Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri,  3 Jun 2016 11:11:58 -0400 (EDT)
From: cve-assign@...re.org
To: kangjielu@...il.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, taesoo@...ech.edu, csong84@...ech.edu
Subject: Re: CVE Request: rds: fix an infoleak in rds_inc_info_copy

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> There was an infoleak vulnerability in function
> rds_inc_info_copy of file net/rds/recv.c.
> The last field "flags" of object "minfo" is not initialized.
> Copying this object out may leak kernel stack data.
> Assign 0 to it to avoid leak.
> 
> https://patchwork.ozlabs.org/patch/629110/
> https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=4116def2337991b39919f3b448326e21c40e0dbb

Use CVE-2016-5244.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXUZw/AAoJEHb/MwWLVhi2aiUP/07OBwM0MtVy/t1KcZL8v7DD
vIAzXg1kSR91f+gtrWhJCblBVwd86MnuLFxEersj7sVhNi+Cxt+LS952cCdXvjqu
ELT1u3iZyOfW2h5kUrZIQKJgPggdbEikR6dRl+rsd/qAIzFvdqE0PFxXU1EIfkHi
lKYdwS8X/Tnw3mo2D5pMXa3K1dIbq5XZZNIvvlYD/owgzu6z9k9eRmwDe+HRZOIW
euBGQ/Wx1gD3/DfNot0rXguVP9C43079FVCrr8LIcQh2ogszb4coYIU2+KYObbbk
+ZrOXkHY+n6B2sy2kirqoN01G8YThfc7Hcl9qsYB2ZuaHJdCMRAgP/nhY8kgytDF
ivIqbx01dJQ+ce+T/J9hjkWNE8FN5QvcLAypZcVRsHC/fuue1GUD0jQpGLbSJUBY
GoQ1pPiz7aojimx41dh0hGO2N0WQyzujo5OLCiHi2IQ+Mv/9Qtduh+2wfRxGMjWU
ydLveWg4kj2Ao2eqn/j6XOpSu6vE1fB1qX8+VBRO+o44g2p8Y7nM0MskYhZ3ayAY
sy/nuBTBO4W0Q+xwjh1bIJkC1KraLYXPoHdhmviWIAd95xO5+5Uqy6jtwTjiATQx
wCFEB0e+zqHF+XJJfYk9oBb4H/jzpZvJdl5xMtHT+nLuDYz3kmL5InTGBufRD6p2
eyF4kMXone5kZVbr/kTB
=O3Ht
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ