Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sat,  9 Jul 2016 10:36:03 -0400 (EDT)
From: cve-assign@...re.org
To: john.johansen@...onical.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: apparmor: oops in apparmor_setprocattr()

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> http://marc.info/?l=linux-kernel&m=146793642811929&w=2
> http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=30a46a4647fd1df9cf52e43bf467f0d9265096ca

>> Note: it may be possible to get a local privilege escalation out of this 
>> bug.

>>> apparmor: fix oops, validate buffer size in apparmor_setprocattr()
    
>>> When proc_pid_attr_write() was changed to use memdup_user apparmor's
>>> (interface violating) assumption that the setprocattr buffer was always
>>> a single page was violated.

Use CVE-2016-6187.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXgQtrAAoJEHb/MwWLVhi2z0wQAIz473jwzdiwtT1tVaOHxuLj
5ptbSsvbr9tiMfiiyKzvxI3bDvXr/6GRI8bfxYq/m+tPA3C9N15pW/7CJqcNW5FH
W7aUiGHqikPMb+nEulObtl8Ib2xnkCmA3vB8WMARavvQzFjlZ2llx20cAOKtO07F
pBkhK1/RHiYVHI7eareqsB9KCrgibiiO58OhrYHtOJhcgGwOPE4Hr1jeg3je53dp
PQWXNOah9lQ9aUV2hXKArDRlEWehH4CTC8fM4Lr5v7Hw3tTa2LAQoOC/dPSdYiJJ
i5KwtXQlSjEbDElg7VBdspA5jntIGKq3XCC9pep0wHh8XtbPNOiJwKSs196nxny/
uS9ChoS4MFWgpNe2MY7wANAWlqNdcnicyQpiiYsyy/W3luumd3LaYayiITjzWPGM
wu29GhYRIcRhaJ3BBzdGKLITCpqrOdlHRkJONYgzfZyFTND7bbC0JkJ70x/JOPww
S16HjC3BEtH+H/3pnYLtZ+PnZ36vdP01Dbp3oRuICcloMSXm5d9eeMQX5JhUq2ms
xLrr0kxwo0fxYAS6C8lR7fAX/ueCY980AcPRWlMzZbeHxsfK+1CMN8Of233PTxx6
WpvN5iSg8OydurewOJKHUdrYERON/afF/FcfqN3vNDHM9oDHXMKlcp0s7APMZf7K
EBChJPlAsaURokHYcm0L
=roE2
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.