Date: Tue, 30 Aug 2011 12:03:03 +0800 From: Eugene Teo <eugene@...hat.com> To: oss-security@...ts.openwall.com CC: "Steven M. Christey" <coley@...us.mitre.org> Subject: kernel: CVE-2011-2482/2519 CVE-2011-2482 sctp DoS This does not affect the upstream kernel. Our kernel left out a chunk of upstream ea2bc483ff5 that was not needed at the time of the backport, but was later required for a feature that we introduced in the kernel. https://bugzilla.redhat.com/CVE-2011-2482 http://git.kernel.org/linus/ea2bc483ff5caada7c4aa0d5fbf87d3a6590273d CVE-2011-2519 xen: x86_emulate: fix SAHF emulation This has been addressed in the upstream xen implementation. The patched code would cause a hypervisor crash due to dereferencing a bogus address (in the first 4 MBs of address space, as EFLAGS bits above bit 21 are always 0, but more likely in the first page). http://xenbits.xen.org/hg/xen-3.1-testing.hg/rev/15644 https://bugzilla.redhat.com/CVE-2011-2519 Thanks, Eugene
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.