Description of problem: Reported by Ang Way Chuang, Mauro Carvalho informed Red Hat about a security issue in the ULE decapsulation code. ULE (Unidirectional Lightweight Encapsulation RFC 4326) decapsulation has a bug that causes endless loop when Payload Pointer of MPEG2-TS frame is 182 or 183. Anyone who sends malicious MPEG2-TS frame will cause the receiver of ULE SNDU to go into endless loop. Acknowledgements: Red Hat would like to thank Ang Way Chuang for reporting this issue.
Upstream commit: http://git.kernel.org/linus/29e1fa3565a7951cc415c634eb2b78dbdbee151d
Note: for 2.6.33.1 this is 656bb504522676d4a9ebf218c37f7eb966e534ab
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2010:0394 https://rhn.redhat.com/errata/RHSA-2010-0394.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2010:0398 https://rhn.redhat.com/errata/RHSA-2010-0398.html
This issue has been addressed in following products: MRG for RHEL-5 Via RHSA-2010:0631 https://rhn.redhat.com/errata/RHSA-2010-0631.html