MingcongBai
commented
6 years ago Closed l2dy closed 6 years ago
MingcongBai
commented
6 years ago 
l2dy
commented
6 years ago Use AOSA-2018-0237.
l2dy
commented
6 years ago MingcongBai
commented
6 years ago @l2dy Doesn’t seem like any security fixes were left out?
l2dy
commented
6 years ago There is currently no patch for CVE-2018-1121, because no satisfactory solution (secure and efficient) has been found. Please feel free to suggest ideas here!
@MingcongBai You included this CVE in the security@ mail, can you confirm if it's fixed in 3.3.15?
MingcongBai
commented
6 years ago Hmm. It is not. I will send out a correction email.
l2dy
commented
6 years ago Also please check CVE-2018-1122
- most of our patches for top, which unfortunately have been reverted by top's author
MingcongBai
commented
6 years ago This does not seem to be affected. Though I will need to make another issue for CVE-2018-1120, for the Kernel.
l2dy
commented
6 years ago Is CVE-2018-1120 related to procps then?
Also, are these two CVEs fixed in 3.3.15? They weren't mentioned in your mail.
Additionally, CVE-2018-1125 has been assigned to 0008-pgrep-Prevent-a-potential-stack-based-buffer-overflo.patch, and CVE-2018-1126 to 0035-proc-alloc.-Use-size_t-not-unsigned-int.patch.
MingcongBai
commented
6 years ago At this point we might as well open up another issue, since more fixes are coming still.
http://www.openwall.com/lists/oss-security/2018/05/17/1