|Main Archive Page > Month Archives > oss-security archives|
On 03/01/2011 08:13 AM, Nelson Elhage wrote:
> On Mon, Feb 28, 2011 at 03:28:47PM -0800, Kees Cook wrote:
>> On Mon, Feb 28, 2011 at 01:02:02PM -0800, Kees Cook wrote:
>>> On Mon, Feb 28, 2011 at 12:32:55PM -0800, Kees Cook wrote:
>>>> I think the flaw with argv-expansion triggering the OOM-killer
>>>> incorrectly needs its own CVE.
>>>> While the stack guard page and the fixes for CVE-2010-3858 certainly
>>>> improved things, argv expansion can still be tricked into OOM-killing the
>>>> entire system. Solutions were discussed on the original thread, but
>>>> were not finished. Recently a set of patches has been re-proposed to fix
>>>> this issue. Regardless, it should probably get its own CVE assigned.
>>>>  https://lkml.org/lkml/2010/8/27/429
>>>>  http://git.kernel.org/linus/1b528181b2ffa14721fb28ad1bd539fe1732c583
>>>>  https://lkml.org/lkml/2011/2/25/227
>>> Sorry, Nelson Elhage pointed out to me that I missed the fix for this
>>> issue. The issue was been fixed with:
>>> This was already assigned as CVE-2010-4243
>>> Sorry for the noise, and thanks!
>> Wait, I will continue to make more noise. The upstream commit
>> 3c77f845722158206a7209c45ccddc264d19319c does not handle the compat case,
>> which https://lkml.org/lkml/2011/2/25/227 is trying to handle.
> upstream looks to have handled the compat case with:
> From skimming the LKML thread, I think that upstream believes the issue to be
> fixed, but is trying to clean up the code, since the above two commits were
> considered quick-and-dirty bandaid fixes.
Kees, for CVE-2010-4243, we are backporting both 3c77f845 and 114279be,
so unless there are other patches that we have missed, we won't be
assigning a new CVE name for it.
-- Eugene Teo / Red Hat Security Response Team