USN-2563-1

Description

linux vulnerabilities Sun Baoliang discovered a use after free flaw in the Linux kernel's SCTP (Stream Control Transmission Protocol) subsystem during INIT collisions. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges on the system. (CVE-2015-1421) Marcelo Leitner discovered a flaw in the Linux kernel's routing of packets to too many different dsts/too fast. A remote attacker on the same subnet can exploit this flaw to cause a denial of service (system crash). (CVE-2015-1465) An integer overflow was discovered in the stack randomization feature of the Linux kernel on 64 bit platforms. A local attacker could exploit this flaw to bypass the Address Space Layout Randomization (ASLR) protection mechanism. (CVE-2015-1593) An information leak was discovered in the Linux Kernel's handling of userspace configuration of the link layer control (LLC). A local user could exploit this flaw to read data from other sysctl settings. (CVE-2015-2041) An information leak was discovered in how the Linux kernel handles setting the Reliable Datagram Sockets (RDS) settings. A local user could exploit this flaw to read data from other sysctl settings. (CVE-2015-2042)

Affected Systems

• ubuntu•linux

  < 3.13.0-49.81

References (6)

• https://ubuntu.com/security/notices/USN-2563-1
• https://ubuntu.com/security/CVE-2015-1421
• https://ubuntu.com/security/CVE-2015-1465
• https://ubuntu.com/security/CVE-2015-1593
• https://ubuntu.com/security/CVE-2015-2041
• https://ubuntu.com/security/CVE-2015-2042