Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 17 Dec 2014 16:32:56 +0530 (IST)
From: P J P <ppandit@...hat.com>
To: oss security list <oss-security@...ts.openwall.com>
Subject: CVE Request Linux kernel: fs: isofs: infinite loop in CE records

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

    Hello,

Linux kernel built with the iso9660 file system(CONFIG_ISO9660_FS) support is 
vulnerable to an infinite recursion loop flaw, which could lead to a crash or 
render a system unresponsive/unusable after a while. This occurs while 
mounting an iso9660 image.

An unprivileged user/process could use this flaw to crash the system resulting 
in DoS.

Upstream fix:
- -------------
   -> https://git.kernel.org/linus/f54e18f1b831c92f6512d2eedb224cd63d607d3d

Thank you.
- --
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUkWLgAAoJEN0TPTL+WwQfix4QAJRmIb2nQCwivn0N/0N8kadv
K/Wr2pyM7FqAAvr3HvIq6ec/L3SaSIt6OyPcybI2EbfwhPdHcnDEUII6Iwui5BeU
Uo83ulQvtmMQlpgBfDaC/gMtThAD0/PQT3ErGdyxG+oMGj2MqgOnCJ0Cc/aAxaoP
TLACDCmZAeTnvVtE1m00gjbaq1xjkaupBHKq3W8lX25W0NeoUNMZUDk2M7BB3CdR
5HFcPdLvWhTT7PMvxdSf0s1lNqvbNG0cWrCpjQ26ZRNc1VFNI40AjPYvgttW4fCg
IojYQV9AIb/vmV5pMyk+Y2fO28WOdxbFlJACzWy/VUYs1Gx0o8BcR9ZllvEf7q0W
XzIG00b+nTA6MhZ83rddpzK4CfLG3GqK2+Us/E1tl6+WuYNHH4rD8WD+1THsebdC
9KkVb+tgvWerYfZ0U5hSKGg2xH+miqeVfvuG2EkODXrfVogGtH9a7qcd06wjo6Uh
3x5m0CfKIUrytkQxf6Fv51nXl4fBBMQmvZ0Yj/YI/xFtYSjGPAejdz9M9GfjmIYn
qKLaq7VC6g3h+tw6RLf7SzIJuhhuTnoKD4exiD2a3hXCnH1hJO/J2cXipNOi4EkE
r0sVnHo5S3htNVPvwVmgu7PKdoX19wSzUs1gUJFZ2ZMozypolGhZ0n/QMSPu3C/H
/4B7cF/dWfBaxILa6OCE
=WHPo
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.