[kernel-sec-discuss] r3346 - active
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Mon May 12 06:27:02 UTC 2014
Author: jmm
Date: 2014-05-12 06:27:02 +0000 (Mon, 12 May 2014)
New Revision: 3346
Added:
active/CVE-2014-3144
active/CVE-2014-3145
Log:
new filter issue(s)
Added: active/CVE-2014-3144
===================================================================
--- active/CVE-2014-3144 (rev 0)
+++ active/CVE-2014-3144 2014-05-12 06:27:02 UTC (rev 3346)
@@ -0,0 +1,11 @@
+Description: The BPF_S_ANC_NLATTR and BPF_S_ANC_NLATTR_NEST extensions fail to check for a minimal message length
+References:
+ http://www.openwall.com/lists/oss-security/2014/05/09/5
+Notes:
+Bugs:
+upstream: released (v3.15-rc2) [05ab8f2647e4221cbdb3856dd7d32bd5407316b3]
+2.6.32-upstream-stable: needed
+sid: needed
+3.2-wheezy-security: needed
+2.6.32-squeeze-security: needed
+3.2-upstream-stable: needed
Added: active/CVE-2014-3145
===================================================================
--- active/CVE-2014-3145 (rev 0)
+++ active/CVE-2014-3145 2014-05-12 06:27:02 UTC (rev 3346)
@@ -0,0 +1,11 @@
+Description: The remainder calculation for the BPF_S_ANC_NLATTR_NEST extension is also wrong. It has the minuend and subtrahend mixed up
+References:
+ http://www.openwall.com/lists/oss-security/2014/05/09/5
+Notes:
+Bugs:
+upstream: released (v3.15-rc2) [05ab8f2647e4221cbdb3856dd7d32bd5407316b3]
+2.6.32-upstream-stable: needed
+sid: needed
+3.2-wheezy-security: needed
+2.6.32-squeeze-security: needed
+3.2-upstream-stable: needed
More information about the kernel-sec-discuss
mailing list