kernel-packages team mailing list archive

Thread
Date

[Bug 1421864] Re: CVE-2015-1593 Linux ASLR integer overflow

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: Seth Arnold <1421864@xxxxxxxxxxxxxxxxxx>
Date: Fri, 13 Feb 2015 23:15:13 -0000
Reply-to: Bug 1421864 <1421864@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Information type changed from Private Security to Public Security

** Changed in: linux (Ubuntu)
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1421864

Title:
  CVE-2015-1593 Linux ASLR integer overflow

Status in linux package in Ubuntu:
  Confirmed

Bug description:
  someone on irc was raging why ubuntu didnt already fix this issue:
  http://hmarco.org/bugs/linux-ASLR-integer-overflow.html

  so i found out there was just given a cve for that http://seclists.org
  /oss-sec/2015/q1/550 CVE-2015-1593

  the patch is included in the description of this overflow:
  http://hmarco.org/bugs/patches/fix_randomize_stack_top_properly_linux_3-17.1.patch

  i didnt test the patch, but i would like that to be fixed :)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1421864/+subscriptions