** Changed in: linux (Ubuntu)
Status: Incomplete => Confirmed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1898742
Title:
Linux Kernel "ppp_cp_parse_cr()" Denial of Service Vulnerability
Status in linux package in Ubuntu:
Confirmed
Bug description:
Dear Launchpad Ubuntu Team,
An error related to the "ppp_cp_parse_cr()" function (hdlc_ppp.c) can
be exploited to trigger an infinite loop or an out-of-bounds read
memory access via a specially crafted packet.
The vulnerability is reported in versions 5.4.x prior to 5.4.68,
4.19.x prior to 4.19.148, 4.14.x prior to 4.14.200, 4.9.x prior to
4.9.238, and 4.4.x prior to 4.4.238.
The following software is affected by the described vulnerability:
Linux Kernel 4.14.x
Linux Kernel 4.19.x
Linux Kernel 4.4.x
Linux Kernel 4.9.x
Linux Kernel 5.4.x
References
1. https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.12
2. https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.68
3. https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.148
4. https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.200
5. https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.238
6. https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.238
7.
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=66d42ed8b25b64eb63111a2b8582c5afc8bf1105
The issue affects Ubuntu 16 LTS.
Please provide an update.
Best regards,
it0001
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1898742/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
