Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1493366954.102437.1295894087346.JavaMail.root@zmail01.collab.prod.int.phx2.redhat.com>
Date: Mon, 24 Jan 2011 13:34:47 -0500 (EST)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: "Steven M. Christey" <coley@...us.mitre.org>,
        Vasiliy Kulikov <segoon@...nwall.com>
Subject: Re: Re: [PATCH] acpi: debugfs: fix buffer overflows,
 double free

----- Original Message -----
> On 01/23/2011 04:13 AM, Steven M. Christey wrote:
> >
> > On Fri, 21 Jan 2011, Eugene Teo wrote:
> >
> >> On 01/21/2011 04:08 AM, Vasiliy Kulikov wrote:
> >>> File position is not controlled, it may lead to overwrites of
> >>> arbitrary
> >>> kernel memory. Also the code may kfree() the same pointer multiple
> >>> times.
> >>
> >> http://lkml.org/lkml/2011/1/20/348
> >> https://bugzilla.redhat.com/CVE-2011-0023
> >>
> >> Please use CVE-2011-0023 (this does not include the unresolved flaw
> >> described in the following paragraph below).
> >
> > There seem to be 2 types of issues described above - the
> > uncontrolled
> > file position / memory overwrite, and a "double free". So there
> > should
> > probably be 2 separate CVEs, not one. Am I missing something?
> 
> Sorry about it. Please see http://seclists.org/oss-sec/2011/q1/106.
> 

Eugene, does the "unresolved flaw" still need an ID? This thread now
confuses me.

Thanks.

-- 
    JB

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.