Date: Tue, 7 Apr 2015 20:38:21 -0400 (EDT) From: Wade Mealing <wmealing@...hat.com> To: OSS Security List <oss-security@...ts.openwall.com> Cc: cve-assign@...re.org Subject: CVE request netfilter connection tracking accounting. Gday, I'd like to request a CVE for an issue posted to netfilter-devel ( http://marc.info/?l=netfilter-devel&m=140112364215200&w=2 ). This issue can be classified as a denial of service. >From the bug report: "I got the following OOPS with kernel 3.14.4 (debian backport for wheezy) on our internet gateway while trying to establish a new PPTP tunnel from a NAT-ed host. Seems it's 100% reproductible" The issue appears to be within netfilter connection tracking accounting, not specific to PPTP or other helper protocols. The flaw was introduced on Linux 3.6 and fixed on 3.15. The upstream fix is available ( See reference 1 ) Thank you. Wade Mealing -- Red Hat Product Security References: 1) http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=223b02d923ecd7c84cf9780bb3686f455d279279
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ