Date: Fri, 03 Oct 2008 08:55:18 +0800 From: Eugene Teo <eteo@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE-2008-3833 kernel: remove SUID when splicing into an inode This was committed in upstream kernel. I am unable to find a reference to any discussion about this on LKML. Fixed by Mark Fasheh. "generic_file_splice_write() does not remove S_ISUID or S_ISGID. This is inconsistent with the way we generally write to files." Please use CVE-2008-3833 for this vulnerability. This has similar consequences as CVE-2008-4210. Upstream commit: 8c34e2d63231d4bf4852bac8521883944d770fe3 Reference: https://bugzilla.redhat.com/show_bug.cgi?id=464450 Thanks, Eugene
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.