oss-sec mailing list archives
Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038)
From: Solar Designer <solar () openwall com>
Date: Fri, 31 Jan 2014 21:36:10 +0400
On Fri, Jan 31, 2014 at 04:11:16AM +0400, Solar Designer wrote:
[...] I guess the newer patch (from the second forwarded message above) is preferable (the one I expect to see committed soon).
Here's the commit: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/net/compat.c?id=2def2ef2ae5f3990aabdbe8a755911902707d268
It appears, from the linux-distros discussion, that a couple of distros are going to release emergency security updates for this. If they did not express interest in an extra day of embargo, the issue would likely be made public on the first day (not on the second).
Ubuntu advisories and updates: http://www.ubuntu.com/usn/usn-2096-1/ http://www.ubuntu.com/usn/usn-2095-1/ http://www.ubuntu.com/usn/usn-2094-1/ Even though the issue was easy to patch, I nevertheless find this impressively quick for a major distro like Ubuntu, and this probably justifies the extra day of embargo. Alexander
Current thread:
- Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer (Jan 30)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Kees Cook (Jan 30)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) rf (Jan 31)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer (Jan 31)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) rf (Jan 31)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer (Jan 31)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer (Jan 31)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Kurt Seifried (Jan 31)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer (Jan 31)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer (Jan 31)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) PaX Team (Jan 31)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Yves-Alexis Perez (Feb 01)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) mancha (Feb 02)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer (Feb 02)