Ubuntu
linux-meta package

[CVE-2007-5501] [linux-source] possible remote DoS via crafted TCP ACK responses

Bug #173851 reported by disabled.user
254
Affects Status Importance Assigned to Milestone
linux-meta (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: linux-source

References:
[1] CVE-2007-5501 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5501)
[2] SUSE-SA:2007:063

Quoting [1]:
"The tcp_sacktag_write_queue function in net/ipv4/tcp_input.c in Linux kernel 2.6.21 through 2.6.23.7, and 2.6.24-rc through 2.6.24-rc2, allows remote attackers to cause a denial of service (crash) via crafted ACK responses that trigger a NULL pointer dereference."

CVE References

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

This was fixed some time ago in:
 http://www.ubuntu.com/usn/usn-574-1
 http://www.ubuntu.com/usn/usn-558-1

Changed in linux-meta:
status: New → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.