[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 28 Oct 2011 09:23:37 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Marcus Meissner <meissner@...e.de>
Subject: Re: CVE Request: Multiple remote denial of service
in Linux bridge networking code 2.6.37-3.0
On 10/28/2011 02:06 AM, Marcus Meissner wrote:
> Hi,
>
> Linux kernel 2.6.37 introduced with this commit
> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=462fb2af9788a82a534f8184abfde31574e1cfa0
> several regressions that be used to trigger remote denial of service attacks when
> bridging is in use.
>
> Reporter thread is on:
> http://thread.gmane.org/gmane.linux.network/191713
>
> Fixes are in git commits:
> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=f8e9881c2aef1e982e5abc25c046820cd0b7cf64
> In 2.6.39
> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=66944e1c5797562cebe2d1857d46dff60bf9a69e
> In 2.6.39
> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=c65353daf137dd41f3ede3baf62d561fca076228
> In 3.0
> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=10949550bd1e50cc91c0f5085f7080a44b0871fe
> In 3.0
> So it can be considered fixed with Linux kernel 3.0.
> Thanks to Eugene for looking up the commit ids.
>
> I think it just needs one CVE, as it was one introducing patch.
>
> Ciao, Marcus
Please use CVE-2011-4087 for this issue.
--
-Kurt Seifried / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
