Bug 709164 - VUL-1: kernel: gro: Only reset frag0 when skb can be pulled
VUL-1: kernel: gro: Only reset frag0 when skb can be pulled
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: General
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: Security Team bot
Security Team bot
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-07-29 07:45 UTC by Thomas Biege
Modified: 2011-11-16 23:09 UTC (History)
5 users (show)

See Also:
Found By: Development
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Biege 2011-07-29 07:45:13 UTC
Hi.
There is a security bug in package 'kernel'.

This information is from 'oss-security'.

This bug is public.

There is no coordinated release date (CRD) set.

More information can be found here:
	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=17dd759c67f21e34f2156abcf415e1f60605a188

CVE number: CVE-2011-2723
CVE description: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2723
CVSS v2 Base Score: 5.7 (important) (AV:A/AC:M/Au:N/C:N/I:N/A:C)


Original posting:



CVE-2011-2723


Betreff: [oss-security] CVE request: kernel: gro: Only reset frag0 when skb can be pulled
Datum: Freitag, 29. Juli 2011, 00:30:35
Von: Kees Cook <kees@ubuntu.com>
An:  oss-security@lists.openwall.com

Hi,

This fixes a remote crasher under certain network device configurations:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=17dd759c67f21e34f2156abcf415e1f60605a188

Thanks,

-Kees

-- 
Kees Cook
Ubuntu Security Team
Comment 1 Michal Hocko 2011-08-05 14:13:27 UTC
AFAIU this issue affects only > 2.6.29 which have Generic offload infrastructure. So it shouldn't affect SLES*-TD branches.
Comment 2 Thomas Biege 2011-08-12 16:35:21 UTC
please ignore, just adjusting priority
Comment 3 Marcus Meissner 2011-09-30 20:19:15 UTC
For SUSE Linux Enterprise 11 SP1, this is in the 2.6.32.43-44 diff.
Comment 4 Marcus Meissner 2011-09-30 20:25:45 UTC
also for slert11 sp1 then I guess ...
Comment 5 Benjamin Poirier 2011-11-16 23:09:30 UTC
SLE11-SP1
        fixed in c3c239c62ae57, upstream -stable v2.6.32.44
SLE11-SP2 : 3.0.9
        fixed in 97edbc901240, upstream -stable v3.0.1
SLES10_SP3
        unaffected
SLES10_SP4
        unaffected
openSUSE-11.3 : 2.6.34.10
        applied, c361a6f57ea8cc680f4cd10eb0abb1c313e203ad
openSUSE-11.4 : 2.6.37.6
        applied, e289f565254e013b70ced9cec5d478be348125a4