oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038)

From: Solar Designer <solar () openwall com>
Date: Fri, 31 Jan 2014 21:36:10 +0400
On Fri, Jan 31, 2014 at 04:11:16AM +0400, Solar Designer wrote:

[...] I guess the newer patch (from the
second forwarded message above) is preferable (the one I expect to see
committed soon).


Here's the commit:

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/net/compat.c?id=2def2ef2ae5f3990aabdbe8a755911902707d268


It appears, from the linux-distros discussion, that a couple of distros
are going to release emergency security updates for this.  If they did
not express interest in an extra day of embargo, the issue would likely
be made public on the first day (not on the second).


Ubuntu advisories and updates:

http://www.ubuntu.com/usn/usn-2096-1/
http://www.ubuntu.com/usn/usn-2095-1/
http://www.ubuntu.com/usn/usn-2094-1/

Even though the issue was easy to patch, I nevertheless find this
impressively quick for a major distro like Ubuntu, and this probably
justifies the extra day of embargo.

Alexander
Previous By Date Next
Previous By Thread Next

Current thread: