[kernel-sec-discuss] r5105 - active
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Mar 23 19:16:50 UTC 2017
Author: carnil
Date: 2017-03-23 19:16:50 +0000 (Thu, 23 Mar 2017)
New Revision: 5105
Modified:
active/CVE-2017-2647
Log:
Add some clarification for CVE-2017-2647
Modified: active/CVE-2017-2647
===================================================================
--- active/CVE-2017-2647 2017-03-23 19:09:12 UTC (rev 5104)
+++ active/CVE-2017-2647 2017-03-23 19:16:50 UTC (rev 5105)
@@ -1,13 +1,15 @@
-Description: KEYS: Remove key_type::match in favour of overriding default by match_preparse
+Description: Null pointer dereference in search_keyring
References:
Notes:
- carnil> duplicate of CVE-2017-6951?
- carnil> clarifying with Red Hat team.
+ carnil> Same fix as for CVE-2017-6951. But CVE-2017-6951 is for a NULL
+ carnil> pointer dereference in th keyring_search_aux when type is "dead".
+ carnil> CVE-2017-2647 is for a null pointer dereference in
+ carnil> keyring_search_iterator
Bugs:
upstream: released (3.18-rc1) [c06cfb08b88dfbe13be44a69ae2fdc3a7c902d81]
-4.9-upstream-stable:
-3.16-upstream-stable:
-3.2-upstream-stable:
+4.9-upstream-stable: N/A "Fixed before branch point"
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
sid: released (4.0.2-1)
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
More information about the kernel-sec-discuss
mailing list