Mailinglist Archive: opensuse-security (33 mails)

< Previous Next >
Re: [opensuse-security] NULL pointer dereference related to glibc crypt()
Hi,

Thanks for the heads up!

As this might be of interest for more distributions, feel
also free to join and discuss this on the oss-security list (
http://oss-security.openwall.org/wiki/mailing-lists/oss-security )

Ciao, Marcus

On Wed, Jul 03, 2013 at 08:42:23PM +0000, mancha wrote:
Dear all:

I noticed you upgraded your xdm with a fix I developed for Xorg
(openSUSE-SU-2013:1117-1).

You might be interested to know this patch is part of an ongoing
project of mine where I am working with developers to introduce
needed protections for possible crypt()-related NULL pointer
dereference situations.

I share this as you might find some of these fixes valuable for
OpenSUSE.

My progress is being documented in Slackware's de facto bug &
discussion forum (LQ):
https://www.linuxquestions.org/questions/slackware-14/%5Bslackware-
current%5D-glibc-2-17-shadow-and-other-penumbrae-4175461061/

I am placing all patch files in a sourceforge project:
https://sourceforge.net/projects/miscellaneouspa/files/glibc217/

--mancha

PGP Key ID: 0xB5ABF4FFF7048E92
Key fingerprint = 7F1F E9BF 77CF 15AC 8F6B C934 B5AB F4FF F704
8E92

--
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-security+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
References