[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#27429: Stack clash (CVE-2017-1000366 etc)

From: Mark H Weaver
Subject: bug#27429: Stack clash (CVE-2017-1000366 etc)
Date: Mon, 19 Jun 2017 23:31:38 -0400
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux)

Leo Famulari <address@hidden> writes:

> This is a place to discuss the "stack crash" bugs as they apply to our
> packages.
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000366
> https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt

I pushed commit 91c623aae0f10992aa46957b9072679534e4cd28 which adds a
kernel-side mitigation in the form of a larger stack guard gap (1 MiB)
to linux-libre-4.11, 4.9, and 4.4.

4.1 is still vulnerable.  So far I've been unable to find a backported
patch for that kernel.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]