Date: Mon, 24 Oct 2016 07:33:34 +0200 From: Solar Designer <solar@...nwall.com> To: announce@...ts.openwall.com, owl-users@...ts.openwall.com Subject: [openwall-announce] Owl security fixes: Linux kernel "Dirty COW", BIND DoS Hi, Linux kernel and BIND security updates are now available in Owl-current and Owl 3.1-stable, documented as follows: 2016/10/23 Package: kernel SECURITY FIX Severity: high, local, active Added a mitigation for the "Dirty COW" Linux kernel privilege escalation vulnerability (CVE-2016-5195). References: http://www.openwall.com/lists/oss-security/2016/10/21/1 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5195 2016/10/17 - 2016/10/21 Package: bind SECURITY FIX Severity: low, remote, active Merged multiple DoS vulnerability fixes from Red Hat's package, most notably for two easily triggerable assertion failures (CVE-2016-2776, CVE-2016-2848). References: http://www.openwall.com/lists/oss-security/2016/09/27/8 https://kb.isc.org/article/AA-01419 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2776 http://www.openwall.com/lists/oss-security/2016/10/20/7 https://kb.isc.org/article/AA-01433/74/CVE-2016-2848 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2848 These are currently available as source code changes and as pre-built packages (in both branches, and for both i686 and x86_64), however there are no updated ISOs and vztemplates yet. The "Dirty COW" mitigation is likely non-final and possibly incomplete (it addresses the MADV_DONTNEED vs. PTRACE_POKE* race, and possibly some other scenarios), pending a properly tested backport of the official fix (likely) by Red Hat, but given the urgency of the issue I felt it most appropriate to start by releasing a non-invasive mitigation like this. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.