Date: Fri, 25 Nov 2016 10:25:20 +1100 From: Wade Mealing <wmealing@...hat.com> To: oss-security@...ts.openwall.com Subject: Linux kernel: CVE-2016-8650 : Local denial of service with in key subsystem Gday, A flaw was found in the Linux kernel key management subsystem in which a local attacker could crash the kernel (denial of service) or corrupt the stack and additional memory by supplying a specially crafted RSA key. This flaw panics the machine during the verification of the RSA key and seems to do a 1 byte corruption of the stack. This vulnerably can be triggered by any unprivileged user with a local shell account. Upstream fix: https://lkml.org/lkml/2016/11/23/477 Red Hat bug: https://bugzilla.redhat.com/show_bug.cgi?id=1395187
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ