Date: Wed, 3 Jul 2013 18:35:33 +0200 From: Marcus Meissner <meissner@...e.de> To: OSS Security List <oss-security@...ts.openwall.com> Subject: Re: CVE Request: Earlier AF_KEY in key_notify_policy_flush On Wed, Jul 03, 2013 at 11:02:13AM +0200, Marcus Meissner wrote: > Hi, > > Michal Hocko identified an earlier patch for an AF_KEY information leak, > in nearly the same place as CVE-2013-2234. URL: https://github.com/torvalds/linux/commit/85dfb745ee40232876663ae206cba35f24ab2a40 > Due to different time of fix and different researcher probably > needs a new CVE. > > Ciao, Marcus > > commit 85dfb745ee40232876663ae206cba35f24ab2a40 > Author: Nicolas Dichtel <nicolas.dichtel@...nd.com> > Date: Mon Feb 18 16:24:20 2013 +0100 > > af_key: initialize satype in key_notify_policy_flush() > > This field was left uninitialized. Some user daemons perform check against this > field. > > Signed-off-by: Nicolas Dichtel <nicolas.dichtel@...nd.com> > Signed-off-by: Steffen Klassert <steffen.klassert@...unet.com> >
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ