APPLIED: [CVE-2011-1770] dccp: handle invalid feature options length
Tim Gardner
tim.gardner at canonical.com
Fri Jul 8 02:46:39 UTC 2011
On 07/07/2011 04:12 PM, Andy Whitcroft wrote:
> CVE-2011-1770
> Integer underflow in the dccp_parse_options function
> (net/dccp/options.c) in the Linux kernel before 2.6.33.14 allows
> remote attackers to cause a denial of service via a Datagram
> Congestion Control Protocol (DCCP) packet with an invalid feature
> options length, which triggers a buffer over-read.
>
> This problem was introduced in v2.6.29-rc1 and therefore does not affect
> hardy. The fix for this has already hit lucid, natty, and oneiric via
> mainline and stable. Following this email is a patch for: lucid/fsl-imx51,
> maverick, maverick/ti-omap4, and natty/ti-omap4; this is a clean
> cherry-pick from the upstream commit.
>
> Proposing for lucid/fsl-imx51, maverick, maverick/ti-omap4, and natty/ti-omap4.
>
> -apw
>
--
Tim Gardner tim.gardner at canonical.com
More information about the kernel-team
mailing list