Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 24 Jul 2014 19:30:10 +0530 (IST)
From: P J P <ppandit@...hat.com>
To: oss security list <oss-security@...ts.openwall.com>
Subject: CVE request Linux Kernel: net: SCTP: NULL pointer dereference

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

    Hello,

Linux kernel built with the support for Stream Control Transmission Protocol 
(CONFIG_IP_SCTP) is vulnerable to a NULL pointer dereference flaw. It could 
occur when simultaneous new connections are initiated between a same pair of 
hosts.

A remote user/program could use this flaw to crash the system kernel resulting
in DoS.

Upstream fix:
- -------------
   -> http://patchwork.ozlabs.org/patch/372475/


Thank you.
- --
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJT0RFqAAoJEN0TPTL+WwQfGG8P/jDznmANj2c3rVe0Sx3BaxRX
zwbkaqg3eiKiqmBh+Wnf+n6tDsvGA2TUYAF+lqOEM5twJee89Z+WtTRoI6+6MMCE
AwiohGZyIIutPYwVmZk1lgWnbiVb7jLpoU225ztzMKGuPCO+kDwvFyjmXK6XsfrW
ww02NoJjysibS/OteJ9gDGbbGVmWuAly+IhwURTLTeuUBmfnV2vO1nFNT9WzWjpU
30Cw09Kac47UvW2RvQLOi+elTl36oTKjbFPp2So8LYxEvaxakooI7w8y7OtSYMxG
b3IHIDzgsbQTXFTQzp9mSSymHkAKGMtMpjqBPB8AHk5yVYWF4WM2Rx5vagTyqWUp
TcwbP9OloND+AoTsWabKyIwIzElnw2xaNEWXU4CxagDookPx+CqLLJF5abRDUlK7
T+/LIpCMtZnRuJF0CQedMSOBCie9zRgdwesmRdtvRBpQ4JzpwFOlFoKbkDtSSvXd
9ArbbJHst4uuGEjih2PWRL6OCigk+a3mmXmcGtAChbuouW26dOPfOSbXO+0WpC0K
YNpttf/9cudRVows1/iS249prMrJvwktvCBiPOOMK4hDUAp+Q7w7XIWmSOlmD4Fd
7IlzylhC79eUN26bhm19pMtEFkz0K5l/t1HrAgZ91htWuT8sxtBu2uYKivk8rIiH
LgN0haqjXaAYidUwDO+b
=T+/w
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ