Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 15 May 2016 19:05:54 +0800
From: Baozeng Ding <sploving1@...il.com>
To: oss-security@...ts.openwall.com, cve-assign@...re.org
Cc: g.nault@...halink.fr
Subject: Re: CVE Requests: Linux: use-after-free issue for ppp channel

It was introduced by
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=273ec51dd7ceaa76e038875d85061ec856d8905e
Fixed in linux-stable 4.5.4 and longterm 3.2.80, 3.12.59, 3.14.69, 
3.16.35, 4.4.10.

On 2016/5/11 23:37, Baozeng Ding wrote:
> Hi all,
>    The ppp channel did not take reference on its network namespace 
> when it was registered and unregistered, which causes a use-after-free 
> issue. Details:
> https://lkml.org/lkml/2016/3/17/569
> Fixed via:
> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1f461dcdd296eecedaffffc6bae2bfa90bd7eb89 
>
>
> Could you please assign a CVE for this issue? Thanks.
>
> Best Regards,
> Baozeng

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ