Summary: | Kernel : sctp: SCTP_GET_ASSOC_STATS stack buffer overflow (CVE-2013-1828) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Kernel | Assignee: | Gentoo Kernel Security <security-kernel> |
Status: | RESOLVED OBSOLETE | ||
Severity: | normal | CC: | kernel |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=919315 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-03-08 05:44:12 UTC
Any news on this? For me its completly impossible to use SCTP here: As soon as clvmd connects to dlm and dlm wants to use sctp grsec will panic the system And DLM with TCP instead of SCTP will not work because the system is multihomed... (dlm: TCP protocol can't handle multi-homed hosts, try SCTP) (On hardened with kernel 3.8.3 or 3.7.5 or 3.2.37 ...) What I have hit was a false positive in grsec which is fixed in the latest grsec patchset. See $URL for more details There are no longer any 2.x or <3.8 kernels available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security. |