[kernel-sec-discuss] r5490 - active
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Aug 23 12:00:59 UTC 2017
Author: carnil
Date: 2017-08-23 12:00:59 +0000 (Wed, 23 Aug 2017)
New Revision: 5490
Added:
active/CVE-2017-7558
Log:
Add CVE-2017-7558
Added: active/CVE-2017-7558
===================================================================
--- active/CVE-2017-7558 (rev 0)
+++ active/CVE-2017-7558 2017-08-23 12:00:59 UTC (rev 5490)
@@ -0,0 +1,18 @@
+Description: sctp: out-of-bounds read in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info()
+References:
+ http://www.openwall.com/lists/oss-security/2017/08/23/1
+ https://marc.info/?t=150348787500002&r=1&w=2
+Notes:
+ carnil> proposed patch in https://marc.info/?l=linux-netdev&m=150348777122761&w=2
+ carnil> the bug is said to be present from 4.7-rc1 on wards, but needs to be
+ carnil> checked if we have otherwise backport the issue
+Bugs:
+ https://bugzilla.redhat.com/show_bug.cgi?id=1480266
+upstream: needed
+4.9-upstream-stable: needed
+3.16-upstream-stable:
+3.2-upstream-stable:
+sid: needed
+4.9-stretch-security:
+3.16-jessie-security:
+3.2-wheezy-security:
More information about the kernel-sec-discuss
mailing list