oss-sec mailing list archives
Re: CVE Request: Earlier AF_KEY in key_notify_policy_flush
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 03 Jul 2013 20:35:23 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/03/2013 10:35 AM, Marcus Meissner wrote:
On Wed, Jul 03, 2013 at 11:02:13AM +0200, Marcus Meissner wrote:Hi, Michal Hocko identified an earlier patch for an AF_KEY information leak, in nearly the same place as CVE-2013-2234.URL: https://github.com/torvalds/linux/commit/85dfb745ee40232876663ae206cba35f24ab2a40Due to different time of fix and different researcher probably needs a new CVE.
Yup CVE split.
Ciao, Marcus commit 85dfb745ee40232876663ae206cba35f24ab2a40 Author: Nicolas Dichtel <nicolas.dichtel () 6wind com> Date: Mon Feb 18 16:24:20 2013 +0100 af_key: initialize satype in key_notify_policy_flush() This field was left uninitialized. Some user daemons perform check against this field. Signed-off-by: Nicolas Dichtel <nicolas.dichtel () 6wind com> Signed-off-by: Steffen Klassert <steffen.klassert () secunet com>
Please use CVE-2013-2237 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJR1N9rAAoJEBYNRVNeJnmTjC4P/0W86bcbkrENj7qTJMAhfkoD yRHlIVOgQUBDcoz5uvtwXJzyS3LYUtv0MrpRw2hpTzGmVp+fBuESK7SSq/xC7ddj S91U3CglCWvuvqPK2+z4ovvR/VuZ/ed1AESgVsfAdwor/qyTj2w16+pJPNkF7Iw1 3HnqNiBwCGw85h2mpWTN2L0TZJ+BUQliz2YG/GDdI1h/8TG1FI/DXqfdrzamNtaw 8U+gcvSISXRtRkIY4Hifg4KS4X9dYlA0IK+aBQ5Ur2pyxc/goCzTsejKOxgThpha K428FuFIOA10gBEGSl5h4dplZxDbw0lhfE7H/prWHG15pxxuzbw5ug2Jaq11FLv5 aniTIqW9T2EDTcCaHFB4szYbXWBMsaGYUbx+qpUCtLXT9LcVjwmvobmbgng3L7LB h2cKiktMAQQDOYo7ZkGcX23pu8Eor2gLjZ8MnBedH5DZYWzd3aMOl+89Cvsv7rz1 guQYjk2yPi8xjl0WrBJQ2w9mcJLbOPDJrURoCMilp3OG+XggHxK0ksxSnZSvZ9LG 7YFtP47QNidRlgLd3tf5S56d65tUiF7qM254oOmXIh5pDq2yPQ6BdqDu6wKi0Mux 4oabaJCGs1E2dLjZnzFHDxBG9MabV2NDAt2qGxG6diVIZz2eVUShfHLPgQpbgfdJ 5La/nOo9QQwxdnnU8d6g =oB3q -----END PGP SIGNATURE-----
Current thread:
- CVE Request: Earlier AF_KEY in key_notify_policy_flush Marcus Meissner (Jul 03)
- Re: CVE Request: Earlier AF_KEY in key_notify_policy_flush Marcus Meissner (Jul 03)
- Re: CVE Request: Earlier AF_KEY in key_notify_policy_flush Kurt Seifried (Jul 03)
- Re: CVE Request: Earlier AF_KEY in key_notify_policy_flush Marcus Meissner (Jul 03)