|
From: | Mark H Weaver |
Subject: | bug#27429: Stack clash (CVE-2017-1000366 etc) |
Date: | Mon, 19 Jun 2017 23:31:38 -0400 |
User-agent: | Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) |
Leo Famulari <address@hidden> writes: > This is a place to discuss the "stack crash" bugs as they apply to our > packages. > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000366 > https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt I pushed commit 91c623aae0f10992aa46957b9072679534e4cd28 which adds a kernel-side mitigation in the form of a larger stack guard gap (1 MiB) to linux-libre-4.11, 4.9, and 4.4. 4.1 is still vulnerable. So far I've been unable to find a backported patch for that kernel. Mark
[Prev in Thread] | Current Thread | [Next in Thread] |