Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 3 Jul 2008 18:05:20 +0200
From: Marcus Meissner <>
Subject: security fixes, please assign CVE id

> Stable kernel
> Posted Jul 3, 2008 15:34 UTC (Thu) by PaXTeam (subscriber, #24616) [Link] 
> ..and once again, users get the usual treatment of not actually being told why an upgrade is
> so strongly encouraged. it seems that in this episode of the -stable security fix coverup
> series (that's not to say that the corresponding vanilla commits got a better treatment), we
> got at least two fine examples of how such bugs should not fall victim of the kernel devs'
> full disclosure policy.
> as for the particular bugs:
> 1.
> adds several checks against NULL function pointers, which is an immediate 'get direct ring-0
> code execution' flag, unfortunately we don't learn whether this is actually possible or not,
> but one assumes the STRONGLY encouraged upgrade wasn't for nothing at least.

This is CVE-2008-2812.
> 2.
> is an even better one, it allows one to overflow the task struct refcount (a 32 bit atomic_t
> on the affected amd64) and cause its subsequent freeing with dangling references to it all
> over the place (including 'current' of the ptraced task itself). corresponding exploit avenues
> abound.

I don't know if this one has a CVE yet.

> Greg, instead of witchhunting on vendor-sec you guys should sit down and decide what you want
> for your disclosure policy for real. the next Kernel Summit would be a good opportunity i
> think.

[no comment]

Ciao, Marcus
Working, but not speaking, for the following german company:
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ