This bug is missing log files that will aid in diagnosing the problem.
>From a terminal window please run:
apport-collect 1687107
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable
to run this command, please add a comment stating that fact and change
the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the
Ubuntu Kernel Team.
** Changed in: linux (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1687107
Title:
CVE-2016-8645: Linux kernel mishandles socket buffer (skb) truncation
Status in linux package in Ubuntu:
Incomplete
Bug description:
[Impact]
From CVE description:
https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-8645.html
"The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation,
which allows local users to cause a denial of service (system crash) via a
crafted application that makes sendto system calls, related to
net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c."
[Test Case]
See references in the CVE page.
[Regression Potential]
This modifies the code that handles all tcp packets, so it could cause
problems with network traffic, although unlikely since it's been applied
upstream and to various stable kernels (but not the 3.13.y stable branch).
[Other Info]
The patch appears to have been pulled into xenial through the 4.4.y stable
tree, but it doesn't appear that the patch will be applied to the 3.13.y stable
tree, so this bug is track manually adding the patch.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1687107/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
