[kernel-sec-discuss] r835 - active
jmm at alioth.debian.org
jmm at alioth.debian.org
Thu May 24 22:02:17 UTC 2007
Author: jmm
Date: 2007-05-24 22:02:17 +0000 (Thu, 24 May 2007)
New Revision: 835
Removed:
active/CVE-2006-2275
Log:
retire old SCTP issue
Deleted: active/CVE-2006-2275
===================================================================
--- active/CVE-2006-2275 2007-05-24 22:01:59 UTC (rev 834)
+++ active/CVE-2006-2275 2007-05-24 22:02:17 UTC (rev 835)
@@ -1,21 +0,0 @@
-Candidate: CVE-2006-2275
-References:
- http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7c3ceb4fb9667f34f1599a062efecf4cdc4a4ce5
-Description:
- Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a
- denial of service (deadlock) via a large number of small messages
- to a receiver application that cannot process the messages quickly
- enough, which leads to "spillover of the receive buffer."
-Notes:
- jmm> Seems like an ABI-breaker, the sctp_chunk struct is changed in the
- jmm> upstream fix, this issue alone is not worth an ABI bump, a fix will
- jmm> be postponed for now
- jmm> For Sarge we'll ignore it, as it was only available under CONFIG_EXPERIMENTAL
- jmm> and not suitable for production use anyway
-Bugs:
-upstream: released (2.6.16.15)
-linux-2.6: released (2.6.16-13)
-2.6.8-sarge-security: ignored
-2.4.27-sarge-security: ignored
-2.6.18-etch-security: N/A
-
More information about the kernel-sec-discuss
mailing list