[kernel-sec-discuss] r3526 - active
Ben Hutchings
benh at moszumanska.debian.org
Fri Oct 31 16:51:38 UTC 2014
Author: benh
Date: 2014-10-31 16:51:38 +0000 (Fri, 31 Oct 2014)
New Revision: 3526
Added:
active/CVE-2014-7207
Log:
Add CVE-2014-7207
Added: active/CVE-2014-7207
===================================================================
--- active/CVE-2014-7207 (rev 0)
+++ active/CVE-2014-7207 2014-10-31 16:51:38 UTC (rev 3526)
@@ -0,0 +1,18 @@
+Description: Denial of service by sending IPv6 UFO packet through tap
+References:
+Notes:
+ bwh> Bug was introduced in 3.2.63 (and 3.4.101) by the backport of
+ bwh> commit 73f156a6e8c1 ("inetpeer: get rid of ip_id_count") which
+ bwh> assumes ipv6_select_ident() is called with a non-null struct
+ bwh> rt6_info pointer. That was not true as they were missing commit
+ bwh> 916e4cf46d02 ("ipv6: reuse ip6_frag_id from ip6_ufo_append_data").
+ bwh> Neither the upstream kernel nor any other stable branch had this
+ bwh> bug.
+Bugs: #766195
+upstream: N/A
+2.6.32-upstream-stable: N/A
+sid: N/A
+3.2-wheezy-security: released (3.2.63-2+deb7u1) [bugfix/all/ipv6-reuse-ip6_frag_id-from-ip6_ufo_append_data.patch]
+2.6.32-squeeze-security: N/A
+3.16-upstream-stable: N/A
+3.2-upstream-stable: needed
More information about the kernel-sec-discuss
mailing list