Date: Sun, 02 Nov 2014 12:57:45 +0100 From: Florian Weimer <fw@...eb.enyo.de> To: oss-security@...ts.openwall.com Subject: CVE-2014-7207 assignment: Debian-specific Linux 3.2 backport issue Debian has assigned CVE-2014-7207 to the following issue: Several Debian developers reported an issue in the IPv6 networking subsystem. A local user with access to tun or macvtap devices, or a virtual machine connected to such a device, can cause a denial of service (system crash). This update includes a bug fix related to CVE-2014-7207 that disables UFO (UDP Fragmentation Offload) in the macvtap, tun, and virtio_net drivers. This will cause migration of a running VM from a host running an earlier kernel version to a host running this kernel version to fail, if the VM has been assigned a virtio network device. In order to migrate such a VM, it must be shut down first. The bug report with a few more details is here: <https://bugs.debian.org/766195> We believe this is specific to Debian's Linux 3.2-based backport series.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ