[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[]
From: Solar Designer <solar () openwall ! com>
Date: 2013-02-25 20:28:55
Message-ID: 20130225202855.GA6788 () openwall ! com
[Download RAW message or body]
On Mon, Feb 25, 2013 at 11:43:57AM +0100, Marcus Meissner wrote:
> On Mon, Feb 25, 2013 at 02:13:49PM +0400, Solar Designer wrote:
> > On Sun, Feb 24, 2013 at 10:10:45AM +0100, Mathias Krause wrote:
> > > Affected versions:
> > > v3.3 - v3.8
> >
> > Nice find! Do you happen to know of distro backports of the affected
> > code to older kernels? When you wrote that the bug is "in there for
> > ages", did you mean that 3.3 has been out "for ages" or something else?
>
> We did not backport the sock_diag code to SUSE Linux Enterprise Server 11 SP2.
Thank you. There's also a "not vulnerable" statement for "the kernel
package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat
Enterprise MRG 2":
https://bugzilla.redhat.com/show_bug.cgi?id=915052#c4
Alexander
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic