Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20090907050608.GA30290@1wt.eu>
Date: Mon, 7 Sep 2009 07:06:08 +0200
From: Willy Tarreau <w@....eu>
To: Eugene Teo <eugeneteo@...nel.sg>
Cc: oss-security@...ts.openwall.com,
        "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE request: kernel: tc: uninitialised kernel memory leak

On Mon, Sep 07, 2009 at 11:32:29AM +0800, Eugene Teo wrote:
> Solar Designer wrote:
> >On Thu, Sep 03, 2009 at 11:45:03AM +0800, Eugene Teo wrote:
> >>Three bytes of uninitialised kernel memory are currently leaked to user.
> >>
> >>http://patchwork.ozlabs.org/patch/32830/
> >>https://bugzilla.redhat.com/show_bug.cgi?id=520990
> >
> >2.4 kernels appear to be affected as well, and moreover they appear to
> >require at least some of these older fixes as well:
> >
> >http://marc.info/?l=git-commits-head&m=112002138324380
> 
> This is commit 9ef1d4c7c7aca1cd436612b6ca785b726ffb8ed8.
> 
> And linux-2.4.37.y needs the following two patches too:
> 
> [NETLINK]: Clear padding in netlink messages
> b3563c4fbff906991a1b4ef4609f99cca2a0de6a
> 
> [NETLINK]: Missing padding fields in dumped structures
> 8a47077a0b5aa2649751c46e7a27884e6686ccbf

Thanks Eugene, that's very kind. I have merged all 4 patches and
pushed them to the master repo. I'm not releasing right now because
those vulns are minor and I still have other issues to fix.

Regards,
Willy

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.