Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 3 Jul 2013 11:02:13 +0200
From: Marcus Meissner <meissner@...e.de>
To: OSS Security List <oss-security@...ts.openwall.com>
Subject: CVE Request: Earlier AF_KEY in key_notify_policy_flush

Hi,

Michal Hocko identified an earlier patch for an AF_KEY information leak,
in nearly the same place as CVE-2013-2234.

Due to different time of fix and different researcher probably
needs a new CVE.

Ciao, Marcus

commit 85dfb745ee40232876663ae206cba35f24ab2a40
Author: Nicolas Dichtel <nicolas.dichtel@...nd.com>
Date:   Mon Feb 18 16:24:20 2013 +0100

    af_key: initialize satype in key_notify_policy_flush()
    
    This field was left uninitialized. Some user daemons perform check against this
    field.
    
    Signed-off-by: Nicolas Dichtel <nicolas.dichtel@...nd.com>
    Signed-off-by: Steffen Klassert <steffen.klassert@...unet.com>

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ