** Description changed: - [linux kernel net_get_random_once bug] + The net_get_random_once implementation in net/core/utils.c in the Linux + kernel 3.13.x and 3.14.x before 3.14.5 on certain Intel processors does + not perform the intended slow-path operation to initialize random seeds, + which makes it easier for remote attackers to spoof or disrupt IP + communication by leveraging the predictability of TCP sequence numbers, + TCP and UDP port numbers, and IP ID values. Break-Fix: a48e42920ff38bc90bbf75143fff4555723d4540 3d4405226d27b3a215e4d03cfa51f536244e5de7
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1377339 Title: CVE-2014-7284 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1377339/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
