bug#27429: Stack clash (CVE-2017-1000366 etc)

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#27429: Stack clash (CVE-2017-1000366 etc)

From:	Mark H Weaver
Subject:	bug#27429: Stack clash (CVE-2017-1000366 etc)
Date:	Mon, 19 Jun 2017 23:31:38 -0400
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux)

Leo Famulari <address@hidden> writes:

> This is a place to discuss the "stack crash" bugs as they apply to our
> packages.
>
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000366
> https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt

I pushed commit 91c623aae0f10992aa46957b9072679534e4cd28 which adds a
kernel-side mitigation in the form of a larger stack guard gap (1 MiB)
to linux-libre-4.11, 4.9, and 4.4.

4.1 is still vulnerable.  So far I've been unable to find a backported
patch for that kernel.

       Mark

[Prev in Thread]

Current Thread

[Next in Thread]

bug#27429: Stack clash (CVE-2017-1000366 etc), (continued)
- bug#27429: Stack clash (CVE-2017-1000366 etc), Mark H Weaver <=
- bug#27429: Stack clash (CVE-2017-1000366 etc); -fstack-check, Danny Milosavljevic, 2017/06/25
  - bug#27429: Stack clash (CVE-2017-1000366 etc); -fstack-check, Marius Bakke, 2017/06/25
    - bug#27429: Stack clash (CVE-2017-1000366 etc); -fstack-check, Leo Famulari, 2017/06/25

Prev by Date: bug#27429: Stack clash (CVE-2017-1000366 etc)
Next by Date: bug#27429: Stack clash (CVE-2017-1000366 etc)
Previous by thread: bug#27429: Stack clash (CVE-2017-1000366 etc)
Next by thread: bug#27429: Stack clash (CVE-2017-1000366 etc); -fstack-check
Index(es):
- Date
- Thread