| 1 | = CVE-2016-10229: Linux kernel, UDP and use of MSG_PEEK = |
| 2 | |
| 3 | Systems running '''only''' an OpenVPN instance listening on a UDP port should not be impacted by this CVE. OpenVPN does not make use of the MSG_PEEK feature when processing packets from a remote system. |
| 4 | |
| 5 | = References = |
| 6 | * http://www.securityfocus.com/bid/97397 |
| 7 | * https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=197c949e7798fbf28cfadc69d9ca0c2abbf93191 |
| 8 | |
| 9 | == Distribution notes == |
| 10 | * Red Hat Enterprise Linux: https://access.redhat.com/solutions/3001781 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-10229 |
| 11 | * SUSE Enterprise Linux: https://www.suse.com/security/cve/CVE-2016-10229/ |
| 12 | * Debian: https://security-tracker.debian.org/tracker/CVE-2016-10229 |
| 13 | * Ubuntu: https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10229.html |
| 14 | * Arch: https://security.archlinux.org/CVE-2016-10229 |
| 15 | * Android: https://source.android.com/security/bulletin/2017-04-01 |