[kernel-sec-discuss] [Git][kernel-team/kernel-sec][master] Add CVE-2018-1066
Salvatore Bonaccorso
gitlab at salsa.debian.org
Fri Mar 2 06:54:25 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian kernel team / kernel-sec
Commits:
66f3c87c by Salvatore Bonaccorso at 2018-03-02T07:54:17+01:00
Add CVE-2018-1066
- - - - -
1 changed file:
- + active/CVE-2018-1066
Changes:
=====================================
active/CVE-2018-1066
=====================================
--- /dev/null
+++ b/active/CVE-2018-1066
@@ -0,0 +1,16 @@
+Description: Null pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() when empty TargetInfo is returned in NTLMSSP setup negotiation response allowing to crash client's kernel
+References:
+ https://patchwork.kernel.org/patch/10187633/
+Notes:
+ carnil> Issue fixed upstream differently/unknownigly with the
+ carnil> referenced commit cabfb3680f78981d26c078a26e5c748531257ebb
+ carnil> Cf. https://patchwork.kernel.org/patch/10187633/ discussion.
+Bugs:
+upstream: released (4.11-rc1) [cabfb3680f78981d26c078a26e5c748531257ebb]
+4.9-upstream-stable: needed
+3.16-upstream-stable:
+3.2-upstream-stable:
+sid: released (4.11.6-1)
+4.9-stretch-security: needed
+3.16-jessie-security:
+3.2-wheezy-security:
View it on GitLab: https://salsa.debian.org/kernel-team/kernel-sec/commit/66f3c87c7e06a6bc081d67cbd86796c1898fc58f
---
View it on GitLab: https://salsa.debian.org/kernel-team/kernel-sec/commit/66f3c87c7e06a6bc081d67cbd86796c1898fc58f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/kernel-sec-discuss/attachments/20180302/5828a05a/attachment-0001.html>
More information about the kernel-sec-discuss
mailing list