USN-2797-1

Description

linux-lts-utopic vulnerabilities It was discovered that the Linux kernel did not check if a new IPv6 MTU set by a user space application was valid. A remote attacker could forge a route advertisement with an invalid MTU that a user space daemon like NetworkManager would honor and apply to the kernel, causing a denial of service. (CVE-2015-0272) It was discovered that in certain situations, a directory could be renamed outside of a bind mounted location. An attacker could use this to escape bind mount containment and gain access to sensitive information. (CVE-2015-2925) Moein Ghasemzadeh discovered that the USB WhiteHEAT serial driver contained hardcoded attributes about the USB devices. An attacker could construct a fake WhiteHEAT USB device that, when inserted, causes a denial of service (system crash). (CVE-2015-5257) It was discovered that the SCTP protocol implementation in the Linux kernel performed an incorrect sequence of protocol-initialization steps. A local attacker could use this to cause a denial of service (system crash). (CVE-2015-5283)

Affected Systems

• ubuntu•linux-lts-utopic

  < 3.16.0-52.71~14.04.1

References (5)

• https://ubuntu.com/security/notices/USN-2797-1
• https://ubuntu.com/security/CVE-2015-0272
• https://ubuntu.com/security/CVE-2015-2925
• https://ubuntu.com/security/CVE-2015-5257
• https://ubuntu.com/security/CVE-2015-5283