blob: 290fdf6a634d1f3a4f04506c9842f74b1c0c6833 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
Description: sfc: potential remote denial of service through TCP MSS option
References:
http://www.spinics.net/lists/netdev/msg206292.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3412
Notes:
bwh> Critical changes are commit 30b678d844af3305cda5953467005cebb5d7b687
bwh> and 7e6d06f0de3f74ca929441add094518ae332257c. The following commit
bwh> 7e6d06f0de3f74ca929441add094518ae332257c reduces the performance hit
bwh> for sfc in the extreme case that causes DoS, but it's higher risk and
bwh> I'm not aware of any customer hitting this. There is an alternate
bwh> fix available that only touches the sfc driver, but with a greater
bwh> performance hit again.
Bugs:
upstream: released (3.6-rc2) [30b678d844af3305cda5953467005cebb5d7b687, 7e6d06f0de3f74ca929441add094518ae332257c, 7e6d06f0de3f74ca929441add094518ae332257c]
2.6.32-upstream-stable: ignored
sid: released (3.2.29-1) [bugfix/all/net-allow-driver-to-limit-number-of-gso-segments-per-skb.patch, bugfix/all/sfc-fix-maximum-number-of-tso-segments-and-minimum-tx-queue-size.patch, bugfix/all/tcp-apply-device-tso-segment-limit-earlier.patch]
2.6.32-squeeze-security: released (2.6.32-46) [bugfix/all/sfc-Fix-maximum-number-of-TSO-segments-and-minimum-T.patch]
3.2-wheezy-security: released (3.2.29-1)
3.2-upstream-stable: released (3.2.30) [net-allow-driver-to-limit-number-of-gso-segments-per-skb.patch, sfc-fix-maximum-number-of-tso-segments-and-minimum-tx-queue-size.patch, tcp-apply-device-tso-segment-limit-earlier.patch]
|
