lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 24 Nov 2016 11:16:22 +0000 From: David Howells <dhowells@...hat.com> To: jmorris@...ei.org Cc: dhowells@...hat.com, linux-security-module@...r.kernel.org, keyrings@...r.kernel.org, linux-kernel@...r.kernel.org Subject: [PATCH 0/2] KEYS: Fixes [ver #2] Hi James, Can you pull these patches please and pass them on to Linus? They include the following: (1) Fix mpi_powm()'s handling of a number with a zero exponent [CVE-2016-8650]. (2) Fix double free in X.509 error handling. Ver #2: - Use RESIZE_IF_NEEDED() to conditionally resize the result rather than manually doing this. The patches can be found here also: http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-fixes Tagged thusly: git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git keys-fixes-20161124-2 David --- Andrey Ryabinin (1): X.509: Fix double free in x509_cert_parse() David Howells (1): MPI: Fix mpi_powm() when exponent is 0 and the result has no limbs crypto/asymmetric_keys/x509_cert_parser.c | 1 - lib/mpi/mpi-pow.c | 3 +++ 2 files changed, 3 insertions(+), 1 deletion(-)
Powered by blists - more mailing lists