We (the -stable team) are announcing the release of the 2.6.23.16
kernel.

It fixes one thing, CVE-2008-0600.

All users of the 2.6.23 series, with untrusted local users are strongly
encouraged to upgrade.

I'll also be replying to this message with a copy of the patch between
2.6.23.15 and 2.6.23.16

The updated 2.6.23.y git tree can be found at:
        git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-2.6.23.y.git
and can be browsed at the normal kernel.org git web browser:
        http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.23.y.git;a=summary

thanks,

greg k-h

--------

 Makefile    |    2 +-
 fs/splice.c |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

Summary of changes from v2.6.23.15 to v2.6.23.16
================================================

Bastian Blank (1):
      splice: fix user pointer access in get_iovec_page_array()

Greg Kroah-Hartman (1):
      Linux 2.6.23.16

--

[ message continues ]

diff --git a/Makefile b/Makefile
index 8920cb8..3a932c7 100644
--- a/Makefile
+++ b/Makefile
@@ -1,7 +1,7 @@
 VERSION = 2
 PATCHLEVEL = 6
 SUBLEVEL = 23
-EXTRAVERSION = .15
+EXTRAVERSION = .16
 NAME = Arr Matey! A Hairy Bilge Rat!
 
 # *DOCUMENTATION*
diff --git a/fs/splice.c b/fs/splice.c
index 2aa8f5a..1a9c0e6 100644
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -1289,7 +1289,7 @@ static int get_iovec_page_array(const struct iovec __user *iov,
 		if (unlikely(!len))
 			break;
 		error = -EFAULT;
-		if (unlikely(!base))
+		if (!access_ok(VERIFY_READ, base, len))
 			break;
 
 		/*
--

[ message continues ]