[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request: Multiple remote denial of service
From:       Kurt Seifried <kseifried () redhat ! com>
Date:       2011-10-28 15:23:37
Message-ID: 4EAAC8F9.30102 () redhat ! com
[Download RAW message or body]

On 10/28/2011 02:06 AM, Marcus Meissner wrote:
> Hi,
>
> Linux kernel 2.6.37 introduced with this commit
> 	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=462fb2af9788a82a534f8184abfde31574e1cfa0
> several regressions that be used to trigger remote denial of service attacks when
> bridging is in use.
>
> Reporter thread is on:
> 	http://thread.gmane.org/gmane.linux.network/191713
>
> Fixes are in git commits:
> 	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=f8e9881c2aef1e982e5abc25c046820cd0b7cf64
> 		In 2.6.39
> 	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=66944e1c5797562cebe2d1857d46dff60bf9a69e
> 		In 2.6.39
> 	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=c65353daf137dd41f3ede3baf62d561fca076228
> 		In 3.0
> 	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=10949550bd1e50cc91c0f5085f7080a44b0871fe
> 		In 3.0
> So it can be considered fixed with Linux kernel 3.0.
> Thanks to Eugene for looking up the commit ids.
>
> I think it just needs one CVE, as it was one introducing patch.
>
> Ciao, Marcus
Please use CVE-2011-4087 for this issue.

-- 

-Kurt Seifried / Red Hat Security Response Team

[prev in list] [next in list] [prev in thread] [next in thread]