Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 15 May 2016 19:05:54 +0800
From: Baozeng Ding <sploving1@...il.com>
To: oss-security@...ts.openwall.com, cve-assign@...re.org
Cc: g.nault@...halink.fr
Subject: Re: CVE Requests: Linux: use-after-free issue for ppp channel

It was introduced by
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=273ec51dd7ceaa76e038875d85061ec856d8905e
Fixed in linux-stable 4.5.4 and longterm 3.2.80, 3.12.59, 3.14.69, 
3.16.35, 4.4.10.

On 2016/5/11 23:37, Baozeng Ding wrote:
> Hi all,
>    The ppp channel did not take reference on its network namespace 
> when it was registered and unregistered, which causes a use-after-free 
> issue. Details:
> https://lkml.org/lkml/2016/3/17/569
> Fixed via:
> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1f461dcdd296eecedaffffc6bae2bfa90bd7eb89 
>
>
> Could you please assign a CVE for this issue? Thanks.
>
> Best Regards,
> Baozeng

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.