Moritz Muehlenhoff wrote:
> Hi Horms / security team,
> I found three more security related reports/patches on linux-kernel.
>
> Cheers,
> Moritz
>
> From: David Howells <[EMAIL PROTECTED]>
>
> Plug request_key_auth memleak. This can be triggered by unprivileged
> users, so is local DoS.
>
> Signed-off-by: Chris Wright <[EMAIL PROTECTED]>
> Signed-Off-By: David Howells <[EMAIL PROTECTED]>
> Signed-off-by: Greg Kroah-Hartman <[EMAIL PROTECTED]>
> ---
> security/keys/request_key_auth.c | 1 +
> 1 file changed, 1 insertion(+)
>
> --- linux-2.6.13.y.orig/security/keys/request_key_auth.c
> +++ linux-2.6.13.y/security/keys/request_key_auth.c
> @@ -96,6 +96,7 @@ static void request_key_auth_destroy(str
> kenter("{%d}", key->serial);
>
> key_put(rka->target_key);
> + kfree(rka);
>
> } /* end request_key_auth_destroy() */
This is CAN-2005-3119 and... uh... not supposed to be public yet...
Regards,
Joey
--
Life is too short to run proprietary software. -- Bdale Garbee
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
