Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 19 Sep 2015 07:08:18 +0900
From: sfjro@...rs.sourceforge.net
To: Ben Hutchings <ben@...adent.org.uk>,
    oss-security <oss-security@...ts.openwall.com>
Subject: Re: CVE request: Use-after-free in Linux kernel with aufs mmap patch


sfjro@...rs.sourceforge.net:
> Ben Hutchings:
> > The aufs (Advanced Union Filesystem) project provides an optional patch
> > for the Linux kernel, called either aufs3-mmap.patch or
> 	:::
> > I posted a patch here that works for me:
> > http://sourceforge.net/p/aufs/mailman/message/34449209/
> >
> > Please assign a CVE ID to this.
>
> I know this is a bug but I don't have time to fix it or test your patch.
	:::
> I have no objection to assign a CVE ID, but I don't think it is fixed or
> at least I didn't confirmt yet.

Mainly to oss-security people,

FYI, I confirmed that Ben Hutchings' patch is correct and fixed the
problem. Actually I've released aufs officially after applying his patch.


J. R. Okajima

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ