Ubuntu Security Notice 3170-2 - Andrey Konovalov discovered that the ipv6 icmp implementation in the Linux kernel did not properly check data structures on send. A remote attacker could use this to cause a denial of service. Andrey Konovalov discovered that signed integer overflows existed in the setsockopt system call when handling the SO_SNDBUFFORCE and SO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capability could use this to cause a denial of service. Various other issues were also addressed. Continue reading...
