Date: Tue, 23 Jul 2013 12:49:54 -0700 From: Seth Arnold <seth.arnold@...onical.com> To: P J P <ppandit@...hat.com> Cc: oss security list <oss-security@...ts.openwall.com> Subject: Re: CVE request: Linux kernel: panic while appending data to a corked IPv6 socket in ip6_append_data_mtu On Wed, Jul 24, 2013 at 01:06:38AM +0530, P J P wrote: > Hi, > > Linux kernel built with the IPv6 networking support is vulnerable to a crash > while appending data to an IPv6 socket with UDP_CORKED option set. UDP_CORK UDP_CORKED? I don't see this string in my /usr/include/ or recent Linux git tree. Am I missing something? Thanks > enables accumulating data and sending it as single datagram. > > An unprivileged user/program could use this flaw to crash the > kernel, resulting in local DoS. > > Upstream fix: > ------------- > -> https://git.kernel.org/linus/75a493e60ac4bbe2e977e7129d6d8cbb0dd236be > > Reference: > ---------- > -> https://bugzilla.redhat.com/show_bug.cgi?id=987633 Download attachment "signature.asc" of type "application/pgp-signature" (491 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.