Description: crypto api unprivileged arbitrary module load References: Notes: jmm> The thread at http://www.openwall.com/lists/oss-security/2015/01/24/4 jmm> provides some hairsplitting, but essentially CVE-2013-7421 and CVE-2014-9644 are identical Bugs: upstream: released (3.19-rc6) [5d26a105b5a73e5635eae0629b42fa0a90e07b7b, 4943ba16bbc2db05115707b3ff7b4874e9e3c560, 3e14dcf7cb80b34a1f38b55bc96f02d23fdaaaaf] 2.6.32-upstream-stable: N/A "Introduced in 2.6.38" sid: released (3.16.7-ckt4-2) [bugfix/all/crypto-prefix-module-autoloading-with-crypto.patch, bugfix/all/crypto-include-crypto-module-prefix-in-template.patch, +bugfix/all/crypto-add-missing-crypto-module-aliases.patch] 3.2-wheezy-security: released (3.2.65-1+deb7u2) [bugfix/all/crypto-prefix-module-autoloading-with-crypto.patch, bugfix/all/crypto-include-crypto-module-prefix-in-template.patch, +bugfix/all/crypto-add-missing-crypto-module-aliases.patch] 2.6.32-squeeze-security: N/A "Introduced in 2.6.38" 3.16-upstream-stable: released (3.16.7-ckt6) 3.2-upstream-stable: released (3.2.67) [crypto-prefix-module-autoloading-with-crypto.patch, crypto-include-crypto-module-prefix-in-template.patch, crypto-add-missing-crypto-module-aliases.patch]