** Description changed: - Linux ASLR integer overflow + The stack randomization feature in the Linux kernel before 3.19.1 on + 64-bit platforms uses incorrect data types for the results of bitwise + left-shift operations, which makes it easier for attackers to bypass the + ASLR protection mechanism by predicting the address of the top of the + stack, related to the randomize_stack_top function in fs/binfmt_elf.c + and the stack_maxrandom_size function in arch/x86/mm/mmap.c. Break-Fix: - 4e7c22d447bb6d7e37bfe39ff658486ae78e8d77
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1423757 Title: CVE-2015-1593 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1423757/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
