Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 27 Sep 2018 15:10:26 +0200
From: Solar Designer <solar@...nwall.com>
To: owl-users@...ts.openwall.com
Subject: Owl unaffected by CVE-2018-14634 integer overflow in Linux create_elf_tables()

Hi,

FWIW, our OpenVZ/RHEL5-based kernels on Owl are unaffected by
CVE-2018-14634 integer overflow in Linux create_elf_tables():

https://www.openwall.com/lists/oss-security/2018/09/25/4

I lowered MAX_ARG_STRINGS and introduced an extra check into
get_arg_pages() back when we migrated to those kernels in 2010 a few
months before the Owl 3.0 release.

Unfortunately, this hardening change is Owl-specific, and isn't in
OpenVZ upstream.

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.