Bug 6894 - [Anolis OS 23] Bugfix for CVE-2023-38711
Summary: [Anolis OS 23] Bugfix for CVE-2023-38711
Status: RESOLVED FIXED
Alias: None
Product: Anolis OS 23
Classification: Anolis OS
Component: BaseOS Packages (show other bugs) BaseOS Packages
Version: unspecified
Hardware: All Linux
: P2-High S2-major
Target Milestone: ---
Assignee: happy_orange
QA Contact: bolong_tbl
URL:
Whiteboard:
Keywords: CVE
Depends on:
Blocks:
 
Reported: 2023-10-17 21:32 UTC by 小龙
Modified: 2023-10-17 21:33 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description 小龙 admin 2023-10-17 21:32:05 UTC 
Description:
4.12之前在Libreswan发现了一个问题。当使用ID_IPV4_ADDR或ID_IPV6_ADDR配置的IKEv1快速模式连接接收到ID_FQDN的IDcr负载时,NULL指针取消引用会导致pluto守护程序崩溃并重新启动。注意:最早受影响的版本是4.6。

Broken commit info:

Bugfix commit info: