Date: Tue, 30 Mar 2010 15:38:34 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security@...ts.openwall.com cc: "Steven M. Christey" <coley@...us.mitre.org> Subject: Re: CVE request: kernel: ipv6: skb is unexpectedly freed (remote DoS) On Mon, 29 Mar 2010, Eugene Teo wrote: > Upstream commit: > http://git.kernel.org/linus/fb7e2399ec17f1004c0e0ccfd17439f8759ede01 I'm not clear on the role of ipv6 here. The affected code is in ipv4/tcp_input.c and there's no mention of tcp_v6_conn_request() there. I'm guessing this was fixed in Linux 2.6.20. Arguably this could have been given a 2007 ID, but the patch didn't clearly label the problem as a security issue, so I will treat Eugene's request as the first widely-public disclosure - thus a 2010 date. Use CVE-2010-1188 - Steve
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.