Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20170824180314.GA9813@hunt>
Date: Thu, 24 Aug 2017 11:03:14 -0700
From: Seth Arnold <seth.arnold@...onical.com>
To: oss-security@...ts.openwall.com
Subject: Re: Linux kernel: fixed bug in
 net/core/flow_dissector.c

On Thu, Aug 24, 2017 at 05:52:45PM +0300, Alexander Popov wrote:
> I was asked to investigate a suspicious kernel crash on some Linux
> server. It is at least a remote DoS (and maybe RCE): Linux is crashed by
> receiving a single special MPLS packet.
> 
> I bisected and found out that the bug was introduced in
> commit b3baa0fbd02a1a9d493d8cb92ae4a4491b9e9d13
> And was later fixed it in
> commit a6e544b0a88b53114bfa5a57e21b7be7a8dfc9d0

> Is it worth requesting a CVE ID for that issue?

I think it is, it's an easy way to make sure all downstream consumers
are alerted to the issue.

Thanks

Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.