What is the vulnerability ID of this security advisory?

The vulnerability ID of this security advisory is USN-2776-1.

What is the severity of USN-2776-1?

The severity of USN-2776-1 is not specified in the security advisory.

How can a remote attacker exploit this vulnerability?

A remote attacker can exploit this vulnerability by forging a route advertisement with an invalid MTU.

What is the impact of this vulnerability?

The impact of this vulnerability is a denial of service.

How can I fix this vulnerability?

To fix this vulnerability, update the Linux kernel to version 3.13.0-66.108 or higher.

Vulnerability/
USN-2776-1

CWE

476

19/10/2015

USN-2776-1: Linux kernel vulnerabilities

First published: Mon Oct 19 2015(Updated: )

It was discovered that the Linux kernel did not check if a new IPv6 MTU set by a user space application was valid. A remote attacker could forge a route advertisement with an invalid MTU that a user space daemon like NetworkManager would honor and apply to the kernel, causing a denial of service. (CVE-2015-0272) It was discovered that virtio networking in the Linux kernel did not handle fragments correctly, leading to kernel memory corruption. A remote attacker could use this to cause a denial of service (system crash) or possibly execute code with administrative privileges. (CVE-2015-5156) It was discovered that the Reliable Datagram Sockets (RDS) implementation in the Linux kernel did not verify sockets were properly bound before attempting to send a message, which could cause a NULL pointer dereference. An attacker could use this to cause a denial of service (system crash). (CVE-2015-6937) Ben Hutchings discovered that the Advanced Union Filesystem (aufs) for the Linux kernel did not correctly handle references of memory mapped files from an aufs mount. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2015-7312)

Affected Software	Affected Version	How to fix
All of
ubuntu/linux-image-3.13.0-66-generic	<3.13.0-66.108	3.13.0-66.108
	=14.04
All of
ubuntu/linux-image-3.13.0-66-generic-lpae	<3.13.0-66.108	3.13.0-66.108
	=14.04
All of
ubuntu/linux-image-3.13.0-66-lowlatency	<3.13.0-66.108	3.13.0-66.108
	=14.04
All of
ubuntu/linux-image-3.13.0-66-powerpc-e500	<3.13.0-66.108	3.13.0-66.108
	=14.04
All of
ubuntu/linux-image-3.13.0-66-powerpc-e500mc	<3.13.0-66.108	3.13.0-66.108
	=14.04
All of
ubuntu/linux-image-3.13.0-66-powerpc-smp	<3.13.0-66.108	3.13.0-66.108
	=14.04
All of
ubuntu/linux-image-3.13.0-66-powerpc64-emb	<3.13.0-66.108	3.13.0-66.108
	=14.04
All of
ubuntu/linux-image-3.13.0-66-powerpc64-smp	<3.13.0-66.108	3.13.0-66.108
	=14.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the vulnerability ID of this security advisory?
The vulnerability ID of this security advisory is USN-2776-1.
What is the severity of USN-2776-1?
The severity of USN-2776-1 is not specified in the security advisory.
How can a remote attacker exploit this vulnerability?
A remote attacker can exploit this vulnerability by forging a route advertisement with an invalid MTU.
What is the impact of this vulnerability?
The impact of this vulnerability is a denial of service.
How can I fix this vulnerability?
To fix this vulnerability, update the Linux kernel to version 3.13.0-66.108 or higher.

agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/severity
agent/softwarecombine
agent/tags
agent/title
agent/type
agent/weakness
collector/usn
source/Ubuntu
anchor-related/USN-2797-1
anchor-related/USN-2796-1
anchor-related/USN-2779-1
anchor-related/USN-2778-1
anchor-related/USN-2775-1
anchor-related/USN-2792-1
anchor-related/USN-2777-1
anchor-related/USN-2773-1
anchor-related/USN-2774-1
agent/software-canonical-lookup
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu ubuntu
version/ubuntu ubuntu/14.04