Summary: | <sys-kernel/openvz-sources-2.6.32.78.27 - local unprivileged user could crash the system resulting in DoS (CVE-2013-2224) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Joakim <moonwalker> |
Component: | Kernel | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | alexander, andreis.vinogradovs, pinkbyte, proxy-maint, vserver-devs+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Joakim
2013-07-03 16:44:59 UTC
@pva, could you confirm the issue? (In reply to Agostino Sarubbo from comment #1) > @pva, could you confirm the issue? I'm not pva ;), but ,yes, i confirm this; I plan to bump it this weekend. 2.6.32.78.28 is in tree now, let's stabilize it Target keywords: amd64 x86 amd64/x86 stable. Kernels don't get GLSAs. Closing. CVE-2013-2224 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2224): A certain Red Hat patch for the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 allows local users to cause a denial of service (invalid free operation and system crash) or possibly gain privileges via a sendmsg system call with the IP_RETOPTS option, as demonstrated by hemlock.c. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-3552. |