Am 12.11.2015 um 12:38 schrieb David Howells:
This fixes CVE-2015-5327. It affects kernels from 4.3-rc1 onwards.
Fix the X.509 time validation to use month number-1 when looking up the
number of days in that month. Also put the month number validation before
doing the lookup so as not to risk overrunning the array.
I've just run into this with 4.3.1 (mon_len ended up with 0 because of
the wrong index). Which means currently build stable kernels with
signature verification might not load modules (depending on which value
the invalid index mon_len (12) ends up with.
Regards,
Alexander Holler
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
