Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  NEWS  community  lists  Wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Mon, 7 Sep 2009 07:06:08 +0200
From: Willy Tarreau <w@....eu>
To: Eugene Teo <eugeneteo@...nel.sg>
Cc: oss-security@...ts.openwall.com,
        "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE request: kernel: tc: uninitialised kernel memory leak

On Mon, Sep 07, 2009 at 11:32:29AM +0800, Eugene Teo wrote:
> Solar Designer wrote:
> >On Thu, Sep 03, 2009 at 11:45:03AM +0800, Eugene Teo wrote:
> >>Three bytes of uninitialised kernel memory are currently leaked to user.
> >>
> >>http://patchwork.ozlabs.org/patch/32830/
> >>https://bugzilla.redhat.com/show_bug.cgi?id=520990
> >
> >2.4 kernels appear to be affected as well, and moreover they appear to
> >require at least some of these older fixes as well:
> >
> >http://marc.info/?l=git-commits-head&m=112002138324380
> 
> This is commit 9ef1d4c7c7aca1cd436612b6ca785b726ffb8ed8.
> 
> And linux-2.4.37.y needs the following two patches too:
> 
> [NETLINK]: Clear padding in netlink messages
> b3563c4fbff906991a1b4ef4609f99cca2a0de6a
> 
> [NETLINK]: Missing padding fields in dumped structures
> 8a47077a0b5aa2649751c46e7a27884e6686ccbf

Thanks Eugene, that's very kind. I have merged all 4 patches and
pushed them to the master repo. I'm not releasing right now because
those vulns are minor and I still have other issues to fix.

Regards,
Willy

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ