LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2012-2744 CVE-2012-2745
Created:July 10, 2012 Updated:October 24, 2012
Description: From the Red Hat advisory:

* A NULL pointer dereference flaw was found in the nf_ct_frag6_reasm() function in the Linux kernel's netfilter IPv6 connection tracking implementation. A remote attacker could use this flaw to send specially-crafted packets to a target system that is using IPv6 and also has the nf_conntrack_ipv6 kernel module loaded, causing it to crash. (CVE-2012-2744, Important)

* A flaw was found in the way the Linux kernel's key management facility handled replacement session keyrings on process forks. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-2745, Moderate)

Alerts:
Red Hat RHSA-2012:1064-01 2012-07-10
CentOS CESA-2012:1064 2012-07-10
Oracle ELSA-2012-1064 2012-07-11
Ubuntu USN-1507-1 2012-07-16
Oracle ELSA-2012-2025 2012-07-18
Oracle ELSA-2012-2026 2012-07-18
Red Hat RHSA-2012:1114-01 2012-07-24
Scientific Linux SL-kern-20120726 2012-07-26
Red Hat RHSA-2012:1129-01 2012-07-31
Red Hat RHSA-2012:1148-01 2012-08-07
Ubuntu USN-1567-1 2012-09-14
Ubuntu USN-1574-1 2012-09-19
Ubuntu USN-1597-1 2012-10-04
Ubuntu USN-1606-1 2012-10-11
SUSE SUSE-SU-2012:1391-1 2012-10-24
openSUSE openSUSE-SU-2013:0396-1 2013-03-05
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds