Date: Thu, 31 Dec 2015 02:09:43 +0900 From: Jihyeok Seo <limeburst@...ber.fsf.org> To: oss-security@...ts.openwall.com Subject: CVE Request: Squashfs 4.2 Race Condition A malformed Squashfs filesystem can cause a race condition in unsquashfs. Versions below 4.3 are affected. This is caused by the decompress thread attempting to access a shared queue, resulting in a SIGSEGV. struct cache_entry *entry = queue_get(to_deflate); I have attached a sample filesystem image illustrating this case. [ CONTENT OF TYPE application/octet-stream SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ