** Changed in: linux (Ubuntu Utopic)
Status: New => Fix Committed
** Description changed:
- net: SCTP: NULL pointer dereference
+ The sctp_assoc_update function in net/sctp/associola.c in the Linux
+ kernel through 3.15.8, when SCTP authentication is enabled, allows
+ remote attackers to cause a denial of service (NULL pointer dereference
+ and OOPS) by starting to establish an association between two endpoints
+ immediately after an exchange of INIT and INIT ACK chunks to establish
+ an earlier association between these endpoints in the opposite
+ direction.
Break-Fix: - 1be9a950c646c9092fb3618197f7b6bfb50e82aa
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1349804
Title:
CVE-2014-5077
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1349804/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
