Hide Forgot
IPv6 fragment identification generation is way beyond what we use for IPv4 : It uses a single generator. Its not scalable and allows DOS attacks. Now inetpeer is IPv6 aware, we can use it to provide a more secure and scalable frag ident generator (per destination, instead of system wide) This patch : 1) defines a new secure_ipv6_id() helper 2) extends inet_getid() to provide 32bit results 3) extends ipv6_select_ident() with a new dest parameter http://thread.gmane.org/gmane.linux.network/201773 Acknowledgements: Red Hat would like to thank Fernando Gont for reporting this issue.
Statement: This issue did not affect the Linux kernel as shipped with Red Hat Enterprise MRG as it has backported the fix that addresses this issue. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. This has been addressed in Red Hat Enterprise Linux 5 and 6 via https://rhn.redhat.com/errata/RHSA-2011-1386.html and https://rhn.redhat.com/errata/RHSA-2011-1465.html.
Upstream commit: http://git.kernel.org/linus/87c48fa3b4630905f98268dde838ee43626a060c
(In reply to comment #9) > Upstream commit: > http://git.kernel.org/linus/87c48fa3b4630905f98268dde838ee43626a060c I believe this is the one we want to backport; http://permalink.gmane.org/gmane.linux.kernel.stable/16086
http://git.kernel.org/?p=linux/kernel/git/stable/linux-3.0.y.git;a=commitdiff;h=ef81bb40bf15f350fe865f31fa42f1082772a576
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2011:1386 https://rhn.redhat.com/errata/RHSA-2011-1386.html
Created kernel tracking bugs for this issue Affects: fedora-all [bug 748667]
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:1465 https://rhn.redhat.com/errata/RHSA-2011-1465.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5.6 EUS - Server Only Via RHSA-2012:0358 https://rhn.redhat.com/errata/RHSA-2012-0358.html