Date: Mon, 25 Mar 2013 12:15:38 +0100 From: Moritz Muehlenhoff <jmm@...ian.org> To: oss-security@...ts.openwall.com, kseifried@...hat.com Cc: Mathias Krause <minipli@...glemail.com> Subject: Re: Linux kernel: net - three info leaks in rtnl Hi, > On 03/19/2013 03:15 PM, Mathias Krause wrote: > > I fixed a few more info leaks in linux v3.9-rc3. Unprivileged > > users can use the netlink interface to exploit the following issues > > to disclose kernel stack memory: > > > > 29cd8ae dcbnl: fix various netlink info leaks > > http://git.kernel.org/linus/29cd8ae0e1a39e239a3a7b67da1986add1199fc0 > > > > 84d73cd rtnl: fix info leak on RTM_GETLINK request for VF devices > > http://git.kernel.org/linus/84d73cd3fb142bf1298a8c13fd4ca50fd2432372 > > > > c085c49 bridge: fix mdb info leaks > > http://git.kernel.org/linus/c085c49920b2f900ba716b4ca1c1a55ece9872cc > > > > David Miller did backports for the above issues which are > > currently under review and should end up in the next stable and > > longterm kernels. > > > > Regards, Mathias > > CVE Merge - same researcher/vuln/version. Please use CVE-2013-1873 for > these issues. These appeared in the CVE updates under different IDs now: 29cd8ae: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2634 84d73cd: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2635 c085c49: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2636 Which shall we use? Cheers, Moritz
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ