Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 01 Mar 2010 23:35:21 +0800
From: Eugene Teo <eugeneteo@...nel.sg>
To: oss-security@...ts.openwall.com
CC: "Steven M. Christey" <coley@...us.mitre.org>
Subject: CVE request: kernel: dvb-core: ULE decapsulation DoS

Reported by Ang Way Chuang.

"dvb-core: Fix DoS bug in ULE decapsulation code that can be triggered 
by an invalid Payload Pointer ULE (Unidirectional Lightweight 
Encapsulation RFC 4326) decapsulation has a bug that causes endless loop 
when Payload Pointer of MPEG2-TS frame is 182 or 183.  Anyone who sends 
malicious MPEG2-TS frame will cause the receiver of ULE SNDU to go into 
endless loop.

This patch was generated and tested against linux-2.6.32.9 and should 
apply cleanly to linux-2.6.33 as well because there was only one typo 
fix to dvb_net.c since v2.6.32.

This bug was brought to you by modern day Santa Claus who decided to 
shower the satellite dish at Keio University with heavy snow causing 
huge burst of errors.  We, receiver end, received Santa Claus's gift in 
the form of kernel bug."

http://git.kernel.org/linus/29e1fa3565a7951cc415c634eb2b78dbdbee151d
http://bugzilla.redhat.com/569237

Thanks, Eugene

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.