Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 29 Mar 2017 16:57:49 -0500
From: Tyler Hicks <tyhicks@...onical.com>
To: oss-security@...ts.openwall.com
Cc: "security@...ntu.com" <security@...ntu.com>
Subject: Re: information about pwn2own Kernel problem

This issue is no longer embargoed and I've just sent some details to
this list:

  http://openwall.com/lists/oss-security/2017/03/29/2

The upstream kernel was affected and fixes have been committed.

Tyler

On 03/22/2017 05:19 PM, Dave Null wrote:
> I was wondering this myself. I'm not sure if ZDI does any variant
> investigation when they pick up a bug. Really hoping this doesn't jump from
> a distro related problem to a Linux problem.
> 
> -noid
> 
> Crypto: https://keybase.io/noid
> None are more hopelessly enslaved than those who falsely believe they are
> free - Goethe
> --
> 
> On Wed, Mar 22, 2017 at 1:54 PM, Luedtke, Nicholas (HPE Linux Security) <
> nicholas.luedtke@....com> wrote:
> 
>>
>> On 3/22/2017 2:21 PM, Tyler Hicks wrote:
>>> ZDI disclosed the information to the Ubuntu Security team a little less
>>> than 48 hours ago.
>>>
>>> The Ubuntu Kernel team has triaged the issue and came up with a
>>> potential fix. That fix is undergoing internal review and I'll be
>>> disseminating it via the usual channels once that is complete.
>>>
>>> Tyler
>> Is this an Ubuntu specific issue? Or does it affect the upstream kernels
>> as well?
>>
>>
>> --
>> Nicholas Luedtke
>> HPE Linux Security, Hewlett-Packard Enterprise
>>
>>
>>
>>
> 




[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ