Re: [Ksummit-2013-discuss] Topic Proposal: Handling Security Issues in the kernel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 2013-08-17 at 19:13 +0300, Dan Carpenter wrote:
> On Thu, Aug 15, 2013 at 09:30:40PM +1000, James Morris wrote:
> > How well is our process working for security triage?  Have we had 
> > maintainers miss security implications of bugfixes they've applied?
> 
> I went through some of my patches to see if there are any which
> possibly could have been applied to 3.4.58 but aren't.
> 
> e9a4aa3ba3 NFC: llcp: integer underflow in nfc_llcp_set_remote_gb()
> cb4b102f0a tipc: add a bounds check in link_recv_changeover_msg()
> f674e72ff1 net/key/af_key.c: add range checks on ->sadb_x_policy_len

David, please consider these for stable.

> bd5fe738e3 ALSA: ak4xx-adda: info leak in ak4xxx_capture_source_info()
> 0439f31c35 NFSv4.1: integer overflow in decode_cb_sequence_args()
>
> I think it's mostly DoS bugs.  The ALSA one is a pretty bad info
> leak but I don't think the hardware is very common.  And, of course,
> if your NFS admins are malicious, then you have worse things to
> worry about.
[...]

Oh well, I've queued up those last two for 3.2 anyway (plus the
prerequisite commit adding kmalloc_array()).

Ben.

-- 
Ben Hutchings
If God had intended Man to program,
we'd have been born with serial I/O ports.

Attachment: signature.asc
Description: This is a digitally signed message part


[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]