Date: Thu, 24 Aug 2017 11:03:14 -0700 From: Seth Arnold <seth.arnold@...onical.com> To: oss-security@...ts.openwall.com Subject: Re: Linux kernel: fixed bug in net/core/flow_dissector.c On Thu, Aug 24, 2017 at 05:52:45PM +0300, Alexander Popov wrote: > I was asked to investigate a suspicious kernel crash on some Linux > server. It is at least a remote DoS (and maybe RCE): Linux is crashed by > receiving a single special MPLS packet. > > I bisected and found out that the bug was introduced in > commit b3baa0fbd02a1a9d493d8cb92ae4a4491b9e9d13 > And was later fixed it in > commit a6e544b0a88b53114bfa5a57e21b7be7a8dfc9d0 > Is it worth requesting a CVE ID for that issue? I think it is, it's an easy way to make sure all downstream consumers are alerted to the issue. Thanks Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ