[USN-1661-1] Linux kernel vulnerability

Kristian Erik Hermansen kristian.hermansen at gmail.com
Tue Dec 11 17:38:55 UTC 2012


OK. This may be a dumb question, but I thought IPv6 did away with
fragmentation precisely to prevent such security issues. What happened here?
On Dec 10, 2012 8:53 PM, "John Johansen" <john.johansen at canonical.com>
wrote:

> ==========================================================================
> Ubuntu Security Notice USN-1661-1
> December 11, 2012
>
> linux vulnerability
> ==========================================================================
>
> A security issue affects these releases of Ubuntu and its derivatives:
>
> - Ubuntu 10.04 LTS
>
> Summary:
>
> The system's firewall could be bypassed by a remote attacker.
>
> Software Description:
> - linux: Linux kernel
>
> Details:
>
> Zhang Zuotao discovered a bug in the Linux kernel's handling of overlapping
> fragments in ipv6. A remote attacker could exploit this flaw to bypass
> firewalls and initial new network connections that should have been blocked
> by the firewall.
>
> Update instructions:
>
> The problem can be corrected by updating your system to the following
> package versions:
>
> Ubuntu 10.04 LTS:
>   linux-image-2.6.32-45-386       2.6.32-45.101
>   linux-image-2.6.32-45-generic   2.6.32-45.101
>   linux-image-2.6.32-45-generic-pae  2.6.32-45.101
>   linux-image-2.6.32-45-ia64      2.6.32-45.101
>   linux-image-2.6.32-45-lpia      2.6.32-45.101
>   linux-image-2.6.32-45-powerpc   2.6.32-45.101
>   linux-image-2.6.32-45-powerpc-smp  2.6.32-45.101
>   linux-image-2.6.32-45-powerpc64-smp  2.6.32-45.101
>   linux-image-2.6.32-45-preempt   2.6.32-45.101
>   linux-image-2.6.32-45-server    2.6.32-45.101
>   linux-image-2.6.32-45-sparc64   2.6.32-45.101
>   linux-image-2.6.32-45-sparc64-smp  2.6.32-45.101
>   linux-image-2.6.32-45-versatile  2.6.32-45.101
>   linux-image-2.6.32-45-virtual   2.6.32-45.101
>
> After a standard system update you need to reboot your computer to make
> all the necessary changes.
>
> References:
>   http://www.ubuntu.com/usn/usn-1661-1
>   CVE-2012-4444
>
> Package Information:
>   https://launchpad.net/ubuntu/+source/linux/2.6.32-45.101
>
>
> --
> ubuntu-security-announce mailing list
> ubuntu-security-announce at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20121211/f988f9a6/attachment.html>


More information about the ubuntu-users mailing list