[USN-1661-1] Linux kernel vulnerability

Bahn, Nathan nathan.bahn at gmail.com
Tue Dec 11 18:37:01 UTC 2012 

On Tue, Dec 11, 2012 at 12:38 PM, Kristian Erik Hermansen
<kristian.hermansen at gmail.com> wrote:
> OK. This may be a dumb question, but I thought IPv6 did away with
> fragmentation precisely to prevent such security issues. What happened here?
>
> On Dec 10, 2012 8:53 PM, "John Johansen" <john.johansen at canonical.com>
> wrote:
>>
>> ==========================================================================
>> Ubuntu Security Notice USN-1661-1
>> December 11, 2012
>>
>> linux vulnerability
>> ==========================================================================
>>
>> A security issue affects these releases of Ubuntu and its derivatives:
>>
>> - Ubuntu 10.04 LTS
>>
>> Summary:
>>
>> The system's firewall could be bypassed by a remote attacker.
>>
>> Software Description:
>> - linux: Linux kernel
>>
>> Details:
>>
>> Zhang Zuotao discovered a bug in the Linux kernel's handling of
>> overlapping
>> fragments in ipv6. A remote attacker could exploit this flaw to bypass
>> firewalls and initial new network connections that should have been
>> blocked
>> by the firewall.
>>
>> Update instructions:
>>
>> The problem can be corrected by updating your system to the following
>> package versions:
>>
>> Ubuntu 10.04 LTS:
>>   linux-image-2.6.32-45-386       2.6.32-45.101
>>   linux-image-2.6.32-45-generic   2.6.32-45.101
>>   linux-image-2.6.32-45-generic-pae  2.6.32-45.101
>>   linux-image-2.6.32-45-ia64      2.6.32-45.101
>>   linux-image-2.6.32-45-lpia      2.6.32-45.101
>>   linux-image-2.6.32-45-powerpc   2.6.32-45.101
>>   linux-image-2.6.32-45-powerpc-smp  2.6.32-45.101
>>   linux-image-2.6.32-45-powerpc64-smp  2.6.32-45.101
>>   linux-image-2.6.32-45-preempt   2.6.32-45.101
>>   linux-image-2.6.32-45-server    2.6.32-45.101
>>   linux-image-2.6.32-45-sparc64   2.6.32-45.101
>>   linux-image-2.6.32-45-sparc64-smp  2.6.32-45.101
>>   linux-image-2.6.32-45-versatile  2.6.32-45.101
>>   linux-image-2.6.32-45-virtual   2.6.32-45.101
>>
>> After a standard system update you need to reboot your computer to make
>> all the necessary changes.
>>
>> References:
>>   http://www.ubuntu.com/usn/usn-1661-1
>>   CVE-2012-4444
>>
>> Package Information:
>>   https://launchpad.net/ubuntu/+source/linux/2.6.32-45.101



K.E.H.--
There is no such thing as a dumb question; unfortunately I am unable
to answer your question.  I am sorry.
-- 
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html ,
http://www.libreoffice.org/ &
http://www.fsf.org/campaigns/opendocument (Nathan Bahn)

More information about the ubuntu-users mailing list