| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 18 Jul 2016 00:10:32 +0100
From: David Howells <dhowells@...hat.com>
To: jmorris@...ei.org
Cc: dhowells@...hat.com, keyring@...r.kernel.org,
linux-security-module@...r.kernel.org,
linux-kernel@...r.kernel.org, linux-crypto@...r.kernel.org
Subject: [PATCH 0/3] KEYS: Miscellaneous fixes
Hi James,
Here are three miscellaneous fixes:
(1) Fix a panic in some debugging code in PKCS#7. This can only happen by
explicitly inserting a #define DEBUG into the code.
(2) Fix the calculation of the digest length in the PE file parser. This
causes a failure where there should be a success.
(3) Fix the case where an X.509 cert can be added as an asymmetric key to
a trusted keyring with no trust restriction if no AKID is supplied.
Bugs (1) and (2) aren't particularly problematic, but (3) allows a security
check to be bypassed. Bug (3) is added since the 4.6 kernel.
The patches can be found here also:
http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-fixes
at tag:
keys-fixes-20160718
David
---
Lans Zhang (2):
PKCS#7: Fix panic when referring to the empty AKID when DEBUG defined
pefile: Fix the failure of calculation for digest
Mat Martineau (1):
KEYS: Fix for erroneous trust of incorrectly signed X.509 certs
crypto/asymmetric_keys/mscode_parser.c | 7 ++++++-
crypto/asymmetric_keys/pkcs7_verify.c | 2 +-
crypto/asymmetric_keys/restrict.c | 2 +-
3 files changed, 8 insertions(+), 3 deletions(-)
Powered by blists - more mailing lists