[kernel-sec-discuss] r508 - patch-tracking

[Martin Pitt]

Author: mpitt
Date: 2006-07-21 12:04:15 +0000 (Fri, 21 Jul 2006)
New Revision: 508

Modified:
   patch-tracking/CVE-2006-2934
Log:
fleshed out CVE-2006-2934, add Ubuntu status

Modified: patch-tracking/CVE-2006-2934
===================================================================
--- patch-tracking/CVE-2006-2934	2006-07-21 06:46:25 UTC (rev 507)
+++ patch-tracking/CVE-2006-2934	2006-07-21 12:04:15 UTC (rev 508)
@@ -1,10 +1,18 @@
-Candidate: 
-References: 
-Description: 
+Candidate: CVE-2006-2934
+References:
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=dd7271feba61d5dc0fab1cb5365db9926d35ea3a
+Description: SCTP conntrack: fix crash triggered by packet without chunks
+Ubuntu-Description:
+ A Denial of service vulnerability was reported in iptables' SCTP
+ conntrack module. On computers which use this iptables module, a
+ remote attacker could expoit this to trigger a kernel crash.
 Notes: 
 Bugs: 
 upstream: 
 linux-2.6.16: 
 linux-2.6:
 2.6.8-sarge-security: 
-2.4.27-sarge-security:
\ No newline at end of file
+2.4.27-sarge-security:
+2.6.10-hoary-security: vuln
+2.6.12-breezy-security: vuln
+2.6.15-dapper-security: committed