It was found that Linux kernel's sctp stack is prone to remotely triggerable memory pressure issue caused by excessive queueing. A remote attacker could use this flaw to cause denial-of-service conditions on the system. Upstream commmit: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=26b87c7881006311828bb0ab271a551a62dcceb4
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1155751]
Statement: This issue does affect Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG. Future Linux kernel updates for the respective releases will address this issue.
kernel-3.16.6-202.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
kernel-3.17.2-300.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
kernel-3.14.23-100.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
IssueDescription: A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2014:1971 https://rhn.redhat.com/errata/RHSA-2014-1971.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2014:1997 https://rhn.redhat.com/errata/RHSA-2014-1997.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.4 EUS - Server and Compute Node Only Via RHSA-2015:0043 https://rhn.redhat.com/errata/RHSA-2015-0043.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.5 EUS - Server and Compute Node Only Via RHSA-2015:0062 https://rhn.redhat.com/errata/RHSA-2015-0062.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.2 AUS Via RHSA-2015:0115 https://rhn.redhat.com/errata/RHSA-2015-0115.html