Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <4EAAC8F9.30102@redhat.com>
Date: Fri, 28 Oct 2011 09:23:37 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Marcus Meissner <meissner@...e.de>
Subject: Re: CVE Request: Multiple remote denial of service
 in Linux bridge networking code 2.6.37-3.0

On 10/28/2011 02:06 AM, Marcus Meissner wrote:
> Hi,
>
> Linux kernel 2.6.37 introduced with this commit
> 	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=462fb2af9788a82a534f8184abfde31574e1cfa0
> several regressions that be used to trigger remote denial of service attacks when
> bridging is in use.
>
> Reporter thread is on:
> 	http://thread.gmane.org/gmane.linux.network/191713
>
> Fixes are in git commits:
> 	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=f8e9881c2aef1e982e5abc25c046820cd0b7cf64
> 		In 2.6.39
> 	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=66944e1c5797562cebe2d1857d46dff60bf9a69e
> 		In 2.6.39
> 	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=c65353daf137dd41f3ede3baf62d561fca076228
> 		In 3.0
> 	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=10949550bd1e50cc91c0f5085f7080a44b0871fe
> 		In 3.0
> So it can be considered fixed with Linux kernel 3.0.
> Thanks to Eugene for looking up the commit ids.
>
> I think it just needs one CVE, as it was one introducing patch.
>
> Ciao, Marcus
Please use CVE-2011-4087 for this issue.

-- 

-Kurt Seifried / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.