Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 24 Aug 2017 11:03:14 -0700
From: Seth Arnold <seth.arnold@...onical.com>
To: oss-security@...ts.openwall.com
Subject: Re: Linux kernel: fixed bug in
 net/core/flow_dissector.c

On Thu, Aug 24, 2017 at 05:52:45PM +0300, Alexander Popov wrote:
> I was asked to investigate a suspicious kernel crash on some Linux
> server. It is at least a remote DoS (and maybe RCE): Linux is crashed by
> receiving a single special MPLS packet.
> 
> I bisected and found out that the bug was introduced in
> commit b3baa0fbd02a1a9d493d8cb92ae4a4491b9e9d13
> And was later fixed it in
> commit a6e544b0a88b53114bfa5a57e21b7be7a8dfc9d0

> Is it worth requesting a CVE ID for that issue?

I think it is, it's an easy way to make sure all downstream consumers
are alerted to the issue.

Thanks

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ