blob: a9a98b89861b8b919a8ae426d53889430da6b212 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
Candidate: CVE-2010-3432
Description:
sctp_packet_config() is called when getting the packet ready for appending of
chunks. The function should not touch the current state, since it's possible
to ping-pong between two transports when sending, and that can result packet
corruption followed by skb overlfow crash.
References:
Notes:
Bugs:
upstream: released (2.6.36-rc5) [4bdab43323b459900578b200a4b8cf9713ac8fab]
2.6.32-upstream-stable: released (2.6.32.23)
linux-2.6: released (2.6.32-24)
2.6.26-lenny-security: released (2.6.26-26lenny1) [bugfix/all/sctp-do-not-reset-the-packet-during-sctp_packet_config.patch]
2.6.32-squeeze-security: released (2.6.32-24)
|
