[kernel-sec-discuss] r3932 - active
Ben Hutchings
benh at moszumanska.debian.org
Tue Sep 22 21:17:16 UTC 2015
Author: benh
Date: 2015-09-22 21:17:15 +0000 (Tue, 22 Sep 2015)
New Revision: 3932
Added:
active/CVE-2015-7312
Log:
Add CVE-2015-7312, aufs mmap issue
Added: active/CVE-2015-7312
===================================================================
--- active/CVE-2015-7312 (rev 0)
+++ active/CVE-2015-7312 2015-09-22 21:17:15 UTC (rev 3932)
@@ -0,0 +1,14 @@
+Description: Use-after-free bugs introduced by aufs mmap patch
+References:
+ http://sourceforge.net/p/aufs/mailman/aufs-users/thread/e5b3205e4688d8a53e217d928020f1cd%40biscuit.intersec.com/
+ http://www.openwall.com/lists/oss-security/2015/09/10/3
+Notes:
+Bugs: #796036
+upstream: N/A "vulnerable code not present"
+3.16-upstream-stable: N/A "vulnerable code not present"
+3.2-upstream-stable: N/A "vulnerable code not present"
+2.6.32-upstream-stable: N/A "vulnerable code not present"
+sid: pending (4.2.1-1) [features/all/aufs4/aufs4-mmap.patch]
+3.16-jessie-security: released (3.16.7-ckt11-1+deb8u4) [features/all/aufs3/aufs3-mmap-fix-races.patch]
+3.2-wheezy-security: N/A "vulnerable code not present"
+2.6.32-squeeze-security: N/A "vulnerable code not present"
More information about the kernel-sec-discuss
mailing list