[kernel-sec-discuss] r508 - patch-tracking
Martin Pitt
mpitt at costa.debian.org
Fri Jul 21 12:04:15 UTC 2006
Author: mpitt
Date: 2006-07-21 12:04:15 +0000 (Fri, 21 Jul 2006)
New Revision: 508
Modified:
patch-tracking/CVE-2006-2934
Log:
fleshed out CVE-2006-2934, add Ubuntu status
Modified: patch-tracking/CVE-2006-2934
===================================================================
--- patch-tracking/CVE-2006-2934 2006-07-21 06:46:25 UTC (rev 507)
+++ patch-tracking/CVE-2006-2934 2006-07-21 12:04:15 UTC (rev 508)
@@ -1,10 +1,18 @@
-Candidate:
-References:
-Description:
+Candidate: CVE-2006-2934
+References:
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=dd7271feba61d5dc0fab1cb5365db9926d35ea3a
+Description: SCTP conntrack: fix crash triggered by packet without chunks
+Ubuntu-Description:
+ A Denial of service vulnerability was reported in iptables' SCTP
+ conntrack module. On computers which use this iptables module, a
+ remote attacker could expoit this to trigger a kernel crash.
Notes:
Bugs:
upstream:
linux-2.6.16:
linux-2.6:
2.6.8-sarge-security:
-2.4.27-sarge-security:
\ No newline at end of file
+2.4.27-sarge-security:
+2.6.10-hoary-security: vuln
+2.6.12-breezy-security: vuln
+2.6.15-dapper-security: committed
More information about the kernel-sec-discuss
mailing list