2013-12-17
ALT-BU-2013-1446-1
Branch p7 update bulletin.
Package kernel-image-std-def updated to version 3.10.24-alt1 for branch p7 in task 110573.
Closed vulnerabilities
Published: 2013-11-20
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2013-4563
The udp6_ufo_fragment function in net/ipv6/udp_offload.c in the Linux kernel through 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly perform a certain size comparison before inserting a fragment header, which allows remote attackers to cause a denial of service (panic) via a large IPv6 UDP packet, as demonstrated by use of the Token Bucket Filter (TBF) queueing discipline.
Severity: HIGH (7.1)
References:
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0e033e04c2678dbbe74a46b23fffb7bb918c288e
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0e033e04c2678dbbe74a46b23fffb7bb918c288e
- openSUSE-SU-2014:0205
- openSUSE-SU-2014:0205
- [oss-security] 20131113 CVE-2013-4563 -- Linux kernel: net: large udp packet over IPv6 over UFO-enabled device with TBF qdisc panic
- [oss-security] 20131113 CVE-2013-4563 -- Linux kernel: net: large udp packet over IPv6 over UFO-enabled device with TBF qdisc panic
- USN-2113-1
- USN-2113-1
- USN-2117-1
- USN-2117-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1030015
- https://bugzilla.redhat.com/show_bug.cgi?id=1030015
- https://github.com/torvalds/linux/commit/0e033e04c2678dbbe74a46b23fffb7bb918c288e
- https://github.com/torvalds/linux/commit/0e033e04c2678dbbe74a46b23fffb7bb918c288e