** Description changed: - Ryan Sweat discovered that the GRO code did not correctly validate - memory. In some configurations on systems using VLANs, a remote attacker - could send specially crafted traffic to crash the system, leading to a - denial of service. + The napi_reuse_skb function in net/core/dev.c in the Generic Receive + Offload (GRO) implementation in the Linux kernel before 2.6.38 does not + reset the values of certain structure members, which might allow remote + attackers to cause a denial of service (NULL pointer dereference) via a + malformed VLAN frame. Break-Fix: 5d38a079ce3971f932bbdc0dc5b887806fabd5dc 6d152e23ad1a7a5b40fef1f42e017d66e6115159 Break-Fix: 5d38a079ce3971f932bbdc0dc5b887806fabd5dc 66c46d741e2e60f0e8b625b80edb0ab820c46d7a
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/816549 Title: CVE-2011-1478 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/816549/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
