oss-sec mailing list archives
CVE Request: Earlier AF_KEY in key_notify_policy_flush
From: Marcus Meissner <meissner () suse de>
Date: Wed, 3 Jul 2013 11:02:13 +0200
Hi,
Michal Hocko identified an earlier patch for an AF_KEY information leak,
in nearly the same place as CVE-2013-2234.
Due to different time of fix and different researcher probably
needs a new CVE.
Ciao, Marcus
commit 85dfb745ee40232876663ae206cba35f24ab2a40
Author: Nicolas Dichtel <nicolas.dichtel () 6wind com>
Date: Mon Feb 18 16:24:20 2013 +0100
af_key: initialize satype in key_notify_policy_flush()
This field was left uninitialized. Some user daemons perform check against this
field.
Signed-off-by: Nicolas Dichtel <nicolas.dichtel () 6wind com>
Signed-off-by: Steffen Klassert <steffen.klassert () secunet com>
Current thread:
- CVE Request: Earlier AF_KEY in key_notify_policy_flush Marcus Meissner (Jul 03)
- Re: CVE Request: Earlier AF_KEY in key_notify_policy_flush Marcus Meissner (Jul 03)
- Re: CVE Request: Earlier AF_KEY in key_notify_policy_flush Kurt Seifried (Jul 03)
- Re: CVE Request: Earlier AF_KEY in key_notify_policy_flush Marcus Meissner (Jul 03)