Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20111028080642.GH29335@suse.de>
Date: Fri, 28 Oct 2011 10:06:42 +0200
From: Marcus Meissner <meissner@...e.de>
To: OSS Security List <oss-security@...ts.openwall.com>
Subject: CVE Request: Multiple remote denial of service in Linux bridge networking code 2.6.37-3.0

Hi,

Linux kernel 2.6.37 introduced with this commit
	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=462fb2af9788a82a534f8184abfde31574e1cfa0
several regressions that be used to trigger remote denial of service attacks when
bridging is in use.

Reporter thread is on:
	http://thread.gmane.org/gmane.linux.network/191713

Fixes are in git commits:
	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=f8e9881c2aef1e982e5abc25c046820cd0b7cf64
		In 2.6.39
	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=66944e1c5797562cebe2d1857d46dff60bf9a69e
		In 2.6.39
	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=c65353daf137dd41f3ede3baf62d561fca076228
		In 3.0
	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=10949550bd1e50cc91c0f5085f7080a44b0871fe
		In 3.0
So it can be considered fixed with Linux kernel 3.0.
Thanks to Eugene for looking up the commit ids.

I think it just needs one CVE, as it was one introducing patch.

Ciao, Marcus

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.