Date: Mon, 17 Aug 2009 17:05:40 +0100 (BST) From: Mark J Cox <mjc@...hat.com> To: oss-security@...ts.openwall.com Subject: SELinux and mmap_min_addr behaviour (CVE-2009-2695) FYI given upstream discussions we gave CVE-2009-2695 to 'a system with SELinux enabled with the default targeted policy is more permissive for unconfined domains, allowing local users to map low memory areas even if mmap_min_addr protection is enabled. This could allow the exploitation of NULL pointer dereference flaws'. See also http://kbase.redhat.com/faq/docs/DOC-18042 Mark
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.