|
Message-ID: <51EEDF0A.40707@redhat.com> Date: Tue, 23 Jul 2013 13:52:42 -0600 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com CC: P J P <ppandit@...hat.com> Subject: Re: CVE Request: Linux kernel: panic while pushing pending data out of an IPv6 socket with UDP_CORK enabled. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/23/2013 01:18 PM, P J P wrote: > Hi, > > Linux kernel built with IPv6 networking is vulnerable to a crash while > sending data as a single datagram over IPv6 socket when UDP_CORK option > set. UDP_CORK enables accumulating data and sending it as a single > datagram. > > Upstream fix: > ------------- > -> https://git.kernel.org/linus/8822b64a0fa64a5dd1dfcf837c5b0be83f8c05d1 > > Reference: > ---------- > -> https://bugzilla.redhat.com/show_bug.cgi?id=987627 > > Acknowledgement: > ----------------- > Red Hat would like to thank Hannes Frederic Sowa for reporting this issue. > > > Thank you! > -- > Prasad J Pandit / Red Hat Security Response Team > DB7A 84C5 D3F9 7CD1 B5EB C939 D048 7860 3655 602B Please use CVE-2013-4162 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJR7t8KAAoJEBYNRVNeJnmT8TwQALX0bwqkXpN8vpa7Md0g2E9Z oBUEWdolT9QS6TOotOdklbY0AndXZSgLqLzLGsca9cwtQQW5jVpxroPGYmMLBhj1 Vpju0mTYrnjsd3d6tQN6ORtLW/+oC2F3vvbSdSPu6sg5JkleeDaBBKtFdJl5pgqZ cmsQmXtr9ZJc/BJxI5argYcdudvjBHiLrNp6Co3ul27zcR+nZQHBuT/2TBRAnBa2 fGkOMUtKyJBTOWeROfg2KZ7y5IPdc6h0xR0MOSIRksCRoP9+cQR+qS3myT70s/9A baqLzlRiYYO2CC1ewFhqPGnL8+U993pa9hyEPodVbowCyWMwGkQcXsamTlrzFDXh AKShbI3WAhLn0tqaojSc9sbYqwgLohZuUdApmGjSDvAV60AG+azZJt1pocSbEJMw ASBTQzd4bvS/ec8wpyJdgLEpbleUyPEdjLtY4RgfaWwakoYt9c9hjbv4MUyYPRXX BMna1M9aJ/JOeo8NjFRlxVeyBxnVzkZS3MpgbsxgA3GpMYKl1Kx4UDbuBPbHp4YQ EVJgusuMxBc6hPZJP3Q3vqXrLD8PhV96czt0GsJttaNG5EUBbA7nl2eW8XTZGDBw PSR/jYaqf/2AlVYKHs8fsmWWx06ot3Prz90fXaa5sY6+juOQLHqRgFK6rTWB5GcQ qS7Qax34S9wRbDfxlhcH =PiVS -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.