Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 25 Nov 2016 10:25:20 +1100
From: Wade Mealing <wmealing@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Linux kernel: CVE-2016-8650 : Local denial of service with in key subsystem

Gday,

A flaw was found in the Linux kernel key management subsystem in which
a local attacker could crash the kernel (denial of service) or corrupt
the stack and additional memory by supplying a specially crafted RSA
key.  This flaw panics the machine during the verification of the RSA
key and seems to do a 1 byte corruption of the stack.

This vulnerably can be triggered by any unprivileged user with a local
shell account.

Upstream fix:

https://lkml.org/lkml/2016/11/23/477

Red Hat bug:

https://bugzilla.redhat.com/show_bug.cgi?id=1395187

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ