Submit your Linux news story here.

CVE-2016-10229: Critical vulnerability in Linux UDP packet processing

This is a bad one. If you are using Linux kernels version 4.5 or older this vulnerability allow remote attackers to execute code via UDP traffic.

From the announcement page:

udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag.

From RHEL:

A flaw was found in the Linux kernel which allows remote attackers to crash the system or corrupt kernel memory, possibly leading to arbitrary code execution, via UDP traffic that triggers an unsafe second checksum calculation during the execution of a recv system call with the MSG_PEEK flag.

Patch your server/desktop ASAP and stay safe.

Comments on this entry are closed.