On Thu, Jun 20, 2013 at 11:20:31AM +0200, Florian Westphal wrote:
> Phil Oester <kernel@xxxxxxxxxxxx> wrote:
> > In commit 4cdd3408 ("netfilter: nf_conntrack_ipv6: improve fragmentation
> > handling"), an sk_buff leak was introduced when dealing with reassembled
> > packets by grabbing a reference to the original skb instead of the
> > reassembled skb. At this point, the leak only impacted conntracks with an
> > associated helper.
>
> David, could you please apply this patch directly in case Pablo doesn't
> apply it first? This fixes a remote DoS, so it better hit -stable ASAP.
I'll take care of it.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
