Re: Details on CVE-2016-10229: Remote code execution vulnerability in kernel networking subsystem

To: debian-security@lists.debian.org
Subject: Re: Details on CVE-2016-10229: Remote code execution vulnerability in kernel networking subsystem
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 4 Apr 2017 08:11:05 +0200
Message-id: <[🔎] 20170404061105.GA16973@lorien.valinor.li>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 14f03ae4-8889-684f-e2ee-e3a82a5a763a@jluehr.de>
References: <[🔎] 14f03ae4-8889-684f-e2ee-e3a82a5a763a@jluehr.de>

Hi

On Tue, Apr 04, 2017 at 12:52:41AM +0200, Jan Lühr wrote:
> Hei folks,
> 
> android recently patched CVE-2016-10229: Remote code execution
> vulnerability in kernel networking subsystem.
> 
> Since https://security-tracker.debian.org/tracker/CVE-2016-10229 is
> rather blank ... does this problem exists in debian, too?

The problem has been fixed in Debian stable already with
3.16.7-ckt20-1+deb8u2. I have updated the tracker. Unfortunately that
is one of the CVE assigned by Android and assigned only later on. I
guess most distributions have the fixes already in their releases
(without CVE references).

Regards,
Salvatore

Reply to:

Follow-Ups:
- Re: Details on CVE-2016-10229: Remote code execution vulnerability in kernel networking subsystem
  - From: Jan Lühr <jan@jluehr.de>

References:
- Details on CVE-2016-10229: Remote code execution vulnerability in kernel networking subsystem
  - From: Jan Lühr <jan@jluehr.de>

Prev by Date: Details on CVE-2016-10229: Remote code execution vulnerability in kernel networking subsystem
Next by Date: Re: Details on CVE-2016-10229: Remote code execution vulnerability in kernel networking subsystem
Previous by thread: Details on CVE-2016-10229: Remote code execution vulnerability in kernel networking subsystem
Next by thread: Re: Details on CVE-2016-10229: Remote code execution vulnerability in kernel networking subsystem
Index(es):
- Date
- Thread