Incorrect buffer length handling was found in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel, which could be exploited by malicious NCPFS servers to crash the kernel or possibly execute an arbitrary code.
A suggested fix:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1558698]
NCPFS is not enabled in Fedora any longer it is scheduled for removal from the upstream kernel.
See upstream commita 1bb8155080c6 and 5d8515bc2321:
The networking IPX and the ncpfs filesystem are moved into the staging
tree, as they are on their way out of the kernel due to lack of use