Date: Fri, 13 Feb 2015 14:56:55 +0100 From: Hector Marco <hecmargi@....es> To: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: CVE-Request -- Linux ASLR integer overflow Hi, It worth metion that the patch was already sent: https://lkml.org/lkml/2015/1/7/811 Hector Marco. http://hmarco.org El 13/02/15 a las 13:26, Hector Marco escribió: > Hi, > > A bug in Linux ASLR implementation for versions prior to 3.19-rc3 has > been found. The issue is that the stack for processes is not properly > randomized on some 64 bit architectures due to an integer overflow. > > Affected systems have reduced the stack entropy of the processes by four. > > > Details at: > http://hmarco.org/bugs/linux-ASLR-integer-overflow.html > > > > Could you please assign a CVE-ID for this? > > > > Hector Marco. > http://hmarco.org > > Cyber-security researcher at > http://cybersecurity.upv.es/
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ