Date: Fri, 10 Jun 2016 14:46:23 -0700 From: John Johansen <john.johansen@...onical.com> To: oss-security@...ts.openwall.com Cc: Jann Horn <jannh@...gle.com>, Tyler Hicks <tyhicks@...onical.com>, "security@...nel.org" <security@...nel.org> Subject: [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ This is a forward notification of a local priv escalation flaw from security@...nel.org to the OSS security list. The CRD was for 2016-06-08 14:00:00 UTC. Patches attached to the email. The flaw in eCryptfs was assigned CVE-2016-1583. If backporting these patches to kernels pre 4.6 you may need to cherry-pick patch 6a480a7842545ec520a91730209ec0bae41694c1 View attachment "2of3.patch" of type "text/plain" (2331 bytes) Download attachment "crasher.tar" of type "application/x-tar" (10240 bytes) View attachment "1of3.patch" of type "text/plain" (1908 bytes) View attachment "3of3.patch" of type "text/x-patch" (1862 bytes) Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.