Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20140131173610.GA19423@openwall.com>
Date: Fri, 31 Jan 2014 21:36:10 +0400
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Cc: PaX Team <pageexec@...email.hu>
Subject: Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038)

On Fri, Jan 31, 2014 at 04:11:16AM +0400, Solar Designer wrote:
> [...] I guess the newer patch (from the
> second forwarded message above) is preferable (the one I expect to see
> committed soon).

Here's the commit:

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/net/compat.c?id=2def2ef2ae5f3990aabdbe8a755911902707d268

> It appears, from the linux-distros discussion, that a couple of distros
> are going to release emergency security updates for this.  If they did
> not express interest in an extra day of embargo, the issue would likely
> be made public on the first day (not on the second).

Ubuntu advisories and updates:

http://www.ubuntu.com/usn/usn-2096-1/
http://www.ubuntu.com/usn/usn-2095-1/
http://www.ubuntu.com/usn/usn-2094-1/

Even though the issue was easy to patch, I nevertheless find this
impressively quick for a major distro like Ubuntu, and this probably
justifies the extra day of embargo.

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.