CVE-2017-1000364 Advisory

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

CVE-2017-1000364 Advisory

Stefan Bader-2

Hi,

We are investigating a possible regression for the recently released Ubuntu
kernel versions provided on Monday, June 19th for CVE-2017-1000364 [1]. The
regression experienced can be seen as an increased level of segmentation faults
on the patched machines. We believe other major Linux distributions are also
affected by this regression.

Users of Ubuntu should evaluate their scenario and decide if upgrading to
mitigate CVE-2017-1000364 is correct for their environment at this time.

We will keep you updated and let you know once we have identified a workaround
or resolution to this problem.

Regards,
The Canonical Kernel Team

[1] - https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000364.html


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team

signature.asc (836 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: CVE-2017-1000364 Advisory

Joshua R. Poulson
We are definitely seeing customer applications affected by increased
stack size requirements, especially with jsvc. I am advising a minimum
setting of JSVC_EXTRA_OPTS to add "-Xss1280k"

Thanks, --jrp

On Thu, Jun 22, 2017 at 11:01 AM, Stefan Bader
<[hidden email]> wrote:

>
> Hi,
>
> We are investigating a possible regression for the recently released Ubuntu
> kernel versions provided on Monday, June 19th for CVE-2017-1000364 [1]. The
> regression experienced can be seen as an increased level of segmentation faults
> on the patched machines. We believe other major Linux distributions are also
> affected by this regression.
>
> Users of Ubuntu should evaluate their scenario and decide if upgrading to
> mitigate CVE-2017-1000364 is correct for their environment at this time.
>
> We will keep you updated and let you know once we have identified a workaround
> or resolution to this problem.
>
> Regards,
> The Canonical Kernel Team
>
> [1] - https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000364.html
>
>
> --
> kernel-team mailing list
> [hidden email]
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
>

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

Re: CVE-2017-1000364 Advisory

Joshua R. Poulson
I don't see an bug in openjdk 8 or 9 for this yet, but I think one
important solution is to increase the default thread stack size for
jsvc (and the jvm) to 1280k would help what I'm seeing in the field.
Red Hat's advisory suggests 2m but indicates that is not a final
solution.

Thanks, --jrp

On Thu, Jun 22, 2017 at 7:47 PM, Joshua R. Poulson <[hidden email]> wrote:

> We are definitely seeing customer applications affected by increased
> stack size requirements, especially with jsvc. I am advising a minimum
> setting of JSVC_EXTRA_OPTS to add "-Xss1280k"
>
> Thanks, --jrp
>
> On Thu, Jun 22, 2017 at 11:01 AM, Stefan Bader
> <[hidden email]> wrote:
>>
>> Hi,
>>
>> We are investigating a possible regression for the recently released Ubuntu
>> kernel versions provided on Monday, June 19th for CVE-2017-1000364 [1]. The
>> regression experienced can be seen as an increased level of segmentation faults
>> on the patched machines. We believe other major Linux distributions are also
>> affected by this regression.
>>
>> Users of Ubuntu should evaluate their scenario and decide if upgrading to
>> mitigate CVE-2017-1000364 is correct for their environment at this time.
>>
>> We will keep you updated and let you know once we have identified a workaround
>> or resolution to this problem.
>>
>> Regards,
>> The Canonical Kernel Team
>>
>> [1] - https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000364.html
>>
>>
>> --
>> kernel-team mailing list
>> [hidden email]
>> https://lists.ubuntu.com/mailman/listinfo/kernel-team
>>

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team