Public bug reported: [Impact]
>From CVE description: https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-8645.html "The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c." [Test Case] See references in the CVE page. [Regression Potential] This modifies the code that handles all tcp packets, so it could cause problems with network traffic, although unlikely since it's been applied upstream and to various stable kernels (but not the 3.13.y stable branch). [Other Info] The patch appears to have been pulled into xenial through the 4.4.y stable tree, but it doesn't appear that the patch will be applied to the 3.13.y stable tree, so this bug is track manually adding the patch. ** Affects: linux (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1687107 Title: CVE-2016-8645: Linux kernel mishandles socket buffer (skb) truncation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1687107/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
