[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[]
From:       Solar Designer <solar () openwall ! com>
Date:       2013-02-25 20:28:55
Message-ID: 20130225202855.GA6788 () openwall ! com
[Download RAW message or body]

On Mon, Feb 25, 2013 at 11:43:57AM +0100, Marcus Meissner wrote:
> On Mon, Feb 25, 2013 at 02:13:49PM +0400, Solar Designer wrote:
> > On Sun, Feb 24, 2013 at 10:10:45AM +0100, Mathias Krause wrote:
> > > Affected versions:
> > > v3.3 - v3.8
> > 
> > Nice find!  Do you happen to know of distro backports of the affected
> > code to older kernels?  When you wrote that the bug is "in there for
> > ages", did you mean that 3.3 has been out "for ages" or something else?
> 
> We did not backport the sock_diag code to SUSE Linux Enterprise Server 11 SP2.

Thank you.  There's also a "not vulnerable" statement for "the kernel
package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat
Enterprise MRG 2":

https://bugzilla.redhat.com/show_bug.cgi?id=915052#c4

Alexander
[prev in list] [next in list] [prev in thread] [next in thread]