Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 05 Mar 2013 03:36:29 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: P J P <ppandit@...hat.com>
Subject: Re: CVE request: Linux kernel: xfs: _xfs_buf_find
 NULL pointer dereference

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/05/2013 03:08 AM, P J P wrote:
> Hello,
> 
> Linux kernel built with support for XFS file system is vulnerable
> to a NULL pointer dereference flaw. This occurs while accessing
> blocks beyond the end of the file system, possibly on a corrupted
> device.
> 
> A user able to mount the file system could use this flaw to crash
> the kernel, resulting in DoS.
> 
> Upstream fix: ------------- ->
> https://git.kernel.org/linus/eb178619f930fa2ba2348de332a1ff1c66a31424
>
>  Reference: ---------- ->
> https://bugzilla.redhat.com/show_bug.cgi?id=918009
> 
> Thank you. -- Prasad J Pandit / Red Hat Security Response Team DB7A
> 84C5 D3F9 7CD1 B5EB  C939 D048 7860 3655 602B

Please use CVE-2013-1819 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRNcqsAAoJEBYNRVNeJnmTNWAP/iVgzKLALr90GoEczhWQXMWt
xFE/DyzNpjR1qm3S3gPJ2MUozGYX4UgF6+68F3dpJJY85woXY0k40rdK8KPctlfE
5dVHOeSAVxvEV0SfEK0rT6+L1KD5rCjnoOR1l2QyCYX2Qww04PLOIN/uZlJeEklY
BjdZ6JueSQfyJNaCBpDyURwpY1GNk69TpHJ9+NHcOJ/BmsspVcMN5aOd4XN94U8M
0D3s5mWj8hBsoPLFziNanFbJJNHZx6PrJoQyNwr6XOoGD3AwlhIUgVtHERMyxGxF
wh3d1GdSqWhjPvrFr1DlQD0Pi4h5Pgp0YwOetREpjzPaWzkIinvNTZwHmGTHGNVL
2U36DFi/N67xqZgZ+isRdIl1LsEuLueUJlZB813iYbG1mRQpCyZ/5nX5uliwqAlX
mO7mg1Nj1mgvjFrb7M8wRU9tW1es364u6Rproa7qx2BATrfvqZMUPFDW3xGBVTqA
fqIpgLjvYq+DXTJPGAPN1R9sP3kFtoudh1UzYeoTu20cEJhpThSoRLsHQWTZFaOB
RW5QVs0MQphxRvGjCL/DsLRad6Ofv7C18NUpeOE6E4rYX7OzfUDEiQcfD5P++PkZ
1U46TLXlfZlSFv6Ba/OzDrRuKJrY3VHBe7voIb/0iyfTEyundsGlvSd/o8afSvs3
Kml2h0N0OZMp2C/WXIs8
=8keL
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.