Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 17 Aug 2015 15:52:17 +0200
From: Jan Kara <jack@...e.cz>
To: oss-security@...ts.openwall.com
Subject: CVE-2015-5706: kernel: Use-after-free in path lookup

Hello,

when looking into a fix for above CVE (commit f15133df088 in Linux kernel
git tree) I found out that the commit description is wrong and the problem
wasn't introduced by commit 60545d0d4610 in 3.11 but only by commit
5e53084d7734 "path_init(): store the "base" pointer to file in nameidata
itself" in 3.19. So the fix doesn't have to backported all the way back to
3.11.

For detailed analysis feel free to see:
https://bugzilla.suse.com/show_bug.cgi?id=940339

								Honza

-- 
Jan Kara <jack@...e.com>
SUSE Labs, CR

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ