Date: Wed, 3 Jul 2013 11:02:13 +0200 From: Marcus Meissner <meissner@...e.de> To: OSS Security List <oss-security@...ts.openwall.com> Subject: CVE Request: Earlier AF_KEY in key_notify_policy_flush Hi, Michal Hocko identified an earlier patch for an AF_KEY information leak, in nearly the same place as CVE-2013-2234. Due to different time of fix and different researcher probably needs a new CVE. Ciao, Marcus commit 85dfb745ee40232876663ae206cba35f24ab2a40 Author: Nicolas Dichtel <nicolas.dichtel@...nd.com> Date: Mon Feb 18 16:24:20 2013 +0100 af_key: initialize satype in key_notify_policy_flush() This field was left uninitialized. Some user daemons perform check against this field. Signed-off-by: Nicolas Dichtel <nicolas.dichtel@...nd.com> Signed-off-by: Steffen Klassert <steffen.klassert@...unet.com>
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ