Bug 1415908 (CVE-2016-10142)
Summary: | CVE-2016-10142 kernel - IPV6 fragmentation flaw | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Wade Mealing <wmealing> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | aquini, arm-mgr, bhu, blc, dhoward, fhrbata, gansalmon, hwkernel-mgr, iboverma, ichavero, itamar, jforbes, jkacur, joelsmith, jonathan, jross, jwboyer, kernel-maint, kernel-mgr, labbott, lgoncalv, madhu.chinakonda, matt, mchehab, mcressma, mlangsdo, nmurray, pholasek, plougher, rt-maint, rvrbovsk, sardella, vgoyal, williams |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
It was discovered that a remote attacker could leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow (in scenarios in which actual fragmentation of packets is not needed) and could subsequently perform any type of a fragmentation-based attack against legacy IPv6 nodes that do not implement RFC6946.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-06-08 03:06:02 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1415930, 1415931, 1415932 | ||
Bug Blocks: | 1413640 |
Description
Wade Mealing
2017-01-24 03:57:01 UTC
External References: https://tools.ietf.org/html/rfc8021 https://bugzilla.novell.com/show_bug.cgi?id=1020078 Statement: This issue affects the Linux kernel shipping with Red Hat Enterprise Linux 7 and MRG-2 prior to 2.6.32-440. Versions after this release have the solution applied. This issue also affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6. Future updates for the respective releases may address the issue. This issue does not not affect Red Hat Enterprise Linux 5. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 5. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. *** Bug 1415910 has been marked as a duplicate of this bug. *** Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1415932] This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2017:0817 https://rhn.redhat.com/errata/RHSA-2017-0817.html |