APPLIED: [CVE-2011-4087] Multiple remote denial of service in Linux bridge
Tim Gardner
tim.gardner at canonical.com
Tue Nov 22 21:09:57 UTC 2011
On 11/22/2011 01:58 PM, Tim Gardner wrote:
> On 11/21/2011 05:14 AM, Andy Whitcroft wrote:
>> CVE-2011-4087
>> Scot Doyle discovered that the bridge networking interface
>> incorrectly handled certain network packets. A remote attacker
>> could exploit this to crash the system, leading to a denial
>> of service.
>>
>> Fixes for this issue have hit natty and later via mainline and stable.
>> Releases prior to natty are not affected. Following this email is the
>> one remaining patch required for natty/ti-omap4, this is a direct
>> cherry-pick of the upstream backport on natty/master.
>>
>> Proposing for natty/ti-omap4.
>>
>> -apw
>>
>
>
Drat - as soon as I pushed I noticed there is no bug number in your
patch, so I inserted the bug number from the commit on master
(214c889ef231aa3b3c29a8cbda6783ddfc064b47) and repushed, but then
noticed 793702 is a stable update bug. LP keeps timing out when I search
for CVE-2011-4087, so perhaps you could attempt to fix this commit at
your earliest convenience.
rtg
--
Tim Gardner tim.gardner at canonical.com
More information about the kernel-team
mailing list