[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Re: Please REJECT CVE-2011-4112
From:       Petr Matousek <pmatouse () redhat ! com>
Date:       2011-11-24 16:32:36
Message-ID: 20111124163236.GD1081 () dhcp-25-225 ! brq ! redhat ! com
[Download RAW message or body]

On Thu, Nov 24, 2011 at 05:21:01PM +0100, Tavis Ormandy wrote:
> Petr Matousek <pmatouse@redhat.com> wrote:
> 
> > Hi,
> > 
> > could you please reject CVE-2011-4112 as it is not a security bug.
> > 
> > Reference: https://bugzilla.redhat.com/show_bug.cgi?id=751006#c5
> > 
> > Thank you,
> 
> Unrelated, but if it did not require CAP_NET_ADMIN, would you have
> considered it a security bug?

Yes.

> I was under the impression that there was general agreement that NULL derefs
> that are handled gracefully are not security bugs any more.
> 
> Is this because you're setting panic_on_oops?

Yes. That's the default in RHEL.

Petr
[prev in list] [next in list] [prev in thread] [next in thread]