severity 571634 serious
thanks
On Thu, Jun 09, 2011 at 11:18:30AM +0200, Josip Rodin wrote:
retitle 571634 xen-utils-common vif-common.sh still using --physdev-out,
--state
found 571634 4.0.0-1
thanks
Hi,
That link to upstream patch in the last message is apparently broken,
a working one is:
http://xenbits.xen.org/hg/xen-unstable.hg/rev/b0fe8260cefa
but also more importantly for the current stable package:
http://xenbits.xen.org/hg/xen-4.0-testing.hg/rev/af7110f4f803
Because the state module is activated, conntrack kicks in, and eventually
a high amount of traffic will cause the following to happen on dom0:
Jun 9 09:24:45 crux kernel: [27998.532343] nf_conntrack: table full,
dropping packet.
Jun 9 09:24:54 crux kernel: [28007.820634] nf_conntrack: table full,
dropping packet.
Jun 9 09:24:54 crux kernel: [28007.820651] nf_conntrack: table full,
dropping packet.
That could almost qualify as an excessive susceptibility to DoS, i.e. a
security
issue.
Please fix both bugs in stable. TIA.
In fact an analogous issue in libvirt was treated by others
as a security issue:
http://wiki.libvirt.org/page/Networking#Creating_network_initscripts
links to
https://bugzilla.redhat.com/show_bug.cgi?id=512206
It really should be fixed.
--
2. That which causes joy or happiness.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org