Your submission was sent successfully! Close

CVE-2015-0272

Published: 03 September 2015

GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215.

From the Ubuntu security team

It was discovered that the Linux kernel did not check if a new IPv6 MTU set by a user space application was valid. A remote attacker could forge a route advertisement with an invalid MTU that a user space daemon like NetworkManager would honor and apply to the kernel, causing a denial of service.

Priority

Medium

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
Upstream
Released (4.0~rc3)
Patches:
Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Fixed by 77751427a1ff25b27d47a4c36b12c3c8667855ac
linux-armadaxp
Launchpad, Ubuntu, Debian
Upstream
Released (4.0~rc3)
This package is not directly supported by the Ubuntu Security Team
linux-aws
Launchpad, Ubuntu, Debian
Upstream
Released (4.0~rc3)
linux-ec2
Launchpad, Ubuntu, Debian
Upstream
Released (4.0~rc3)
linux-flo
Launchpad, Ubuntu, Debian
Upstream
Released (4.0~rc3)
linux-fsl-imx51
Launchpad, Ubuntu, Debian
Upstream
Released (4.0~rc3)
linux-gke
Launchpad, Ubuntu, Debian
Upstream
Released (4.0~rc3)
linux-goldfish
Launchpad, Ubuntu, Debian
Upstream
Released (4.0~rc3)
linux-grouper
Launchpad, Ubuntu, Debian
Upstream
Released (4.0~rc3)
linux-hwe
Launchpad, Ubuntu, Debian
Upstream
Released (4.0~rc3)
linux-hwe-edge
Launchpad, Ubuntu, Debian
Upstream
Released (4.0~rc3)
linux-linaro-omap
Launchpad, Ubuntu, Debian
Upstream
Released (4.0~rc3)
linux-linaro-shared
Launchpad, Ubuntu, Debian
Upstream
Released (4.0~rc3)
linux-linaro-vexpress
Launchpad, Ubuntu, Debian
Upstream
Released (4.0~rc3)
linux-lts-quantal
Launchpad, Ubuntu, Debian
Upstream
Released (4.0~rc3)
This package is not directly supported by the Ubuntu Security Team
linux-lts-raring
Launchpad, Ubuntu, Debian
Upstream
Released (4.0~rc3)
linux-lts-saucy
Launchpad, Ubuntu, Debian
Upstream
Released (4.0~rc3)
This package is not directly supported by the Ubuntu Security Team
linux-lts-trusty
Launchpad, Ubuntu, Debian
Upstream
Released (4.0~rc3)
linux-lts-utopic
Launchpad, Ubuntu, Debian
Upstream
Released (4.0~rc3)
linux-lts-vivid
Launchpad, Ubuntu, Debian
Upstream
Released (4.0~rc3)
linux-lts-wily
Launchpad, Ubuntu, Debian
Upstream
Released (4.0~rc3)
linux-lts-xenial
Launchpad, Ubuntu, Debian
Upstream
Released (4.0~rc3)
linux-maguro
Launchpad, Ubuntu, Debian
Upstream
Released (4.0~rc3)
linux-mako
Launchpad, Ubuntu, Debian
Upstream
Released (4.0~rc3)
linux-manta
Launchpad, Ubuntu, Debian
Upstream
Released (4.0~rc3)
linux-mvl-dove
Launchpad, Ubuntu, Debian
Upstream
Released (4.0~rc3)
linux-qcm-msm
Launchpad, Ubuntu, Debian
Upstream
Released (4.0~rc3)
linux-raspi2
Launchpad, Ubuntu, Debian
Upstream
Released (4.0~rc3)
linux-snapdragon
Launchpad, Ubuntu, Debian
Upstream
Released (4.0~rc3)
linux-ti-omap4
Launchpad, Ubuntu, Debian
Upstream
Released (4.0~rc3)
network-manager
Launchpad, Ubuntu, Debian
Upstream Needed

Patches:
Upstream: http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=d5fc88e573fa58b93034b04d35a2454f5d28cad9

Notes

AuthorNote
jdstrand
android kernels (flo, goldfish, grouper, maguro, mako and manta) are
not supported on the Ubuntu Touch 14.10 and earlier preview kernels
linux-lts-saucy no longer receives official support
linux-lts-quantal no longer receives official support
mdeslaur
introduced in network-manager 1.0.0 by
http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=7d5779300450bc2602ba4f7f472ebfa58bea3571

References

Bugs