retired/CVE-2023-42754


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

Description: ipv4: fix null-deref in ipv4_link_failure
References:
 https://www.openwall.com/lists/oss-security/2023/10/02/8
Notes:
 carnil> Commit fixes ed0de45a1008 ("ipv4: recompile ip options in
 carnil> ipv4_link_failure") in 5.1-rc6, but which got backported so
 carnil> several stable series.
 carnil> For 6.5.y fixed as well in 6.5.6.
Bugs:
upstream: released (6.6-rc3) [0113d9c9d1ccc07f5a3710dac4aa24b6d711278c]
6.1-upstream-stable: released (6.1.56) [2712545e535d7a2e4c53b9c9658a9c88c6055862]
5.10-upstream-stable: released (5.10.198) [8689c9ace976d6c078e6dc844b09598796e84099]
4.19-upstream-stable: released (4.19.296) [a2cf7bd75b3992e8df68dd5fdc6499b67d45f6e0]
sid: released (6.5.6-1)
6.1-bookworm-security: released (6.1.55-1) [bugfix/all/ipv4-fix-null-deref-in-ipv4_link_failure.patch]
5.10-bullseye-security: released (5.10.197-1) [bugfix/all/ipv4-fix-null-deref-in-ipv4_link_failure.patch]
4.19-buster-security: released (4.19.304-1)