On Mon, Jun 9, 2014 at 3:30 PM, Greg KH <gre...@linuxfoundation.org> wrote: > On Wed, May 28, 2014 at 11:09:58PM -0400, Eric Paris wrote: >> From: Andy Lutomirski <l...@amacapital.net> >> >> Fixes an easy DoS and possible information disclosure. >> >> This does nothing about the broken state of x32 auditing. >> >> eparis: If the admin has enabled auditd and has specifically loaded audit >> rules. This bug has been around since before git. Wow... >> >> Cc: sta...@vger.kernel.org >> Signed-off-by: Andy Lutomirski <l...@amacapital.net> >> Signed-off-by: Eric Paris <epa...@redhat.com> >> --- >> kernel/auditsc.c | 27 ++++++++++++++++++--------- >> 1 file changed, 18 insertions(+), 9 deletions(-) > > Did this patch get dropped somewhere? Isn't it a valid bugfix, or did I > miss a later conversation about this?
Hmm. It seems that it didn't make it into Linus' tree. Crap. IMO we need some kind of real tracking system for issues reported to security@. This shouldn't have been possible (and if I'd realized that the patch got dropped, I wouldn't have publicly disclosed it). For whoever applies this: it's CVE-2014-3917. --Andy -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
