blob: de54be2338205437d99a29ad37828b8ae0221724 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
|
References:
http://seclists.org/oss-sec/2013/q1/598
Description: information leak in crypto API
Notes:
jmm> This ID is about
jmm> The structures used for the netlink based crypto algorithm report API are located on the stack. As snprintf() does not fill the remainder of the buffer with null bytes, those stack bytes will be disclosed to users of the API. Switch to strncpy() to fix this.
Bugs:
upstream: released (3.9-rc1) [9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6]
2.6.32-upstream-stable: N/A "introduced in 3.2 commit a38f7907b926 etc."
sid: released (3.2.41-1)
2.6.32-squeeze-security: N/A "introduced in 3.2 commit a38f7907b926 etc."
3.2-upstream-stable: released (3.2.41) [crypto-user-fix-info-leaks-in-report-api.patch]
|
