Comment 0 for bug 1648662

The yakkety master-next tree tagged Ubuntu-4.8.0-31.33 contains git commit 13119e8d911cd268a57012717874f8ab0f42c252 (upstream commit http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5d41ce29e3b91ef305f88d23f72b3359de329cec ). This is considered to have introduced CVE-2016-9919 (see http://www.openwall.com/lists/oss-security/2016/12/08/16 ), a remote denial of service for hosts that use ipv6.

Upstream commit http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=79dc7e3f1cd323be4c81aa1a94faa1b3ed987fb2 addresses the issue.

Since the issue only affects the yakkety-proposed kernel, we should not release this kernel with this vulnerability intact.