Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 10 Jun 2013 14:39:16 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Jonathan Salwan <jonathan.salwan@...il.com>
Subject: Re: CVE Request: Linux Kernel - Leak information in
 cdrom driver.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/06/2013 02:19 AM, Jonathan Salwan wrote:
> Hi,
> 
> When we read a block from the disk it normally fills a buffer but
> if the drive is malfunctioning there is a chance that it would only
> be partially filled. The result is an leak information to
> userspace.
> 
> Patch applied and committed in the next-line :
> 
> http://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/drivers/cdrom/cdrom.c?id=050e4b8fb7cdd7096c987a9cd556029c622c7fe2
>
> 
> 
> Could you allocate a CVE id for this?
> 
> Thanks,
> 
> -- Jonathan

Please use CVE-2013-2164  for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRtjl0AAoJEBYNRVNeJnmT4jYP/j5kSrPLMXfLHBJbR785g2Fw
ujkzjDE7i3X8VhQRHHkdCzxbFQR8dgyo56yHY0QDc6medL0oCH59lqYB8Wtn0T0E
k2FalBNnjRz5Le0u2GCeokMQGBcb03wSnnQ5sBLWsJEWcZHm3RQWfR7QSdUKcPfs
Q3fTb8hvqDikCEivmBbRbFUPP2wxJkLOoWeyrcpzrkCEsMLFUT3DAS7mKrAZui2G
hvuVFtQvAHidLuURxf0MqbQVvPZKZPsAY63EWEz8k7fPfg8p3PrhfArZzRqMRkHH
pXj3fglBbMTnmq4EV7ipHwL9PgCcN5xBm9xmp21KGSxb76RGpUDkF/n9kxDSEApH
7Gz7rAmJeoNkGHzwqF1pS2G4Z4KQ39TBU51CQdSydFJyA8PVg7FruqouJkSh5GyT
LHliNqiS//hD+GLkRhrCwBaNUcN4NXrevcYSp7k5zoJwxgUiy3EVz03YS+aKZAqi
+d3bOlHbikZL7naHcNw8ESDVjPDtydoGYBUqhZ7XW7IR+wgDwUIzVYx1GYIO8ddf
h598y3ezPcvOhSVnMVp94TLvmRgONxoQHZLbD47voLhzxl+81DBtURTyHbuiqiTa
GS1jAczPRXewapLi0H941jN/aivxCJKzxufgeBolvKfiF5bsdN/PGzS7CSI0e1Lj
6TLZ6TEKBtXhBNTpLE8P
=7/Nf
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.