First Last Prev Next    This bug is not in your last search results.
Bug 954414 - (CVE-2015-5327) VUL-0: CVE-2015-5327: kernel: User triggerable out-of-bounds read
(CVE-2015-5327)
VUL-0: CVE-2015-5327: kernel: User triggerable out-of-bounds read
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other openSUSE 13.2
: P3 - Medium : Normal
: ---
Assigned To: Joey Lee
Security Team bot
https://smash.suse.de/issue/158674/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-11-10 09:38 UTC by Sebastian Krahmer
Modified: 2015-11-18 09:22 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Krahmer 2015-11-10 09:38:43 UTC 
Quoting from RH BZ:

"An out-of-bounds memory read was found affecting kernels from 4.3-rc1 onwards. This vulnerability was caused by incorrect X.509 time validation in x509_decode_time() function in x509_cert_parser.c."

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1278978
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5327
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5327
Comment 1 Takashi Iwai 2015-11-10 15:24:28 UTC 
Affected only openSUSE Tumbleweed.
Comment 2 Swamp Workflow Management 2015-11-10 23:00:46 UTC 
bugbot adjusting priority
Comment 3 Takashi Iwai 2015-11-16 17:24:32 UTC 
The upstream commit is
  cc25b994acfbc901429da682d0f73c190e960206
    X.509: Fix the time validation [ver #2]

Joey, could you care this?
Comment 4 Joey Lee 2015-11-17 07:25:51 UTC 
(In reply to Takashi Iwai from comment #3)
> The upstream commit is
>   cc25b994acfbc901429da682d0f73c190e960206
>     X.509: Fix the time validation [ver #2]
> 
> Joey, could you care this?

Thanks for help, I will backport this patch.

Joey Lee
Comment 5 Joey Lee 2015-11-18 04:46:32 UTC 
Backported patch and push to my branch of stable kernel for waiting merge:

commit 6b3b0336dd567d191a77e52d572d8dc15c3f497a
Author: Lee, Chun-Yi <jlee@suse.com>
Date:   Tue Nov 17 17:14:21 2015 +0800

    X.509: Fix the time validation [ver #2] (bsc#954414).
Comment 6 Joey Lee 2015-11-18 09:22:24 UTC 
Backported patch got merged by Jiri to stable kernel:

commit 6b3b0336dd567d191a77e52d572d8dc15c3f497a
Author: Lee, Chun-Yi <jlee@suse.com>
Date:   Tue Nov 17 17:14:21 2015 +0800

    X.509: Fix the time validation [ver #2] (bsc#954414).

Set this issue to FIXED.
First Last Prev Next    This bug is not in your last search results.