Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 31 Dec 2015 02:09:43 +0900
From: Jihyeok Seo <limeburst@...ber.fsf.org>
To: oss-security@...ts.openwall.com
Subject: CVE Request: Squashfs 4.2 Race Condition

A malformed Squashfs filesystem can cause a race condition in unsquashfs. Versions below 4.3 are affected.

This is caused by the decompress thread attempting to access a shared queue, resulting in a SIGSEGV.

    struct cache_entry *entry = queue_get(to_deflate);

I have attached a sample filesystem image illustrating this case.


[ CONTENT OF TYPE application/octet-stream SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ