Our server will shortly be patched to avoid the following vulnerability. Multiple vulnerabilities have been reported in Linux Kernel, which can be exploited by malicious people to potentially compromise a vulnerable system.
The vulnerabilities are caused due to an error in the "dccp_new()", "dccp_packet()", and "dccp_error()" functions (net/netfilter/nf_conntrack_proto_dccp.c), which can be exploited to corrupt kernel stack memory via specially crafted DCCP packets.
Successful exploitation may allow execution of arbitrary code with kernel privileges.
The vulnerabilities are reported in versions 220.127.116.11, 3.2.55, 3.4.83, 3.10.33, 3.12.14, and 3.13.6.
Fixed in the source code repository.
Provided and/or discovered by:
Reported by the vendor.