← Back to team overview

kernel-packages team mailing list archive

[Bug 1349804] Re: CVE-2014-5077

 

** Changed in: linux (Ubuntu Utopic)
       Status: New => Fix Committed

** Description changed:

- net: SCTP: NULL pointer dereference
+ The sctp_assoc_update function in net/sctp/associola.c in the Linux
+ kernel through 3.15.8, when SCTP authentication is enabled, allows
+ remote attackers to cause a denial of service (NULL pointer dereference
+ and OOPS) by starting to establish an association between two endpoints
+ immediately after an exchange of INIT and INIT ACK chunks to establish
+ an earlier association between these endpoints in the opposite
+ direction.
  
  Break-Fix: - 1be9a950c646c9092fb3618197f7b6bfb50e82aa

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1349804

Title:
  CVE-2014-5077

Status in “linux” package in Ubuntu:
  Fix Committed
Status in “linux-armadaxp” package in Ubuntu:
  Invalid
Status in “linux-ec2” package in Ubuntu:
  Invalid
Status in “linux-fsl-imx51” package in Ubuntu:
  Invalid
Status in “linux-lts-backport-maverick” package in Ubuntu:
  New
Status in “linux-lts-backport-natty” package in Ubuntu:
  New
Status in “linux-lts-quantal” package in Ubuntu:
  Invalid
Status in “linux-lts-raring” package in Ubuntu:
  Invalid
Status in “linux-lts-saucy” package in Ubuntu:
  Invalid
Status in “linux-mvl-dove” package in Ubuntu:
  Invalid
Status in “linux-ti-omap4” package in Ubuntu:
  Invalid
Status in “linux” source package in Lucid:
  Fix Committed
Status in “linux-armadaxp” source package in Lucid:
  Invalid
Status in “linux-ec2” source package in Lucid:
  New
Status in “linux-fsl-imx51” source package in Lucid:
  Invalid
Status in “linux-lts-backport-maverick” source package in Lucid:
  New
Status in “linux-lts-backport-natty” source package in Lucid:
  New
Status in “linux-lts-quantal” source package in Lucid:
  Invalid
Status in “linux-lts-raring” source package in Lucid:
  Invalid
Status in “linux-lts-saucy” source package in Lucid:
  Invalid
Status in “linux-mvl-dove” source package in Lucid:
  Invalid
Status in “linux-ti-omap4” source package in Lucid:
  Invalid
Status in “linux” source package in Precise:
  Fix Committed
Status in “linux-armadaxp” source package in Precise:
  New
Status in “linux-ec2” source package in Precise:
  Invalid
Status in “linux-fsl-imx51” source package in Precise:
  Invalid
Status in “linux-lts-backport-maverick” source package in Precise:
  New
Status in “linux-lts-backport-natty” source package in Precise:
  New
Status in “linux-lts-quantal” source package in Precise:
  New
Status in “linux-lts-raring” source package in Precise:
  New
Status in “linux-lts-saucy” source package in Precise:
  New
Status in “linux-mvl-dove” source package in Precise:
  Invalid
Status in “linux-ti-omap4” source package in Precise:
  New
Status in “linux” source package in Trusty:
  New
Status in “linux-armadaxp” source package in Trusty:
  Invalid
Status in “linux-ec2” source package in Trusty:
  Invalid
Status in “linux-fsl-imx51” source package in Trusty:
  Invalid
Status in “linux-lts-backport-maverick” source package in Trusty:
  New
Status in “linux-lts-backport-natty” source package in Trusty:
  New
Status in “linux-lts-quantal” source package in Trusty:
  Invalid
Status in “linux-lts-raring” source package in Trusty:
  Invalid
Status in “linux-lts-saucy” source package in Trusty:
  Invalid
Status in “linux-mvl-dove” source package in Trusty:
  Invalid
Status in “linux-ti-omap4” source package in Trusty:
  Invalid
Status in “linux” source package in Utopic:
  Fix Committed
Status in “linux-armadaxp” source package in Utopic:
  Invalid
Status in “linux-ec2” source package in Utopic:
  Invalid
Status in “linux-fsl-imx51” source package in Utopic:
  Invalid
Status in “linux-lts-backport-maverick” source package in Utopic:
  New
Status in “linux-lts-backport-natty” source package in Utopic:
  New
Status in “linux-lts-quantal” source package in Utopic:
  Invalid
Status in “linux-lts-raring” source package in Utopic:
  Invalid
Status in “linux-lts-saucy” source package in Utopic:
  Invalid
Status in “linux-mvl-dove” source package in Utopic:
  Invalid
Status in “linux-ti-omap4” source package in Utopic:
  Invalid

Bug description:
  The sctp_assoc_update function in net/sctp/associola.c in the Linux
  kernel through 3.15.8, when SCTP authentication is enabled, allows
  remote attackers to cause a denial of service (NULL pointer
  dereference and OOPS) by starting to establish an association between
  two endpoints immediately after an exchange of INIT and INIT ACK
  chunks to establish an earlier association between these endpoints in
  the opposite direction.

  Break-Fix: - 1be9a950c646c9092fb3618197f7b6bfb50e82aa

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1349804/+subscriptions


References