Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 29 Aug 2017 12:46:24 +0300
From: Alexander Popov <alex.popov@...ux.com>
To: Seth Arnold <seth.arnold@...onical.com>, oss-security@...ts.openwall.com
Subject: Re: Linux kernel: fixed bug in
 net/core/flow_dissector.c

On 24.08.2017 21:03, Seth Arnold wrote:
> On Thu, Aug 24, 2017 at 05:52:45PM +0300, Alexander Popov wrote:
>> I was asked to investigate a suspicious kernel crash on some Linux
>> server. It is at least a remote DoS (and maybe RCE): Linux is crashed by
>> receiving a single special MPLS packet.
>>
>> I bisected and found out that the bug was introduced in
>> commit b3baa0fbd02a1a9d493d8cb92ae4a4491b9e9d13
>> And was later fixed it in
>> commit a6e544b0a88b53114bfa5a57e21b7be7a8dfc9d0
> 
>> Is it worth requesting a CVE ID for that issue?
> 
> I think it is, it's an easy way to make sure all downstream consumers
> are alerted to the issue.

I've requested a CVE ID at https://cveform.mitre.org/ and got
CVE-2017-13715 for this issue.

Best regards,
Alexander

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ