Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 11 Jul 2014 03:46:14 -0400 (EDT)
From: cve-assign@...re.org
To: matthieu.herrb@...s.fr
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: X.Org intel driver dev snapshots, backlight helper issue

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> http://lists.x.org/archives/xorg-commit/2014-July/036840.html

> xf86_video_intel_backlight_helper will be installed setuid

> (only beta versions have it)

Use CVE-2014-4910 for the

    - don't allow '/' in the interface name to avoid escaping the /sys
      hierarchy

issue.

At present, there is no CVE ID for the

    - check snprintf() return value for overflow.

issue. We are not sure whether this has any impact beyond triggering
an attempt to use an unintended filename under /sys/class/backlight/.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTv5WIAAoJEKllVAevmvms4YUH/3LASmq6IpPVfcmHgFwVliaF
V3IAD2OrD5G+7YjkC0qCFAoazleHJfTJziP8Qkz1OpZe9GIKhCLhyEyicwwIzgpQ
pcETqlPBuV4xPD3l0aSJLuYQC36sAWCACS+GIPZm26ZozWs7z2WTDzDcP9eyzFe1
mvOuRo28leuR+3qhyoNotjxgB+JbMr8jw8stx2qgbeIdJ9Dw+X2sfq9QG5UAF4ZM
Ob5NeBHfynXT1LpL0ZM1kYdY6BzJGdhcsKtNyMPkf/6RmmfKDLxgHXUHd6y6gtr1
GjpQn1gcKjAhCr+3e57aHsTZa8oUxDSAW0FKeHMJeOPZx5omg4Yg6CZvGA3xOYw=
=IXgK
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ