CVE-2017-6074

Bug #1665935 reported by Steve Beattie on 2017-02-18
262
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Critical
Unassigned

Bug Description

Patch: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4

Kernels affected: all of them :(

MITIGATION:
Disable autoloading the DCCP ipv4 and ipv6 module autoloading by creating /etc/modprobe.d/blacklist-dccp.conf with the following contents:

  alias net-pf-2-proto-0-type-6 off
  alias net-pf-2-proto-33-type-6 off
  alias net-pf-10-proto-0-type-6 off
  alias net-pf-10-proto-33-type-6 off

CVE References

Steve Beattie (sbeattie) on 2017-02-18
description: updated
summary: - Placeholder
+ CVE-2017-6074
Changed in linux (Ubuntu):
importance: Undecided → Critical
Steve Beattie (sbeattie) on 2017-02-18
description: updated
Steve Beattie (sbeattie) wrote :

The DCCP bits in the kernel seem to be poorly maintained and should probably be added to the rarely used network protocols blacklist.

description: updated
Steve Beattie (sbeattie) on 2017-02-20
description: updated
description: updated
Andy Whitcroft (apw) on 2017-02-21
Changed in linux (Ubuntu):
status: New → Confirmed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 4.8.0-39.42

---------------
linux (4.8.0-39.42) yakkety; urgency=low

  * CVE-2017-6074 (LP: #1665935)
    - dccp: fix freeing skb too early for IPV6_RECVPKTINFO

 -- Stefan Bader <email address hidden> Mon, 20 Feb 2017 09:30:56 +0100

Changed in linux (Ubuntu):
status: Confirmed → Fix Released
status: Confirmed → Fix Released

The verification of the Stable Release Update for linux-snapdragon has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Steve Beattie (sbeattie) on 2018-06-06
information type: Private Security → Public Security
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers