Date: Thu, 27 Sep 2018 15:10:26 +0200 From: Solar Designer <solar@...nwall.com> To: owl-users@...ts.openwall.com Subject: Owl unaffected by CVE-2018-14634 integer overflow in Linux create_elf_tables() Hi, FWIW, our OpenVZ/RHEL5-based kernels on Owl are unaffected by CVE-2018-14634 integer overflow in Linux create_elf_tables(): https://www.openwall.com/lists/oss-security/2018/09/25/4 I lowered MAX_ARG_STRINGS and introduced an extra check into get_arg_pages() back when we migrated to those kernels in 2010 a few months before the Owl 3.0 release. Unfortunately, this hardening change is Owl-specific, and isn't in OpenVZ upstream. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.