Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <afZmueWiq1XOBvF2@gxis.de>
Date: Sat, 2 May 2026 23:03:53 +0200
From: Alexander Bochmann <ab@...ts.gxis.de>
To: oss-security@...ts.openwall.com
Subject: Re: Re: Re: CVE-2026-31431: CopyFail: linux local
 privilege scalation

...on 2026-05-02 20:05:00, Eric Biggers wrote:

 > What it does break are a small set of userspace programs that made the
 > shortsighted decision to use AF_ALG, instead of simply following the
 > standard practice of using a userspace crypto library.

For some added fun - I noticed that Debian 13, for example, 
ships an openssl build with an AF_ALG engine, so uh, yeah, 
depending on how you use your userspace crypto library... 

No idea if that has any actual consumers anywhere out there 
today.

$ openssl version
OpenSSL 3.5.5 27 Jan 2026 (Library: OpenSSL 3.5.5 27 Jan 2026)
$ openssl engine afalg -c
(afalg) AFALG engine support
 [AES-128-CBC, AES-192-CBC, AES-256-CBC]

Alex.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.