Arch Linux

Please read this before reporting a bug:

Do NOT report bugs when a package is just outdated, or it is in Unsupported. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#40232 - [linux] CVE-2014-0196 kernel: pty layer race condition leading to memory corruption

Attached to Project: Arch Linux
Opened by Daniel Micay (thestinger) - Monday, 05 May 2014, 23:53 GMT
Last edited by Tobias Powalowski (tpowa) - Monday, 12 May 2014, 19:53 GMT
Task Type Bug Report
Category Kernel
Status Closed
Assigned To Tobias Powalowski (tpowa)
Thomas B├Ąchler (brain0)
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 3
Private No
This task depends upon

Closed by  Tobias Powalowski (tpowa)
Monday, 12 May 2014, 19:53 GMT
Reason for closing:  Fixed
Additional comments about closing:  3.14.3-2
Comment by Daniel Micay (thestinger) - Wednesday, 07 May 2014, 21:23 GMT
This is still present in 3.14.3-1 since a fix wasn't committed upstream yet (it's in linux-next). There's a proof of concept causing a crash, but it's almost certainly exploitable too:
Comment by Christian Hesse (eworm) - Monday, 12 May 2014, 11:35 GMT
Prepared a patch against current files in abs.