Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 19 Mar 2013 22:15:30 +0100
From: Mathias Krause <minipli@...glemail.com>
To: oss-security@...ts.openwall.com
Subject: Linux kernel: net - three info leaks in rtnl

I fixed a few more info leaks in linux v3.9-rc3. Unprivileged users
can use the netlink interface to exploit the following issues to
disclose kernel stack memory:

29cd8ae dcbnl: fix various netlink info leaks
http://git.kernel.org/linus/29cd8ae0e1a39e239a3a7b67da1986add1199fc0

84d73cd rtnl: fix info leak on RTM_GETLINK request for VF devices
http://git.kernel.org/linus/84d73cd3fb142bf1298a8c13fd4ca50fd2432372

c085c49 bridge: fix mdb info leaks
http://git.kernel.org/linus/c085c49920b2f900ba716b4ca1c1a55ece9872cc

David Miller did backports for the above issues which are currently
under review and should end up in the next stable and longterm
kernels.

Regards,
Mathias

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ