Displaying 8 results from an estimated 8 matches for "googleprojectzero".
2018 Jan 08
4
Response to Meltdown and Spectre
By now, we're sure most everyone have heard of the Meltdown and Spectre
attacks. If not, head over to https://meltdownattack.com/ and get an
overview. Additional technical details are available from Google
Project Zero.
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
The FreeBSD Security Team was notified of the issue in late December
and received a briefing under NDA with the original embargo date of
January 9th. Since we received relatively late notice of the issue, our
ability to provide fixes is...
2018 Jan 08
4
Response to Meltdown and Spectre
By now, we're sure most everyone have heard of the Meltdown and Spectre
attacks. If not, head over to https://meltdownattack.com/ and get an
overview. Additional technical details are available from Google
Project Zero.
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
The FreeBSD Security Team was notified of the issue in late December
and received a briefing under NDA with the original embargo date of
January 9th. Since we received relatively late notice of the issue, our
ability to provide fixes is...
2017 Feb 02
2
Serious attack vector on pkcheck ignored by Red Hat
Based on an article that was mentioned on this list
https://googleprojectzero.blogspot.nl/2014/08/the-poisoned-nul-byte-2014-edition.html
I found two attacker controlled memory leaks in the option parsing of
pkcheck.c. These memory leaks allow a local attacker the ability to
"spray the heap", i.e. initialize large parts of the heap before
launching his attack.
Th...
2017 Mar 18
0
[CentOS-announce] CEBA-2017:0392 CentOS 7 polkit BugFix Update
....redhat.com/errata/RHBA-2017-0392.html
> 33395736c057583471a3e8d3554adb014d0d4cd167aa03bad5099c02faad1d38 polkit-0.112-11.el7_3.src.rpm
Note that this update fixes neither the memory leak in the options
parsing of the setuid binary pkexec, nor does it fix the memory leaks in
pkcheck.
https://googleprojectzero.blogspot.nl/2014/08/the-poisoned-nul-byte-2014-edition.html
https://bugs.freedesktop.org/show_bug.cgi?id=99626
https://bugzilla.redhat.com/show_bug.cgi?id=1418278
https://bugzilla.redhat.com/show_bug.cgi?id=1418287
https://bugzilla.redhat.com/show_bug.cgi?id=1418824
https://bugzilla.redhat.com/show...
2017 Mar 03
1
CEBA-2017:0392 CentOS 7 polkit BugFix Update
CentOS Errata and Bugfix Advisory 2017:0392
Upstream details at : https://rhn.redhat.com/errata/RHBA-2017-0392.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
426b0df04652f9936e703dc74a62cdc6b88ddd6e79fe705fcfabbc93469384f7 polkit-0.112-11.el7_3.i686.rpm
2017 Mar 03
1
CEBA-2017:0392 CentOS 7 polkit BugFix Update
CentOS Errata and Bugfix Advisory 2017:0392
Upstream details at : https://rhn.redhat.com/errata/RHBA-2017-0392.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
426b0df04652f9936e703dc74a62cdc6b88ddd6e79fe705fcfabbc93469384f7 polkit-0.112-11.el7_3.i686.rpm
2017 Feb 02
3
Serious attack vector on pkcheck ignored by Red Hat
On Thu, 2017-02-02 at 07:16 -0800, Gordon Messmer wrote:
> On 02/02/2017 06:51 AM, Leonard den Ottolander wrote:
> > pkcheck might not be directly vulnerable. However, pkexec is.
>
>
> If that's so, why are you supplying patches to pkcheck rather than
> fixing pkexec?
The patch has a fix for three memory leaks. One memory leak that allows
heap spraying in pkexec.c that
2018 Mar 23
5
RFC: Speculative Load Hardening (a Spectre variant #1 mitigation)
...riant #1 (a.k.a. Spectre Variant #1): Bounds check (or predicate)
bypass
* GPZ Variant #2 (a.k.a. Spectre Variant #2): Branch target injection
* GPZ Variant #3 (a.k.a. Meltdown): Rogue data cache load
For more details, see the Google Project Zero blog post and the Spectre
research
paper:
*
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
* https://spectreattack.com/spectre.pdf
The core problem of GPZ Variant #1 is that speculative execution uses branch
prediction to select the path of instructions speculatively executed. This
path
is speculatively executed with the avai...