Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 7 Jan 2015 00:42:51 +0530 (IST)
From: P J P <ppandit@...hat.com>
To: oss security list <oss-security@...ts.openwall.com>
Subject: CVE request Linux kernel: isofs: unchecked printing of ER records

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

     Hello,

Linux kernel built with the iso9660 file system(CONFIG_ISO9660_FS) support is 
vulnerable to an information leakage flaw. This could occur while accessing 
data on an iso9660 image with RockRidge extension reference(ER) records.

An unprivileged user/process could use this flaw to leak (=~255)kernel memory 
bytes.

Upstream fix:
- -------------
   -> https://git.kernel.org/linus/4e2024624e678f0ebb916e6192bd23c1f9fdf696

Thank you.
- --
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUrDOzAAoJEN0TPTL+WwQf2PcQALxIhn9tVXU6kvjlVA+joBmn
7gNDMY/ij02bhf0pNxkoCYSi17Jif7VhUf5ODVGWsi2CzTVIiKh8lSv8ajWbIUV4
X1Pzz5DSXROPunB2ZV+rjdbiIgFthEqsgegSL0OjHtS1lSsJMHnPWkRQYVibCLdd
WdcvbFqqmFmN8yItLDBr+gfgZ1ZNA8guMamiQwZIgVt8NIIGtFss7ggIVRyyWbmb
nwk26DITdd1jX/2nwlHdzqN07GZhaaiwDkHuLiIW1py9fnJ6WiCgL/EEOX113K0O
ArzguZkbIsdiKQdyOcjJvU6wIcavZpWXi0ZEuM4jIpcu5ZxtV0c1/PbZAoSCqXR3
qO4X8H0hifWCFq9Vo5eDs/UCV1EWv9jj3b4q4CDtshyPmsWONMAbiZ0oDbnghF6r
a6N8fw4cv+CYKocsavqVqzM+njkLUM0bKT/heAc3Cu94/pRkh3zTEEslm0YI0uh3
rFjJvB+VCu+Y/exDfEI4tV8A/ics5lBbwfmh1Q5UU+S29G5iWnxx6KZ+o2NJnPlZ
Agf7+07fNuCuhgE4VCqJOWeF83rEZTZgJRmUYFVGqyAai+GHbmuK3XPF9Q0fy3M4
IdJ85P7JC4gOQFvvpnLAnZ4jxW5UBGg7T25Ft6H4Yqss6pqmLjejjJIL9Um46Xnc
ySRJm0OG1qiy6c/+EyTk
=N9Pd
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.