Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 17 Aug 2015 15:52:17 +0200
From: Jan Kara <jack@...e.cz>
To: oss-security@...ts.openwall.com
Subject: CVE-2015-5706: kernel: Use-after-free in path lookup

Hello,

when looking into a fix for above CVE (commit f15133df088 in Linux kernel
git tree) I found out that the commit description is wrong and the problem
wasn't introduced by commit 60545d0d4610 in 3.11 but only by commit
5e53084d7734 "path_init(): store the "base" pointer to file in nameidata
itself" in 3.19. So the fix doesn't have to backported all the way back to
3.11.

For detailed analysis feel free to see:
https://bugzilla.suse.com/show_bug.cgi?id=940339

								Honza

-- 
Jan Kara <jack@...e.com>
SUSE Labs, CR

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.