Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 20 Feb 2013 12:17:21 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: P J P <ppandit@...hat.com>
Subject: Re: CVE request - Linux kernel: evm: NULL pointer
 de-reference flaw

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/20/2013 12:09 PM, P J P wrote:
> Hello,
> 
> Linux kernel built with Extended Verification Module(EVM) and
> configured properly, is vulnerable to a NULL pointer de-reference
> flaw, caused by accessing extended attribute routines of sockfs
> inode object.
> 
> An unprivileged user/program could use this to crash the kernel, 
> resulting in DoS.
> 
> Upstream fix: ->
> https://git.kernel.org/linus/a67adb997419fb53540d4a4f79c6471c60bc69b6
>
>  Reference: -> https://bugzilla.redhat.com/show_bug.cgi?id=913266

Please use CVE-2013-0313for this issue.

> Thank you. -- Prasad J Pandit / Red Hat Security Response Team DB7A
> 84C5 D3F9 7CD1 B5EB  C939 D048 7860 3655 602B


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRJSFAAAoJEBYNRVNeJnmTGp8QAMhrgMc45wgfynP+WhUesws6
dUB+acCrE9a0TCnAvJAV03ula/hqy5SZmoyZgSZI14Szy5ocZZQesauprKyWzJc3
KQqr8pp3isiACJWz7ZjOyGYpEweP1df1q/WLyfAa4uzdHjQ8S1CP7kIlIrV3yfyB
RUBIkR9PLi3CtAwzn08BIIJHOXLhNL0U3eFd47G83fdsb549BHcF56/wo4MaMtF2
CgShhhQjOl+N5zIs0NR1qwtQoFHO0B4QJPAAqPPK0jdWul/+XBXWxvCh6SPIZHjy
ty7YJ2+lP54J1ZMAQUDXlKwjHqqwPmnGk1BRZ2ARfOtDUhkDPObYiqMjXbuE/DPQ
Vz0Hs8hmx8RSfCqrhcOUL72Sr+4WlkMLiGsNp+zS+pGCOIe3bCTpnA9I+Ef4Z4vl
Z+amEM0+5c+9JTMxuvvO/ScOKUkSRIgbXf0qswduBoy+r5pGn+cR2qdLAmwFUZdF
aXJwoE5C85PxnsAMSsVuSD6w4S9AceQhFnVJz4tOT85OuBjUTWkWkEAMpi/ZjS+m
YRR39qQZ590zJxYNi7c3XwG0Wzx/ZIANLkzxy5qm7CJeAaYtpmBIn4Q39+KJPOmb
cM6pDRdWfIZcApHcgzqUlHo2ZTCFJKKYJNsoqDtv5a1Ijg09Je95TycAVKflMsMd
oEUiQX1871yzYMbaDsBr
=iYQK
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ