 
> > Odd no one asked for that one to be backported before :(
> > 
> 
> Not entirely surprising. The patch is from July 2017, it wasn't marked
> for stable, and the CVE has been created only recently (04/13/2018).
> CVE severity and the reference to the upstream commit were added
> yesterday, which caused our CVE tracker to barf at me.

Who applied for the CVE number?  They should have been the ones to
notify people of the issue, so who should I go kick about this?  :)

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Please apply dd83c161fbcc ("kernel/exit.c: avoid undefined behaviour when calling wait4()") to v4.9.y and older
  2018-05-19  7:44     ` Greg Kroah-Hartman
@ 2018-05-19 14:09       ` Guenter Roeck
  0 siblings, 0 replies; 5+ messages in thread
From: Guenter Roeck @ 2018-05-19 14:09 UTC (permalink / raw)
  To: Greg Kroah-Hartman; +Cc: stable

On 05/19/2018 12:44 AM, Greg Kroah-Hartman wrote:
> On Fri, May 18, 2018 at 09:00:07AM -0700, Guenter Roeck wrote:
>> On Fri, May 18, 2018 at 04:52:07PM +0200, Greg Kroah-Hartman wrote:
>>> On Fri, May 18, 2018 at 06:47:46AM -0700, Guenter Roeck wrote:
>>>> Hi Greg,
>>>>
>>>> please apply commit dd83c161fbc ("kernel/exit.c: avoid undefined behaviour when calling wait4()")
>>>> to v4.9.y and older to fix CVE-2018-10087.
>>>
>>> Odd no one asked for that one to be backported before :(
>>>
>>
>> Not entirely surprising. The patch is from July 2017, it wasn't marked
>> for stable, and the CVE has been created only recently (04/13/2018).
>> CVE severity and the reference to the upstream commit were added
>> yesterday, which caused our CVE tracker to barf at me.
> 
> Who applied for the CVE number?  They should have been the ones to
> notify people of the issue, so who should I go kick about this?  :)
> 

No idea, and no idea how to find out.

Guenter

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2018-05-19 14:09 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-05-18 13:47 Please apply dd83c161fbcc ("kernel/exit.c: avoid undefined behaviour when calling wait4()") to v4.9.y and older Guenter Roeck
2018-05-18 14:52 ` Greg Kroah-Hartman
2018-05-18 16:00   ` Guenter Roeck
2018-05-19  7:44     ` Greg Kroah-Hartman
2018-05-19 14:09       ` Guenter Roeck

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.