Integer underflow in the dccp_parse_options function
(net/dccp/options.c) in the Linux kernel before 126.96.36.199 allows
remote attackers to cause a denial of service via a Datagram
Congestion Control Protocol (DCCP) packet with an invalid feature
options length, which triggers a buffer over-read.
This problem was introduced in v2.6.29-rc1 and therefore does not affect
hardy. The fix for this has already hit lucid, natty, and oneiric via
mainline and stable. Following this email is a patch for: lucid/fsl-imx51,
maverick, maverick/ti-omap4, and natty/ti-omap4; this is a clean
cherry-pick from the upstream commit.
Proposing for lucid/fsl-imx51, maverick, maverick/ti-omap4, and natty/ti-omap4.
Tim Gardner email@example.com
kernel-team mailing list