kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #125710
[Bug 1441103] Re: CVE-2015-2922
Dear Ubuntu team,
this fix does NOT work within linux-image-extra-3.19.0-21-generic and
does NOT work within linux-image-3.19.8-031908-generic. Something
strange happens, if enabling the wlan1 interface with the network-
manager gui: The kernel variable /proc/sys/net/ipv6/conf/wlan1/hop_limit
gets zero after connecting to a configured wlan. IPV6 is not working,
because of hop limitation, only a link local default gateway is set.
Maybe several other packages are involved, but I can not fiddle it out.
system info:
ubuntu vivid
Linux laptop-stefan 3.19.8-031908-generic #201505110938 SMP Mon May 11 13:39:59 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
lsmod
Module Size Used by
ctr 13193 3
ccm 17856 3
xt_CHECKSUM 12549 1
iptable_mangle 12734 1
ipt_MASQUERADE 12678 3
nf_nat_masquerade_ipv4 13412 1 ipt_MASQUERADE
iptable_nat 12875 1
nf_nat_ipv4 14267 1 iptable_nat
nf_nat 26308 2 nf_nat_ipv4,nf_nat_masquerade_ipv4
nf_conntrack_ipv4 18953 2
nf_defrag_ipv4 12758 1 nf_conntrack_ipv4
xt_conntrack 12760 1
nf_conntrack 105683 5 nf_nat,nf_nat_ipv4,xt_conntrack,nf_nat_masquerade_ipv4,nf_conntrack_ipv4
ipt_REJECT 12541 2
nf_reject_ipv4 13183 1 ipt_REJECT
xt_tcpudp 12924 6
bridge 114479 0
stp 12976 1 bridge
llc 14441 2 stp,bridge
ebtable_filter 12827 0
ebtables 35359 1 ebtable_filter
ip6table_filter 12815 0
ip6_tables 27504 1 ip6table_filter
iptable_filter 12810 1
ip_tables 27718 3 iptable_filter,iptable_mangle,iptable_nat
x_tables 34103 11 ip6table_filter,xt_CHECKSUM,ip_tables,xt_tcpudp,ipt_MASQUERADE,xt_conntrack,iptable_filter,ebtables,ipt_REJECT,iptable_mangle,ip6_tables
xfrm_user 36115 2
xfrm4_tunnel 12857 0
tunnel4 13252 1 xfrm4_tunnel
ipcomp 12790 0
xfrm_ipcomp 13606 1 ipcomp
esp4 17175 0
ah4 17133 0
af_key 36492 0
xfrm_algo 15394 5 ah4,esp4,af_key,xfrm_user,xfrm_ipcomp
binfmt_misc 18163 1
zram 24692 0
lz4_compress 12529 1 zram
snd_hda_codec_analog 19240 1
snd_hda_codec_generic 70069 1 snd_hda_codec_analog
arc4 12573 2
iwl3945 74519 0
pcmcia 62760 0
snd_hda_intel 30775 3
iwlegacy 105101 1 iwl3945
snd_hda_controller 35493 1 snd_hda_intel
snd_hda_codec 144641 4 snd_hda_codec_generic,snd_hda_intel,snd_hda_controller,snd_hda_codec_analog
coretemp 13638 0
mac80211 751896 2 iwl3945,iwlegacy
snd_hwdep 17709 1 snd_hda_codec
snd_pcm 106401 3 snd_hda_codec,snd_hda_intel,snd_hda_controller
joydev 17538 0
thinkpad_acpi 86562 0
i915 1087204 2
nvram 14413 1 thinkpad_acpi
lpc_ich 21176 0
serio_raw 13434 0
cfg80211 551242 3 iwl3945,iwlegacy,mac80211
snd_seq_midi 13564 0
snd_seq_midi_event 14899 1 snd_seq_midi
yenta_socket 45447 0
snd_rawmidi 31148 1 snd_seq_midi
pcmcia_rsrc 18591 1 yenta_socket
pcmcia_core 23715 3 pcmcia,pcmcia_rsrc,yenta_socket
snd_seq 63540 2 snd_seq_midi_event,snd_seq_midi
nsc_ircc 29832 0
drm_kms_helper 123797 1 i915
snd_seq_device 14875 3 snd_seq,snd_rawmidi,snd_seq_midi
snd_timer 30069 2 snd_pcm,snd_seq
irda 203831 1 nsc_ircc
drm 341489 4 i915,drm_kms_helper
snd 83976 17 snd_hwdep,snd_timer,snd_pcm,snd_seq,snd_rawmidi,snd_hda_codec_generic,snd_hda_codec,snd_hda_intel,thinkpad_acpi,snd_seq_device,snd_hda_codec_analog
8250_fintek 12924 0
crc_ccitt 12707 1 irda
soundcore 15091 2 snd,snd_hda_codec
shpchp 37216 0
i2c_algo_bit 13564 1 i915
video 24803 1 i915
mac_hid 13275 0
parport_pc 32909 0
ppdev 17711 0
sunrpc 334694 1
lp 17799 0
parport 42432 3 lp,ppdev,parport_pc
autofs4 39306 2
pata_acpi 13053 0
psmouse 118539 0
ahci 34220 2
libahci 32353 1 ahci
e1000e 230013 0
ptp 19534 1 e1000e
pps_core 19332 1 ptp
Please fix!
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1441103
Title:
CVE-2015-2922
Status in linux package in Ubuntu:
Fix Released
Status in linux-armadaxp package in Ubuntu:
Invalid
Status in linux-ec2 package in Ubuntu:
Invalid
Status in linux-flo package in Ubuntu:
New
Status in linux-fsl-imx51 package in Ubuntu:
Invalid
Status in linux-goldfish package in Ubuntu:
New
Status in linux-lts-backport-maverick package in Ubuntu:
New
Status in linux-lts-backport-natty package in Ubuntu:
New
Status in linux-lts-quantal package in Ubuntu:
Invalid
Status in linux-lts-raring package in Ubuntu:
Invalid
Status in linux-lts-saucy package in Ubuntu:
Invalid
Status in linux-lts-trusty package in Ubuntu:
Invalid
Status in linux-lts-utopic package in Ubuntu:
Invalid
Status in linux-lts-vivid package in Ubuntu:
Invalid
Status in linux-mako package in Ubuntu:
New
Status in linux-manta package in Ubuntu:
New
Status in linux-mvl-dove package in Ubuntu:
Invalid
Status in linux-ti-omap4 package in Ubuntu:
Invalid
Status in linux-lts-backport-maverick source package in Lucid:
Won't Fix
Status in linux-lts-backport-natty source package in Lucid:
Won't Fix
Status in linux source package in Precise:
Fix Released
Status in linux-armadaxp source package in Precise:
Fix Released
Status in linux-ec2 source package in Precise:
Invalid
Status in linux-flo source package in Precise:
Invalid
Status in linux-fsl-imx51 source package in Precise:
Invalid
Status in linux-goldfish source package in Precise:
Invalid
Status in linux-lts-backport-maverick source package in Precise:
New
Status in linux-lts-backport-natty source package in Precise:
New
Status in linux-lts-quantal source package in Precise:
Invalid
Status in linux-lts-raring source package in Precise:
Invalid
Status in linux-lts-saucy source package in Precise:
Invalid
Status in linux-lts-trusty source package in Precise:
Fix Released
Status in linux-lts-utopic source package in Precise:
Invalid
Status in linux-lts-vivid source package in Precise:
Invalid
Status in linux-mako source package in Precise:
Invalid
Status in linux-manta source package in Precise:
Invalid
Status in linux-mvl-dove source package in Precise:
Invalid
Status in linux-ti-omap4 source package in Precise:
Fix Released
Status in linux source package in Trusty:
Fix Released
Status in linux-armadaxp source package in Trusty:
Invalid
Status in linux-ec2 source package in Trusty:
Invalid
Status in linux-flo source package in Trusty:
Invalid
Status in linux-fsl-imx51 source package in Trusty:
Invalid
Status in linux-goldfish source package in Trusty:
Invalid
Status in linux-lts-backport-maverick source package in Trusty:
New
Status in linux-lts-backport-natty source package in Trusty:
New
Status in linux-lts-quantal source package in Trusty:
Invalid
Status in linux-lts-raring source package in Trusty:
Invalid
Status in linux-lts-saucy source package in Trusty:
Invalid
Status in linux-lts-trusty source package in Trusty:
Invalid
Status in linux-lts-utopic source package in Trusty:
Fix Released
Status in linux-lts-vivid source package in Trusty:
Fix Committed
Status in linux-mako source package in Trusty:
Invalid
Status in linux-manta source package in Trusty:
Invalid
Status in linux-mvl-dove source package in Trusty:
Invalid
Status in linux-ti-omap4 source package in Trusty:
Invalid
Status in linux source package in Utopic:
Fix Released
Status in linux-armadaxp source package in Utopic:
Invalid
Status in linux-ec2 source package in Utopic:
Invalid
Status in linux-flo source package in Utopic:
New
Status in linux-fsl-imx51 source package in Utopic:
Invalid
Status in linux-goldfish source package in Utopic:
New
Status in linux-lts-backport-maverick source package in Utopic:
New
Status in linux-lts-backport-natty source package in Utopic:
New
Status in linux-lts-quantal source package in Utopic:
Invalid
Status in linux-lts-raring source package in Utopic:
Invalid
Status in linux-lts-saucy source package in Utopic:
Invalid
Status in linux-lts-trusty source package in Utopic:
Invalid
Status in linux-lts-utopic source package in Utopic:
Invalid
Status in linux-lts-vivid source package in Utopic:
Invalid
Status in linux-mako source package in Utopic:
New
Status in linux-manta source package in Utopic:
New
Status in linux-mvl-dove source package in Utopic:
Invalid
Status in linux-ti-omap4 source package in Utopic:
Invalid
Status in linux source package in Vivid:
Fix Released
Status in linux-armadaxp source package in Vivid:
Invalid
Status in linux-ec2 source package in Vivid:
Invalid
Status in linux-flo source package in Vivid:
New
Status in linux-fsl-imx51 source package in Vivid:
Invalid
Status in linux-goldfish source package in Vivid:
New
Status in linux-lts-backport-maverick source package in Vivid:
New
Status in linux-lts-backport-natty source package in Vivid:
New
Status in linux-lts-quantal source package in Vivid:
Invalid
Status in linux-lts-raring source package in Vivid:
Invalid
Status in linux-lts-saucy source package in Vivid:
Invalid
Status in linux-lts-trusty source package in Vivid:
Invalid
Status in linux-lts-utopic source package in Vivid:
Invalid
Status in linux-lts-vivid source package in Vivid:
Invalid
Status in linux-mako source package in Vivid:
New
Status in linux-manta source package in Vivid:
New
Status in linux-mvl-dove source package in Vivid:
Invalid
Status in linux-ti-omap4 source package in Vivid:
Invalid
Status in linux source package in Wily:
Fix Released
Status in linux-armadaxp source package in Wily:
Invalid
Status in linux-ec2 source package in Wily:
Invalid
Status in linux-flo source package in Wily:
New
Status in linux-fsl-imx51 source package in Wily:
Invalid
Status in linux-goldfish source package in Wily:
New
Status in linux-lts-backport-maverick source package in Wily:
New
Status in linux-lts-backport-natty source package in Wily:
New
Status in linux-lts-quantal source package in Wily:
Invalid
Status in linux-lts-raring source package in Wily:
Invalid
Status in linux-lts-saucy source package in Wily:
Invalid
Status in linux-lts-trusty source package in Wily:
Invalid
Status in linux-lts-utopic source package in Wily:
Invalid
Status in linux-lts-vivid source package in Wily:
Invalid
Status in linux-mako source package in Wily:
New
Status in linux-manta source package in Wily:
New
Status in linux-mvl-dove source package in Wily:
Invalid
Status in linux-ti-omap4 source package in Wily:
Invalid
Bug description:
The ndisc_router_discovery function in net/ipv6/ndisc.c in the
Neighbor Discovery (ND) protocol implementation in the IPv6 stack in
the Linux kernel before 3.19.6 allows remote attackers to reconfigure
a hop-limit setting via a small hop_limit value in a Router
Advertisement (RA) message.
Break-Fix: - 6fd99094de2b83d1d4c8457f2c83483b2828e75a
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1441103/+subscriptions
References
