** Description changed: - xfrm_user: null ptr deref + The xfrm_state_netlink function in net/xfrm/xfrm_user.c in the Linux + kernel before 3.5.7 does not properly handle error conditions in + dump_one_state function calls, which allows local users to gain + privileges or cause a denial of service (NULL pointer dereference and + system crash) by leveraging the CAP_NET_ADMIN capability. Break-Fix: - 864745d291b5ba80ea0bd0edcbe67273de368836
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1155026 Title: CVE-2013-1826 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1155026/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
