blob: 97e0f8597d3987f78770e207d2bbd3d09cf60d5d (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
Description: Potential information leak or use-after-free in tty subsystem
References:
https://source.android.com/security/bulletin/2016-11-01.html
Notes:
bwh> A known use-after-free bug in N_X25 has already been fixed
bwh> (commit ee9159ddce14, no CVE assigned). The Android security
bwh> bulletin says this fixes an information leak, presumably because
bwh> if receive_room is too large it will permit reading beyond a
bwh> buffer. We also need commit fd98e9419d8d ("isdn/gigaset: reset
bwh> tty->receive_room when attaching ser_gigaset") to avoid a
bwh> regression.
Bugs:
upstream: released (4.5-rc1) [dd42bf1197144ede075a9d4793123f7689e164bc]
3.16-upstream-stable: released (3.16.40) [tty-prevent-ldisc-drivers-from-re-using-stale-tty-fields.patch]
3.2-upstream-stable: released (3.2.85) [tty-prevent-ldisc-drivers-from-re-using-stale-tty-fields.patch]
sid: released (4.5.1-1)
3.16-jessie-security: released (3.16.39-1) [bugfix/all/tty-prevent-ldisc-drivers-from-re-using-stale-tty-fi.patch]
3.2-wheezy-security: released (3.2.84-1) [bugfix/all/tty-prevent-ldisc-drivers-from-re-using-stale-tty-fi.patch]
|