lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <32616.1420664827@warthog.procyon.org.uk>
Date:	Wed, 07 Jan 2015 21:07:07 +0000
From:	David Howells <dhowells@...hat.com>
To:	torvalds@...ux-foundation.org
cc:	dhowells@...hat.com, jmorris@...ei.org, keyrings@...ux-nfs.org,
	linux-security-module@...r.kernel.org,
	linux-kernel@...r.kernel.org, stable@...r.kernel.org
Subject: [GIT PULL] Keyrings fixes, including one CVE fix

Hi Linus,

Could you these directly please?  James asked me to pass them directly on to
you.  There are two fixes:

 (1) Fix for the order in which things are done during key garbage
     collection to prevent named keyrings causing a crash [CVE-2014-9529].

 (2) Fix assoc_array to explicitly #include rcupdate.h to prevent compilation
     errors under certain circumstances.

David
---
The following changes since commit 693a30b8f19a964087a3762d09fb2e1cbad6b0d4:

  Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml (2015-01-04 11:46:43 -0800)

are available in the git repository at:


  git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git tags/keys-fixes-20150107

for you to fetch changes up to 990428b8ead311c68a850ead7ec8557a10b8893a:

  assoc_array: Include rcupdate.h for call_rcu() definition (2015-01-07 16:08:41 +0000)

----------------------------------------------------------------
(from the branch description for keys-fixes local branch)

Keyrings fixes
Keyrings fixes

----------------------------------------------------------------
Pranith Kumar (1):
      assoc_array: Include rcupdate.h for call_rcu() definition

Sasha Levin (1):
      KEYS: close race between key lookup and freeing

 lib/assoc_array.c  | 1 +
 security/keys/gc.c | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ