Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 10 Jun 2016 14:46:23 -0700
From: John Johansen <john.johansen@...onical.com>
To: oss-security@...ts.openwall.com
Cc: Jann Horn <jannh@...gle.com>, Tyler Hicks <tyhicks@...onical.com>,
 "security@...nel.org" <security@...nel.org>
Subject: [vs-plain] Linux kernel stack overflow via ecryptfs and
 /proc/$pid/environ

This is a forward notification of a local priv escalation flaw from
security@...nel.org to the OSS security list. The CRD was for
2016-06-08 14:00:00 UTC. Patches attached to the email.

The flaw in eCryptfs was assigned CVE-2016-1583.

If backporting these patches to kernels pre 4.6 you may need to
cherry-pick patch 6a480a7842545ec520a91730209ec0bae41694c1


View attachment "2of3.patch" of type "text/plain" (2331 bytes)

Download attachment "crasher.tar" of type "application/x-tar" (10240 bytes)

View attachment "1of3.patch" of type "text/plain" (1908 bytes)

View attachment "3of3.patch" of type "text/x-patch" (1862 bytes)

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ