Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2012-2744

Published: 10 July 2012

net/ipv6/netfilter/nf_conntrack_reasm.c in the Linux kernel before 2.6.34, when the nf_conntrack_ipv6 module is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via certain types of fragmented IPv6 packets.

From the Ubuntu Security Team

An error was found in the Linux kernel's IPv6 netfilter when connection tracking is enabled. A remote attacker could exploit this flaw to crash a system if it is using IPv6 with the nf_contrack_ipv6 kernel module loaded.

Notes

AuthorNote
jdstrand 
linux-armadaxp is maintained by OEM
commit is from 2010. Ubuntu 10.04 LTS confirmed as not affected
downgrading to 'medium' (and therefore will follow the standard
kernel cadence update process). This is a 2 year old fix that only affects
Ubuntu 8.04 LTS when using IPv6.
Priority

Medium

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian 		hardy
Released (2.6.24-32.104)
lucid Not vulnerable

natty Not vulnerable

oneiric Not vulnerable

precise Not vulnerable
(3.1.0-1.1)
upstream
Released (2.6.34~rc1)
Patches:
vendor: https://rhn.redhat.com/errata/RHSA-2012-1064.html
Introduced by

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Fixed by 9e2dcf72023d1447f09c47d77c99b0c49659e5ce
linux-armadaxp
Launchpad, Ubuntu, Debian 		hardy Does not exist

lucid Does not exist

natty Does not exist

oneiric Does not exist

precise Not vulnerable
(3.2.0-1600.1)
upstream
Released (2.6.34~rc1)
linux-ec2
Launchpad, Ubuntu, Debian 		hardy Does not exist

lucid Not vulnerable

natty Does not exist

oneiric Does not exist

precise Does not exist

upstream
Released (2.6.34~rc1)
linux-fsl-imx51
Launchpad, Ubuntu, Debian 		hardy Does not exist

lucid Ignored
(reached end-of-life, does not affect buildd)
natty Does not exist

oneiric Does not exist

precise Does not exist

upstream
Released (2.6.34~rc1)
linux-linaro-omap
Launchpad, Ubuntu, Debian 		hardy Does not exist

lucid Does not exist

natty Ignored
(abandoned)
oneiric Ignored
(abandoned)
precise Ignored
(abandoned)
upstream
Released (2.6.34~rc1)
linux-linaro-shared
Launchpad, Ubuntu, Debian 		hardy Does not exist

lucid Does not exist

natty Does not exist

oneiric Ignored
(abandoned)
precise Ignored
(abandoned)
upstream
Released (2.6.34~rc1)
linux-linaro-vexpress
Launchpad, Ubuntu, Debian 		hardy Does not exist

lucid Does not exist

natty Ignored
(abandoned)
oneiric Ignored
(abandoned)
precise Ignored
(abandoned)
upstream
Released (2.6.34~rc1)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian 		hardy Does not exist

lucid Ignored
(reached end-of-life)
natty Does not exist

oneiric Does not exist

precise Does not exist

upstream
Released (2.6.34~rc1)
linux-lts-backport-natty
Launchpad, Ubuntu, Debian 		hardy Does not exist

lucid Not vulnerable

natty Does not exist

oneiric Does not exist

precise Does not exist

upstream
Released (2.6.34~rc1)
linux-lts-backport-oneiric
Launchpad, Ubuntu, Debian 		hardy Does not exist

lucid Not vulnerable

natty Does not exist

oneiric Does not exist

precise Does not exist

upstream
Released (2.6.34~rc1)
linux-mvl-dove
Launchpad, Ubuntu, Debian 		hardy Does not exist

lucid Ignored
(reached end-of-life)
natty Does not exist

oneiric Does not exist

precise Does not exist

upstream
Released (2.6.34~rc1)
linux-qcm-msm
Launchpad, Ubuntu, Debian 		hardy Does not exist

lucid Ignored
(abandoned)
natty Ignored
(abandoned)
oneiric Ignored
(abandoned)
precise Ignored
(abandoned)
upstream
Released (2.6.34~rc1)
linux-ti-omap4
Launchpad, Ubuntu, Debian 		hardy Does not exist

lucid Does not exist

natty Not vulnerable

oneiric Not vulnerable

precise Not vulnerable
(3.0.0-1401.2)
upstream
Released (2.6.34~rc1)

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading