blob: 76a1f7a1c0ed3e34f665b3392270b0842b7bf5b7 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
Description: user-triggerable read-after-free crash or 1-bit infoleak oracle in open(2)
References:
https://www.openwall.com/lists/oss-security/2020/01/28/2
Notes:
carnil> The issue go introduced with 30aba6656f61 ("namei: allow
carnil> restricted O_CREAT of FIFOs and regular files") in 4.19-rc1
carnil> which got backported to 4.4.166, 4.9.142 and 4.14.85.
Bugs:
upstream: released (5.5) [d0cb50185ae942b03c4327be322055d622dc79f6]
4.19-upstream-stable: needed
4.9-upstream-stable: released (4.9.212) [51772996274874a6bccda05b827f92582ce7b565]
3.16-upstream-stable: N/A "Introduced in 4.19 with 30aba6656f61"
sid: pending (5.4.13-2) [bugfix/all/do_last-fetch-directory-i_mode-and-i_uid-before-it-s.patch]
4.19-buster-security: needed
4.9-stretch-security: needed
3.16-jessie-security: N/A "Introduced in 4.19 with 30aba6656f61"
|
