Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 03 Jul 2013 20:35:23 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Marcus Meissner <meissner@...e.de>
Subject: Re: CVE Request: Earlier AF_KEY in key_notify_policy_flush

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/03/2013 10:35 AM, Marcus Meissner wrote:
> On Wed, Jul 03, 2013 at 11:02:13AM +0200, Marcus Meissner wrote:
>> Hi,
>> 
>> Michal Hocko identified an earlier patch for an AF_KEY
>> information leak, in nearly the same place as CVE-2013-2234.
> 
> URL: 
> https://github.com/torvalds/linux/commit/85dfb745ee40232876663ae206cba35f24ab2a40
>
> 
>> Due to different time of fix and different researcher probably 
>> needs a new CVE.

Yup CVE split.

>> 
>> Ciao, Marcus
>> 
>> commit 85dfb745ee40232876663ae206cba35f24ab2a40 Author: Nicolas
>> Dichtel <nicolas.dichtel@...nd.com> Date:   Mon Feb 18 16:24:20
>> 2013 +0100
>> 
>> af_key: initialize satype in key_notify_policy_flush()
>> 
>> This field was left uninitialized. Some user daemons perform
>> check against this field.
>> 
>> Signed-off-by: Nicolas Dichtel <nicolas.dichtel@...nd.com> 
>> Signed-off-by: Steffen Klassert <steffen.klassert@...unet.com>
>> 

Please use CVE-2013-2237 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJR1N9rAAoJEBYNRVNeJnmTjC4P/0W86bcbkrENj7qTJMAhfkoD
yRHlIVOgQUBDcoz5uvtwXJzyS3LYUtv0MrpRw2hpTzGmVp+fBuESK7SSq/xC7ddj
S91U3CglCWvuvqPK2+z4ovvR/VuZ/ed1AESgVsfAdwor/qyTj2w16+pJPNkF7Iw1
3HnqNiBwCGw85h2mpWTN2L0TZJ+BUQliz2YG/GDdI1h/8TG1FI/DXqfdrzamNtaw
8U+gcvSISXRtRkIY4Hifg4KS4X9dYlA0IK+aBQ5Ur2pyxc/goCzTsejKOxgThpha
K428FuFIOA10gBEGSl5h4dplZxDbw0lhfE7H/prWHG15pxxuzbw5ug2Jaq11FLv5
aniTIqW9T2EDTcCaHFB4szYbXWBMsaGYUbx+qpUCtLXT9LcVjwmvobmbgng3L7LB
h2cKiktMAQQDOYo7ZkGcX23pu8Eor2gLjZ8MnBedH5DZYWzd3aMOl+89Cvsv7rz1
guQYjk2yPi8xjl0WrBJQ2w9mcJLbOPDJrURoCMilp3OG+XggHxK0ksxSnZSvZ9LG
7YFtP47QNidRlgLd3tf5S56d65tUiF7qM254oOmXIh5pDq2yPQ6BdqDu6wKi0Mux
4oabaJCGs1E2dLjZnzFHDxBG9MabV2NDAt2qGxG6diVIZz2eVUShfHLPgQpbgfdJ
5La/nOo9QQwxdnnU8d6g
=oB3q
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ