kernel-packages team mailing list archive

Thread
Date

[Bug 1421864] Re: CVE-2015-1593 Linux ASLR integer overflow

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: John Johansen <john.johansen@xxxxxxxxxxxxx>
Date: Tue, 17 Feb 2015 22:38:21 -0000
Reply-to: Bug 1421864 <1421864@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Description changed:

- someone on irc was raging why ubuntu didnt already fix this issue:
- http://hmarco.org/bugs/linux-ASLR-integer-overflow.html
- 
- so i found out there was just given a cve for that http://seclists.org
- /oss-sec/2015/q1/550 CVE-2015-1593
- 
- the patch is included in the description of this overflow:
- http://hmarco.org/bugs/patches/fix_randomize_stack_top_properly_linux_3-17.1.patch
- 
- i didnt test the patch, but i would like that to be fixed :)
+ Linux ASLR integer overflow

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1421864

Title:
  CVE-2015-1593 Linux ASLR integer overflow

Status in linux package in Ubuntu:
  Confirmed
Status in linux-armadaxp package in Ubuntu:
  New
Status in linux-ec2 package in Ubuntu:
  New
Status in linux-flo package in Ubuntu:
  New
Status in linux-fsl-imx51 package in Ubuntu:
  New
Status in linux-goldfish package in Ubuntu:
  New
Status in linux-lts-quantal package in Ubuntu:
  New
Status in linux-lts-raring package in Ubuntu:
  New
Status in linux-lts-saucy package in Ubuntu:
  New
Status in linux-lts-trusty package in Ubuntu:
  New
Status in linux-lts-utopic package in Ubuntu:
  New
Status in linux-mako package in Ubuntu:
  New
Status in linux-manta package in Ubuntu:
  New
Status in linux-mvl-dove package in Ubuntu:
  New
Status in linux-ti-omap4 package in Ubuntu:
  New

Bug description:
  Linux ASLR integer overflow

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1421864/+subscriptions