oss-sec mailing list archives
Re: Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390)
From: Amos Jeffries <squid3 () treenet co nz>
Date: Fri, 10 Aug 2018 15:14:46 +1200
On 09/08/18 19:12, Stiepan wrote:
Hi, Could you please provide some more details on the issue? About the same period, our secure e-mail provider suffered an unprecedented DDoS with some e-mail messages never reaching us. Since this has business impact, we consider legal action against the opaque Linux-distros vulnerability-disclosure-among-friends-for-fun-and-profit scheme, that we exposed at the ITU earlier this year. This is digital divide in the works, with real impact for non-club-members.
Surely your lawyer should be aware of these clauses in the license under which you are assigned the right to use the Linux kernel: " 15. Disclaimer of Warranty. THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 16. Limitation of Liability. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 17. Interpretation of Sections 15 and 16. If the disclaimer of warranty and limitation of liability provided above cannot be given local legal effect according to their terms, reviewing courts shall apply local law that most closely approximates an absolute waiver of all civil liability in connection with the Program, unless a warranty or assumption of liability accompanies a copy of the Program in return for a fee. " If a particular Vendor is providing any warranty or guarantees - that is a sales and contractual agreement between you and them. Not between you and the linux-distros group. (with my Hat on as a Vendor of OS software using this same license, not otherwise related to any of the parties is this discussion.) AYJ
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- RE: Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390), (continued)
- RE: Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390) Reinis Rozitis (Aug 09)
- Re: Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390) Solar Designer (Aug 09)
- Re: Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390) Stiepan (Aug 09)
- Re: Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390) David T. (Aug 09)
- Re: Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390) Solar Designer (Aug 09)
- Re: Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390) Kurt H Maier (Aug 09)
- Re: Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390) Solar Designer (Aug 09)
- Re: Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390) Stiepan (Aug 09)
- Re: Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390) Matthew Garrett (Aug 09)