Summary: | <net-misc/kea-1.4_p1: Memory Leak Denial of Service Vulnerability | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Florian Schuhmacher <mynt1aa> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | base-system, chainsaw |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2018/07/11/8 | ||
Whiteboard: | ~3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Florian Schuhmacher
2018-07-12 09:22:31 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1eb7529cbbd47cd674f5bce9c951a356c36cde07 commit 1eb7529cbbd47cd674f5bce9c951a356c36cde07 Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2018-07-12 09:25:38 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2018-07-12 09:25:57 +0000 net-misc/kea: Security cleanup. Bug: https://bugs.gentoo.org/660988 Package-Manager: Portage-2.3.42, Repoman-2.3.9 net-misc/kea/Manifest | 1 - net-misc/kea/kea-1.4.0.ebuild | 68 ------------------------------------------- 2 files changed, 69 deletions(-) I already added version 1.4.0_p1 to the tree today. Now I've also removed 1.4.0 version. Any information about older versions being affected? No need to initialize stabilization process as there's no stable version of kea in the tree yet. The memory leak is connected to the callout handle store, which was added in Kea 1.4.0 to support additional hooks capabilities. Prior to 1.4.0 it did not exist, so Kea 1.4.0 (along with its interim development releases, e.g. 1.4.0b1) would be the only release(s) affected. For posterity: https://kb.isc.org/docs/aa-01626 |