Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 05 Jul 2014 20:37:42 -0400
From: Marc Deslauriers <>
Subject: Re: CVE-2014-4699: Linux ptrace bug

On 14-07-05 05:22 PM, Yves-Alexis Perez wrote:
> On sam., 2014-07-05 at 22:25 +0400, Solar Designer wrote:
>> Here are some distro vendor status pages on this bug:
>> "x86_64,ptrace: Enforce RIP <= TASK_SIZE_MAX (CVE-2014-4699)"
>> Ubuntu has just sent out 7 update announcements (for different of
>> their
>> supported distros/kernels), USN-2266-1 through USN-2272-1.
>> "ptrace,x86: force IRET path after a ptrace_stop()"
>> "CVE-2014-4699 Kernel: x86_64,ptrace: Enforce RIP <= TASK_SIZE_MAX"
> Hmhm, what are the reasons why the mainline (and opensuse) fix
> (b9cd18de4db3c9ffa7e17b0dc0ca99ed5aa4d43a) is to force using IRET
> instead of SYSRET, while distros like Ubuntu and Redhat seem to “only”
> make sure RIP is canonical?
> Regards,

AFAIK, our plan is to switch to the upstream fix for the next kernel updates.


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ