** Changed in: linux (Ubuntu Trusty)
Status: New => Fix Committed
** Changed in: linux (Ubuntu Utopic)
Status: New => Fix Committed
** Description changed:
- related to CVE-2013-7421, not handling crypto templates correctly
+ The Crypto API in the Linux kernel before 3.18.5 allows local users to
+ load arbitrary kernel modules via a bind system call for an AF_ALG
+ socket with a parenthesized module template expression in the salg_name
+ field, as demonstrated by the vfat(aes) expression, a different
+ vulnerability than CVE-2013-7421.
Break-Fix: 03c8efc1ffeb6b82a22c1af8dd908af349563314
4943ba16bbc2db05115707b3ff7b4874e9e3c560
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1415632
Title:
CVE-2014-9644
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1415632/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
