kernel-packages team mailing list archive

Thread
Date

[Bug 806374] Re: CVE-2010-4165

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: Mathew Hodson <mathew.hodson@xxxxxxxxx>
Date: Thu, 12 Feb 2015 07:12:39 -0000
Reply-to: Bug 806374 <806374@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-4249

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/806374

Title:
  CVE-2010-4165

Status in linux package in Ubuntu:
  Invalid
Status in linux source package in Hardy:
  Fix Released

Bug description:
  The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel before
  2.6.37-rc2 does not properly restrict TCP_MAXSEG (aka MSS) values, which
  allows local users to cause a denial of service (OOPS) via a setsockopt
  call that specifies a small value, leading to a divide-by-zero error or
  incorrect use of a signed integer.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/806374/+subscriptions