Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 4 Aug 2017 18:59:15 +0200
From: Andrey Konovalov <andreyknvl@...il.com>
To: oss-security@...ts.openwall.com
Cc: willemdebruijn.kernel@...il.com, Dmitry Vyukov <dvyukov@...gle.com>, 
	Kostya Serebryany <kcc@...gle.com>
Subject: Reporting and disclosing Linux kernel vulnerabilities

Hi!

It's not completely clear to me how to properly report and disclose
Linux kernel security issues. There are a few different parties [1, 2,
3] that need to be informed and coordinated. I couldn't find a
publicly available actionable list of steps, so I've outlined it as I
see it here:

https://github.com/google/syzkaller/blob/master/docs/linux_kernel_reporting_bugs.md#reporting-security-bugs

Thoughts? Comments?

Thanks!

[1] https://www.kernel.org/doc/html/latest/admin-guide/security-bugs.html

[2] http://oss-security.openwall.org/wiki/mailing-lists/distros

[3] http://oss-security.openwall.org/wiki/mailing-lists/oss-security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ