Release date:
Updated on:
Affected Systems:
Debian Linux 5.0 x
Linux kernel 2.6.x
OpenVZ Project OpenVZ 028stab089. 1
OpenVZ Project OpenVZ 028stab085. 2
OpenVZ Project OpenVZ 028stab081. 1
Unaffected system:
OpenVZ Project OpenVZ 028stab091. 1
Description:
--------------------------------------------------------------------------------
Bugtraq id: 46793
Cve id: CVE-2011-1093
Linux Kernel is the Kernel of the Linux operating system.
Linux Kernel has a remote denial of service vulnerability in the implementation of NULL pointer reference. Remote attackers can exploit this vulnerability to cause the affected Kernel to crash.
Dccp_rcv_state_process () is acceptable after the socket is closed. After it is disabled, the reset does not prevent operations on the discarded socket, which can cause NULL pointer reference.
<* Source: Gerrit Renker
Link: http://git.kernel.org /? P = linux/kernel/git/torvalds/linux-2.6.git; a = commitdiff; h = 720dc34bbbe9493c7bd48b2243058b4e447a929d
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Linux
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.kernel.org/