Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Tue, 29 Aug 2017 12:46:24 +0300
From: Alexander Popov <alex.popov@...ux.com>
To: Seth Arnold <seth.arnold@...onical.com>, oss-security@...ts.openwall.com
Subject: Re: Linux kernel: fixed bug in
 net/core/flow_dissector.c

On 24.08.2017 21:03, Seth Arnold wrote:
> On Thu, Aug 24, 2017 at 05:52:45PM +0300, Alexander Popov wrote:
>> I was asked to investigate a suspicious kernel crash on some Linux
>> server. It is at least a remote DoS (and maybe RCE): Linux is crashed by
>> receiving a single special MPLS packet.
>>
>> I bisected and found out that the bug was introduced in
>> commit b3baa0fbd02a1a9d493d8cb92ae4a4491b9e9d13
>> And was later fixed it in
>> commit a6e544b0a88b53114bfa5a57e21b7be7a8dfc9d0
> 
>> Is it worth requesting a CVE ID for that issue?
> 
> I think it is, it's an easy way to make sure all downstream consumers
> are alerted to the issue.

I've requested a CVE ID at https://cveform.mitre.org/ and got
CVE-2017-13715 for this issue.

Best regards,
Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.