[kernel] r6749 - patch-tracking

Dann Frazier dannf at costa.debian.org
Mon May 29 03:55:17 UTC 2006


Author: dannf
Date: Mon May 29 03:55:17 2006
New Revision: 6749

Modified:
   patch-tracking/CVE-2006-2274

Log:
updated info

Modified: patch-tracking/CVE-2006-2274
==============================================================================
--- patch-tracking/CVE-2006-2274	(original)
+++ patch-tracking/CVE-2006-2274	Mon May 29 03:55:17 2006
@@ -1,16 +1,26 @@
 Candidate: CVE-2006-2274
 References: 
+ CONFIRM:http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=672e7cca17ed6036a1756ed34cf20dbd72d5e5f6
+ URL:http://www.securityfocus.com/bid/17955
+ URL:http://secunia.com/advisories/20237
+ URL:http://xforce.iss.net/xforce/xfdb/26432 
 Description: 
+ Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial
+ of service (infinite recursion and crash) via a packet that contains two or
+ more DATA fragments, which causes an skb pointer to refer back to itself when
+ the full message is reassembled, leading to infinite recursion in the
+ sctp_skb_pull function.
 Notes: 
+ dannf> Submitted to Marcelo for 2.4
 Bugs: 
 upstream: released (2.6.16.15)
-linux-2.6:
+linux-2.6: released (2.6.16-13)
 2.6.8-sarge-security: pending (2.6.8-16sarge3)
 2.4.27-sarge-security: pending (2.4.27-10sarge3)
 2.4.27:
-2.4.19-woody-security: 
-2.4.18-woody-security: 
-2.4.17-woody-security: 
-2.4.16-woody-security: 
-2.4.17-woody-security-hppa: 
-2.4.17-woody-security-ia64: 
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A



More information about the Kernel-svn-changes mailing list