Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 10 Jun 2016 14:46:23 -0700
From: John Johansen <john.johansen@...onical.com>
To: oss-security@...ts.openwall.com
Cc: Jann Horn <jannh@...gle.com>, Tyler Hicks <tyhicks@...onical.com>,
 "security@...nel.org" <security@...nel.org>
Subject: [vs-plain] Linux kernel stack overflow via ecryptfs and
 /proc/$pid/environ

This is a forward notification of a local priv escalation flaw from
security@...nel.org to the OSS security list. The CRD was for
2016-06-08 14:00:00 UTC. Patches attached to the email.

The flaw in eCryptfs was assigned CVE-2016-1583.

If backporting these patches to kernels pre 4.6 you may need to
cherry-pick patch 6a480a7842545ec520a91730209ec0bae41694c1


View attachment "2of3.patch" of type "text/plain" (2331 bytes)

Download attachment "crasher.tar" of type "application/x-tar" (10240 bytes)

View attachment "1of3.patch" of type "text/plain" (1908 bytes)

View attachment "3of3.patch" of type "text/x-patch" (1862 bytes)

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.