Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 14 Nov 2016 13:36:58 -0500
From: <cve-assign@...re.org>
To: <ondrej@...y.org>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>,
	<team@...urity.debian.org>, <dariusz.dwornikowski@...put.poznan.pl>,
	<sam-k6mymjcnjpz3fmkieotlt7rbgvqt98qy@...iam.org>
Subject: Re: Remote crash in MaraDNS 2.0.13 and git master

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> remote crash bug in MaraDNS 2.0.13 js_readuint16

Use CVE-2016-9300.


> remote crash bug in MaraDNS 2.0.13 js_substr

Use CVE-2016-9301.


> remote crash bug in MaraDNS 2.0.13 process_query -> this in fact
> looks like stack smashing, since it crashes on htons in an unrelated
> place

Use CVE-2016-9302.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYKgMsAAoJEHb/MwWLVhi21GoP/3HGz6OGmr6WDKg+2+IUaD8h
Rwgsw78MVxqrnq/gXwg0or2yYXXHxKyR12LlDmWADnqi7WtW7mM+4r3WSGb71Vqk
jfCptES4/UqpCKdEV4+HQ5nVKFRhQo1zpEam+kHbS5OiB93GlhS3UByyaSyeRsnf
ZnfdVl61NjCJHerb8lBEtYf0e5rA1SvspwfIiior6o9967X9Yrs9e2S0EidCl7dq
WFwh1lXZCMgGw38WzeblKgm000ScDplTgAmu6yWMIoRgZeAIdy1605/iSoBPJfgD
NS0wecALHmUqhYYeouBS/1l2FDg7pIpWWAo5s7fkiajxF8hvbUR1tTd2v1hOY8Xc
+w4Hiao2j4BXd9ZoKCUGumV3d0eSksNx52ZgzN8oJxa+mX74iDG6abbTYSfzlAWG
lmRFi94/0oeufIqD1aMaZ5jrMoWjjyPoum2L2Y31tUiJdFUktKJ9/6dW02wydNme
UjZjkIwjL44DCz4WLfXqV/rIMyx/ZztVgneAAqUFn1ssHf51HyzQPSpgbRLgj9Gc
ohRUn34JyZGbACYXm63pMjA01Z6FOCjlE+/kgGoNe56u+1i9UFPdaQs0OY4g9POF
DXl6kHqYNxqxASk1Ms70epXt4b/pBHdGXzqFF5QmPPW5xXiubCswn13hZhM/lZRF
tTzTS1vprIT3fYUXhjZn
=B4JU
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ