Bug 190460
Summary: | CVE-2006-1527 netfilter/sctp: lockup in sctp_new() | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 4 | Reporter: | Marcel Holtmann <holtmann> |
Component: | kernel | Assignee: | Thomas Graf <tgraf> |
Status: | CLOSED ERRATA | QA Contact: | Brian Brock <bbrock> |
Severity: | high | Docs Contact: | |
Priority: | medium | ||
Version: | 4.0 | CC: | davem, jbaron, rkhan, security-response-team |
Target Milestone: | --- | Keywords: | Reopened, Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | impact=important,source=lkml,reported=20060502,public=20060502 | ||
Fixed In Version: | RHSA-2006-0493 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2006-05-24 09:30:58 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Marcel Holtmann
2006-05-02 16:17:08 UTC
hmmm, we only support Red Hat kernels, i suggest following up on lkml. If you can reproduce this on a Red Hat supported kernel, please re-open. I wasn't able to reproduce this on my systems (I don't have a gigabit switch for testing), but this doesn't mean that this issue doesn't exists in Red Hat kernels. Looking at the source for the SCTP conntrack module, it looks similar to the code in the Red Hat kernels based on 2.6.9. ok. sorry. The upstream fix can be found here: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e17df688f7064dae1417ce425dd1e4b71d24d63b committed in stream U4 build 36.1. A test kernel with this patch is available from http://people.redhat.com/~jbaron/rhel4/ An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2006-0493.html |