Hide Forgot
Linux kernel built with the Ceph core library(CONFIG_CEPH_LIB) support is vulnerable to a NULL pointer dereference flaw. It could occur while handling auth_reply messages from a CEPH client. A remote user/program could use this flaw to crash the system, resulting in denial of service. References: http://hkpco.kr/advisory/CVE-2013-1059.txt
Statement: This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 980341]
Created attachment 767633 [details] Proposed patch
(In reply to Petr Matousek from comment #3) > Created attachment 767633 [details] > Proposed patch That looks like it would work. Do you plan on sending it upstream?
(In reply to Josh Boyer from comment #4) > (In reply to Petr Matousek from comment #3) > > Created attachment 767633 [details] > > Proposed patch > > That looks like it would work. Do you plan on sending it upstream? This is actually patch acked by ceph maintainer Sage Weil (and not written by me). I expect him to send it upstream.
Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/sage/ceph-client.git/commit/?id=2cb33cac622afde897aa02d3dcd9fbba8bae839e