| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 25 Nov 2016 12:32:11 +1100 (AEDT)
From: James Morris <jmorris@...ei.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>
cc: David Howells <dhowells@...hat.com>,
linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [GIT PULL] Keys fixes
Please pull these fixes for the keys code.
>From David:
" (1) Fix mpi_powm()'s handling of a number with a zero exponent
[CVE-2016-8650].
(2) Fix double free in X.509 error handling.
Ver #3:
- Integrate my and Andrey's patches for mpi_powm() and use mpi_resize()
instead of RESIZE_IF_NEEDED() - the latter adds a duplicate check into
the execution path of a trivial case we don't normally expect to be
taken.
Ver #2:
- Use RESIZE_IF_NEEDED() to conditionally resize the result rather than
manually doing this. "
The following changes since commit 16ae16c6e5616c084168740990fc508bda6655d4:
Merge tag 'mmc-v4.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc (2016-11-24 10:51:18 -0800)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git for-linus
Andrey Ryabinin (2):
X.509: Fix double free in x509_cert_parse() [ver #3]
mpi: Fix NULL ptr dereference in mpi_powm() [ver #3]
crypto/asymmetric_keys/x509_cert_parser.c | 1 -
lib/mpi/mpi-pow.c | 7 ++++++-
2 files changed, 6 insertions(+), 2 deletions(-)
Powered by blists - more mailing lists