[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Linux kernel < 4.8 local generic ASLR - another CVE-ID
From:       Solar Designer <solar () openwall ! com>
Date:       2019-05-22 19:41:21
Message-ID: 20190522194121.GA29301 () openwall ! com
[Download RAW message or body]

On Thu, Apr 18, 2019 at 09:40:54AM -0400, Vladis Dronov wrote:
> Just in another case - this flaw in a.out binaries has got the CVE-2019-11191:
> 
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11191

Dongguangdong of Huawei PSIRT discovered and reported to linux-distros
on May 6 that this additionally affects flat binaries, binfmt_flat.c.

Since we're now past linux-distros' 14 days max embargo period and since
Dongguangdong failed to bring this in here on time, I felt I had to take
over and post the above now.

Personally, I find this a very minor detail, but I like (linux-)distros
policy to be adhered to without exceptions.

Alexander
[prev in list] [next in list] [prev in thread] [next in thread]