Comment 1 Francisco Blas Izquierdo Riera (RETIRED) 2016-01-22 15:47:06 UTC

Hardened sourcces using the recommended settings (in particular CONFIG_PAX_REFCOUNT) reduce significantly the effect of the issue to a local DoS (not affecting the kernel), hence I have reduced the importance of the bug.

Comment 2 Magnus Granberg 2016-01-22 16:48:24 UTC

hardened-sources-4.3.3-r7 should have the fix

Comment 3 Agostino Sarubbo 2016-01-23 09:24:46 UTC

(In reply to Magnus Granberg from comment #2)
> hardened-sources-4.3.3-r7 should have the fix

Do we want to patch also 4.1 for does not want to update to 4.3 ?

Comment 4 Anthony Basile 2016-01-27 11:25:35 UTC

(In reply to Agostino Sarubbo from comment #3)
> (In reply to Magnus Granberg from comment #2)
> > hardened-sources-4.3.3-r7 should have the fix
> 
> Do we want to patch also 4.1 for does not want to update to 4.3 ?

I will be moving to stabilize new hardened sources past 4.3.3-r7 soon.  However, I'm not in a rush because PAX_REFCOUNT is a safe options which is turned on by default with even the most lax of grsec/pax settings.  Its better to make sure 4.3.4 which is hitting the tree now doesn't introduce *worse* problems rather than fixing this relatively small security bug --- relatively small in the hardened world.

Comment 5 Agostino Sarubbo 2016-01-31 14:53:42 UTC

(In reply to Anthony Basile from comment #4)
> I will be moving to stabilize new hardened sources past 4.3.3-r7 soon. 
> However, I'm not in a rush because PAX_REFCOUNT is a safe options which is
> turned on by default with even the most lax of grsec/pax settings.  Its
> better to make sure 4.3.4 which is hitting the tree now doesn't introduce
> *worse* problems rather than fixing this relatively small security bug ---
> relatively small in the hardened world.

Is fair enough..but I just want to remember that we don't know the settings of all users, so we are supposing that PAX_REFCOUNT is enabled which could not be in some cases.

Comment 6 Anthony Basile 2016-02-28 19:30:31 UTC

(In reply to Agostino Sarubbo from comment #5)
> (In reply to Anthony Basile from comment #4)
> > I will be moving to stabilize new hardened sources past 4.3.3-r7 soon. 
> > However, I'm not in a rush because PAX_REFCOUNT is a safe options which is
> > turned on by default with even the most lax of grsec/pax settings.  Its
> > better to make sure 4.3.4 which is hitting the tree now doesn't introduce
> > *worse* problems rather than fixing this relatively small security bug ---
> > relatively small in the hardened world.
> 
> Is fair enough..but I just want to remember that we don't know the settings
> of all users, so we are supposing that PAX_REFCOUNT is enabled which could
> not be in some cases.

i have marked 4.4.2 stable which contains the fix.  Security Team, please proceed.

Comment 7 Agostino Sarubbo 2016-03-15 08:25:41 UTC

Please cleanup vulnerable versions.

Comment 8 Anthony Basile 2016-07-21 16:53:48 UTC

(In reply to Agostino Sarubbo from comment #7)
> Please cleanup vulnerable versions.

all possibly vulnerable versions are off the tree.

Comment 9 GLSAMaker/CVETool Bot 2016-11-26 01:12:08 UTC

CVE-2016-0728 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0728):
  The join_session_keyring function in security/keys/process_keys.c in the
  Linux kernel before 4.4.1 mishandles object references in a certain error
  case, which allows local users to gain privileges or cause a denial of
  service (integer overflow and use-after-free) via crafted keyctl commands.

Comment 10 Aaron Bauman (RETIRED) 2016-11-26 01:13:31 UTC

Thank you to all for their work!  

Closing as kernels do not receive GLSA's.