| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024110548-CVE-2024-50089-d96d@gregkh> Date: Tue, 5 Nov 2024 18:04:49 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-50089: unicode: Don't special case ignorable code points Description =========== In the Linux kernel, the following vulnerability has been resolved: unicode: Don't special case ignorable code points We don't need to handle them separately. Instead, just let them decompose/casefold to themselves. The Linux kernel CVE team has assigned CVE-2024-50089 to this issue. Affected and fixed versions =========================== Fixed in 5.10.227 with commit 39fffca57284 Fixed in 5.15.168 with commit 651b954cd8d5 Fixed in 6.1.113 with commit 21526498d25e Fixed in 6.6.57 with commit ac20736861f3 Fixed in 6.11.4 with commit 876d3577a5b3 Fixed in 6.12-rc3 with commit 5c26d2f1d3f5 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-50089 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: fs/unicode/mkutf8data.c fs/unicode/utf8data.c_shipped Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/39fffca572844d733b137a0ff9eacd67b9b0c8e3 https://git.kernel.org/stable/c/651b954cd8d5b0a358ceb47c93876bb6201224e4 https://git.kernel.org/stable/c/21526498d25e54bda3c650f756493d63fd9131b7 https://git.kernel.org/stable/c/ac20736861f3c9c8e0a78273a4c57e9bcb0d8cc6 https://git.kernel.org/stable/c/876d3577a5b353e482d9228d45fa0d82bf1af53a https://git.kernel.org/stable/c/5c26d2f1d3f5e4be3e196526bead29ecb139cf91
Powered by blists - more mailing lists