|Main Archive Page > Month Archives > oss-security archives|
I think the flaw with argv-expansion triggering the OOM-killer
incorrectly needs its own CVE.
While the stack guard page and the fixes for CVE-2010-3858 certainly
improved things, argv expansion can still be tricked into OOM-killing the
entire system. Solutions were discussed on the original thread, but
were not finished. Recently a set of patches has been re-proposed to fix
this issue. Regardless, it should probably get its own CVE assigned.
-- Kees Cook Ubuntu Security Team