Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 27 Nov 2015 15:12:18 +0100
From: Adam Maris <amaris@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2015-5327 kernel: User triggerable out-of-bounds read

An out-of-bounds memory read was found, affecting kernels from 4.3-rc1 onwards.
This vulnerability was caused by incorrect X.509 time validation in x509_decode_time() function in x509_cert_parser.c.

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cc25b994acfbc901429da682d0f73c190e960206

-- 
Adam Maris / Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ