[prev in list] [next in list] [prev in thread] [next in thread]
List: owl-users
Subject: Re: [owl-users] Owl kernel update
From: Solar Designer <solar () openwall ! com>
Date: 2020-05-20 15:35:27
Message-ID: 20200520153527.GA19167 () openwall ! com
[Download RAW message or body]
On Tue, May 19, 2020 at 10:17:42PM +0200, Solar Designer wrote:
> 2020/05/19 Package: kernel
> SECURITY FIX Severity: high, local, active
> Merged the most relevant fixes from RHEL5's -436, including for the
> following local vulnerabilities: use-after-free in sys_mq_notify()
> allowing for a local root compromise and container escape by any user
> (CVE-2017-11176), divide-by-zero in __tcp_select_window() allowing for a
> local DoS (CVE-2017-14106), use-after-free in ALSA allowing for a local
> root compromise by a host user in group "audio" if the vulnerable kernel
> module is loaded (CVE-2017-15265). Also fixed is an inconsistency in
> modify_ldt(2)'s memory (de)allocation, which got introduced along with
> KPTI in our update to -431 and is known as Red Hat's "bug 1584622" and
> might have had local security impact.
> References:
> https://access.redhat.com/errata/RHSA-2018:3822
> https://access.redhat.com/errata/RHSA-2018:2172
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11176
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14106
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15265
> https://blog.lexfo.fr/cve-2017-11176-linux-kernel-exploitation-part1.html
>
> I'll likely get this into 3.1-stable soon as well.
This is now also in 3.1-stable.
Alexander
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic