Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 10 Jun 2013 14:39:16 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Jonathan Salwan <jonathan.salwan@...il.com>
Subject: Re: CVE Request: Linux Kernel - Leak information in
 cdrom driver.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/06/2013 02:19 AM, Jonathan Salwan wrote:
> Hi,
> 
> When we read a block from the disk it normally fills a buffer but
> if the drive is malfunctioning there is a chance that it would only
> be partially filled. The result is an leak information to
> userspace.
> 
> Patch applied and committed in the next-line :
> 
> http://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/drivers/cdrom/cdrom.c?id=050e4b8fb7cdd7096c987a9cd556029c622c7fe2
>
> 
> 
> Could you allocate a CVE id for this?
> 
> Thanks,
> 
> -- Jonathan

Please use CVE-2013-2164  for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRtjl0AAoJEBYNRVNeJnmT4jYP/j5kSrPLMXfLHBJbR785g2Fw
ujkzjDE7i3X8VhQRHHkdCzxbFQR8dgyo56yHY0QDc6medL0oCH59lqYB8Wtn0T0E
k2FalBNnjRz5Le0u2GCeokMQGBcb03wSnnQ5sBLWsJEWcZHm3RQWfR7QSdUKcPfs
Q3fTb8hvqDikCEivmBbRbFUPP2wxJkLOoWeyrcpzrkCEsMLFUT3DAS7mKrAZui2G
hvuVFtQvAHidLuURxf0MqbQVvPZKZPsAY63EWEz8k7fPfg8p3PrhfArZzRqMRkHH
pXj3fglBbMTnmq4EV7ipHwL9PgCcN5xBm9xmp21KGSxb76RGpUDkF/n9kxDSEApH
7Gz7rAmJeoNkGHzwqF1pS2G4Z4KQ39TBU51CQdSydFJyA8PVg7FruqouJkSh5GyT
LHliNqiS//hD+GLkRhrCwBaNUcN4NXrevcYSp7k5zoJwxgUiy3EVz03YS+aKZAqi
+d3bOlHbikZL7naHcNw8ESDVjPDtydoGYBUqhZ7XW7IR+wgDwUIzVYx1GYIO8ddf
h598y3ezPcvOhSVnMVp94TLvmRgONxoQHZLbD47voLhzxl+81DBtURTyHbuiqiTa
GS1jAczPRXewapLi0H941jN/aivxCJKzxufgeBolvKfiF5bsdN/PGzS7CSI0e1Lj
6TLZ6TEKBtXhBNTpLE8P
=7/Nf
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ