Bug#875881: linux: CVE-2017-1000251

To: Christoph Anton Mitterer <calestyo@scientia.net>
Cc: Ben Hutchings <ben@decadent.org.uk>, 875881@bugs.debian.org
Subject: Bug#875881: linux: CVE-2017-1000251
From: Julien Aubin <julien.aubin@gmail.com>
Date: Sat, 16 Sep 2017 16:40:24 +0200
Message-id: <[🔎] CAB=k8WJf+ySL0btUH6+mk5OfG15tC5wP_s0qudq8UF3uvQyEvQ@mail.gmail.com>
Reply-to: Julien Aubin <julien.aubin@gmail.com>, 875881@bugs.debian.org
In-reply-to: <[🔎] 1505502225.4906.1.camel@scientia.net>
References: <[🔎] 150548587317.6313.17012204153956018761.reportbug@heisenberg.scientia.net> <[🔎] 1505499487.2825.51.camel@decadent.org.uk> <[🔎] 1505502225.4906.1.camel@scientia.net> <[🔎] 150548587317.6313.17012204153956018761.reportbug@heisenberg.scientia.net>

2017-09-15 21:03 GMT+02:00 Christoph Anton Mitterer <calestyo@scientia.net>:

On Fri, 2017-09-15 at 19:18 +0100, Ben Hutchings wrote:
> Probably less critical than you think, since we enable
> CONFIG_CC_STACKPROTECTOR.

Well... yes, but it wouldn't be the first time in history, that such
defence could then also be circumvented in the next evolution of an
exploit :-)

But of course you can lower the bug severity if you think this is
appropriate.

Cheers&thx.

Looks like such issue has been found, stack clash is back :

https://security-tracker.debian.org/tracker/CVE-2017-1000379

Reply to:

References:
- Bug#875881: linux: CVE-2017-1000251
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Bug#875881: linux: CVE-2017-1000251
  - From: Ben Hutchings <ben@decadent.org.uk>
- Bug#875881: linux: CVE-2017-1000251
  - From: Christoph Anton Mitterer <calestyo@scientia.net>

Prev by Date: Bug#875781: initramfs-tools-core: /etc/initramfs-tools/initramfs.conf is not modified on upgrade/install/reconfigure
Next by Date: Processed: tagging 875924
Previous by thread: Bug#875881: linux: CVE-2017-1000251
Next by thread: Bug#875881: marked as done (linux: CVE-2017-1000251)
Index(es):
- Date
- Thread