[Kernel-packages] [Bug 1615835] Re: CVE-2016-5696

[Steve Beattie]

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-5696

** Changed in: linux-lts-trusty (Ubuntu)
   Importance: Undecided => Medium

** Changed in: linux-lts-trusty (Ubuntu)
       Status: New => Fix Committed

** Description changed:

  Description
  net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly
  determine the rate of challenge ACK segments, which makes it easier for
  man-in-the-middle attackers to hijack TCP sessions via a blind in-window
  attack.
  
  Ubuntu-Description
  Yue Cao et al discovered a flaw in the TCP implementation's handling
  of challenge acks in the Linux kernel. A remote attacker could use
  this to cause a denial of service (reset connection) or inject
  content into an TCP stream.
  
  References
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5696
  https://www.mail-archive.com/netdev@vger.kernel.org/msg118677.html
  
http://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758
  https://lwn.net/Articles/696868/
+ https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5696.html

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-lts-trusty in Ubuntu.
https://bugs.launchpad.net/bugs/1615835

Title:
  CVE-2016-5696

Status in linux-lts-trusty package in Ubuntu:
  Fix Committed

Bug description:
  Description
  net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly
  determine the rate of challenge ACK segments, which makes it easier for
  man-in-the-middle attackers to hijack TCP sessions via a blind in-window
  attack.

  Ubuntu-Description
  Yue Cao et al discovered a flaw in the TCP implementation's handling
  of challenge acks in the Linux kernel. A remote attacker could use
  this to cause a denial of service (reset connection) or inject
  content into an TCP stream.

  References
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5696
  https://www.mail-archive.com/netdev@vger.kernel.org/msg118677.html
  
http://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758
  https://lwn.net/Articles/696868/
  https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5696.html

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-lts-trusty/+bug/1615835/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp