** Information type changed from Private Security to Public Security
** Changed in: linux (Ubuntu Yakkety)
Status: New => Confirmed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1648662
Title:
Vulnerability picked up from 4.8.10 stable kernel
Status in linux package in Ubuntu:
New
Status in linux source package in Yakkety:
Confirmed
Bug description:
The yakkety master-next tree tagged Ubuntu-4.8.0-31.33 contains git
commit 13119e8d911cd268a57012717874f8ab0f42c252 (upstream commit
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5d41ce29e3b91ef305f88d23f72b3359de329cec,
linux-stable commit http://git.kernel.org/cgit/linux/kernel/git/stable
/linux-
stable.git/commit/?h=linux-4.8.y&id=92fd1c1f2fd27a352b91ad1f874775618aa1865a
). This is considered to have introduced CVE-2016-9919 (see
http://www.openwall.com/lists/oss-security/2016/12/08/16 ), a remote
denial of service for hosts that use ipv6.
Upstream commit
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=79dc7e3f1cd323be4c81aa1a94faa1b3ed987fb2
addresses the issue.
Since the issue only affects the yakkety-proposed kernel, we should
not release this kernel with this vulnerability intact.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1648662/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
