kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #104166
[Bug 1421864] Re: CVE-2015-1593 Linux ASLR integer overflow
** Information type changed from Private Security to Public Security
** Changed in: linux (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1421864
Title:
CVE-2015-1593 Linux ASLR integer overflow
Status in linux package in Ubuntu:
Confirmed
Bug description:
someone on irc was raging why ubuntu didnt already fix this issue:
http://hmarco.org/bugs/linux-ASLR-integer-overflow.html
so i found out there was just given a cve for that http://seclists.org
/oss-sec/2015/q1/550 CVE-2015-1593
the patch is included in the description of this overflow:
http://hmarco.org/bugs/patches/fix_randomize_stack_top_properly_linux_3-17.1.patch
i didnt test the patch, but i would like that to be fixed :)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1421864/+subscriptions