Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 20 May 2020 17:35:27 +0200
From: Solar Designer <>
Subject: Re: Owl kernel update

On Tue, May 19, 2020 at 10:17:42PM +0200, Solar Designer wrote:
> 2020/05/19      Package: kernel
> SECURITY FIX    Severity: high, local, active
> Merged the most relevant fixes from RHEL5's -436, including for the
> following local vulnerabilities: use-after-free in sys_mq_notify()
> allowing for a local root compromise and container escape by any user
> (CVE-2017-11176), divide-by-zero in __tcp_select_window() allowing for a
> local DoS (CVE-2017-14106), use-after-free in ALSA allowing for a local
> root compromise by a host user in group "audio" if the vulnerable kernel
> module is loaded (CVE-2017-15265).  Also fixed is an inconsistency in
> modify_ldt(2)'s memory (de)allocation, which got introduced along with
> KPTI in our update to -431 and is known as Red Hat's "bug 1584622" and
> might have had local security impact.
> References:
> I'll likely get this into 3.1-stable soon as well.

This is now also in 3.1-stable.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.