Bug#643817: Fix for CVE-2011-2699 can result in crash in VM hosts

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#643817: Fix for CVE-2011-2699 can result in crash in VM hosts
From: Ben Hutchings <ben@decadent.org.uk>
Date: Fri, 30 Sep 2011 03:31:42 +0100
Message-id: <[🔎] 20110930023142.13725.55613.reportbug@deadeye>
Reply-to: Ben Hutchings <ben@decadent.org.uk>, 643817@bugs.debian.org

Package: linux-2.6
Version: 2.6.32-36
Severity: serious
Tags: security patch

VM guests using the virtio_net driver may take advantage of UFO (UDP
fragmentation offload) which results in the VM host performing
fragmentation.  As discussed in
<http://thread.gmane.org/gmane.linux.kernel/1196272>, the new IPv6
fragment ID generator will crash in this case because the expected
routing context is missing.

No fix is yet available, so we should revert the original fix and
sort this out properly later.

Ben.

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (x86_64)

Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Reply to:

Prev by Date: Bug#633526: [vserver] Bug#633526: vserver kernel breaks ssh public_key authentication on NFS
Next by Date: Re: Upcoming Point Releases
Previous by thread: Bug#633526: [vserver] Bug#633526: vserver kernel breaks ssh public_key authentication on NFS
Next by thread: Bug#637461: nfs-common: it worked for a while, and now again
Index(es):
- Date
- Thread