Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 4 Nov 2010 16:04:29 +0100
From: Marcus Meissner <meissner@...e.de>
To: OSS Security List <oss-security@...ts.openwall.com>
Subject: CVE Clarification: OpenFabrics ofed stack also contains RDS protocol

Hi,

The openfabrics remote messaging / dma stack also contains
the RDS protocol family module (actually it seems to be the originator
before it came into mainline).

It is in the ofa_kernel package, and SUSE ships it e.g. in the "ofed"
packages.


The net/rds/ code inside of it is pretty much the same as the Linux
kernel module. It also is autoloading with module aliases.

CVE-2010-3904 seems to be there up to the latest version after looking
at the code (I tried the 1.4 version).

CVE-2010-3865 seems to be present in some versions, but not in the
latest version. Unverified.


Does this need new CVEs? The projects are different, but the history
seems clear and the code basically the same.

Ciao, Marcus

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.