Ubuntu

CVE-2013-4125

Reported by John Johansen on 2013-07-19
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Medium
Unassigned
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Raring
Medium
Unassigned
Saucy
Medium
Unassigned
linux-armadaxp (Ubuntu)
Medium
Unassigned
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Raring
Medium
Unassigned
Saucy
Medium
Unassigned
linux-ec2 (Ubuntu)
Medium
Unassigned
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Raring
Medium
Unassigned
Saucy
Medium
Unassigned
linux-fsl-imx51 (Ubuntu)
Medium
Unassigned
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Raring
Medium
Unassigned
Saucy
Medium
Unassigned
linux-lts-backport-maverick (Ubuntu)
Undecided
Unassigned
Lucid
Undecided
Unassigned
Precise
Undecided
Unassigned
Quantal
Undecided
Unassigned
Raring
Undecided
Unassigned
Saucy
Undecided
Unassigned
linux-lts-backport-natty (Ubuntu)
Undecided
Unassigned
Lucid
Undecided
Unassigned
Precise
Undecided
Unassigned
Quantal
Undecided
Unassigned
Raring
Undecided
Unassigned
Saucy
Undecided
Unassigned
linux-lts-quantal (Ubuntu)
Medium
Unassigned
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Raring
Medium
Unassigned
Saucy
Medium
Unassigned
linux-lts-raring (Ubuntu)
Medium
Unassigned
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Raring
Medium
Unassigned
Saucy
Medium
Unassigned
linux-mvl-dove (Ubuntu)
Medium
Unassigned
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Raring
Medium
Unassigned
Saucy
Medium
Unassigned
linux-ti-omap4 (Ubuntu)
Medium
Unassigned
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Raring
Medium
Unassigned
Saucy
Medium
Unassigned

Bug Description

The fib6_add_rt2node function in net/ipv6/ip6_fib.c in the IPv6 stack in the Linux kernel through 3.10.1 does not properly handle Router Advertisement (RA) messages in certain circumstances involving three routes that initially qualified for membership in an ECMP route set until a change occurred for one of the first two routes, which allows remote attackers to cause a denial of service (system crash) via a crafted sequence of messages.

Break-Fix: 51ebd3181572af8d5076808dab2682d800f6da5d 307f2fb95e9b96b3577916e73d92e104f8f26494

John Johansen (jjohansen) wrote :

CVE-2013-4125

tags: added: kernel-cve-tracking-bug
information type: Public → Public Security
Changed in linux-armadaxp (Ubuntu Lucid):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Saucy):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Raring):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Precise):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Saucy):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Quantal):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Raring):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Saucy):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Raring):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Precise):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Saucy):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Quantal):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Raring):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Lucid):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Precise):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Saucy):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Quantal):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Raring):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Saucy):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Raring):
status: New → Invalid
description: updated
Changed in linux-armadaxp (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Precise):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Quantal):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Precise):
status: New → Invalid
Changed in linux (Ubuntu Precise):
status: New → Invalid
Changed in linux (Ubuntu Lucid):
status: New → Invalid
Changed in linux (Ubuntu Quantal):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Precise):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Saucy):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Quantal):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Raring):
status: New → Invalid
Changed in linux (Ubuntu Raring):
status: New → Fix Committed
Changed in linux (Ubuntu Saucy):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Precise):
status: New → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (12.6 KiB)

This bug was fixed in the package linux - 3.8.0-29.42

---------------
linux (3.8.0-29.42) raring; urgency=low

  [Brad Figg]

  * Release Tracking Bug
    - LP: #1211934

  [ Upstream Kernel Changes ]

  * Revert "veth: avoid a NULL deref in veth_stats_one"
  * Revert "veth: extend device features"
  * Revert "veth: reduce stat overhead"

linux (3.8.0-28.41) raring; urgency=low

  [Brad Figg]

  * Release Tracking Bug
    - LP: #1205373

  [ Andy Whitcroft ]

  * [Config] add iwldvm to nic-modules
    - LP: #1204194

  [ Brad Figg ]

  * [Config] added qlcnic driver to d-i modules
    - LP: #1196597

  [ Rob Herring ]

  * SAUCE: ARM: highbank: Only touch common coherency control register
    fields
    - LP: #1196946

  [ Upstream Kernel Changes ]

  * hp-wmi: add more definitions for new event_id's
    - LP: #1152458
  * MFD: rtsx_pcr: Fix probe fail path
    - LP: #1201321
  * mfd: rtsx: Add support for RTL8411B
    - LP: #1201321
  * veth: reduce stat overhead
    - LP: #1201869
  * veth: extend device features
    - LP: #1201869
  * veth: avoid a NULL deref in veth_stats_one
    - LP: #1201869
  * Input: elantech - fix for newer hardware versions (v7)
    - LP: #1166442
  * UBIFS: correct mount message
    - LP: #1204666
  * zfcp: fix adapter (re)open recovery while link to SAN is down
    - LP: #1204666
  * zfcp: block queue limits with data router
    - LP: #1204666
  * zfcp: status read buffers on first adapter open with link down
    - LP: #1204666
  * ahci: Add AMD CZ SATA device ID
    - LP: #1204666
  * i2c-piix4: Add AMD CZ SMBus device ID
    - LP: #1204666
  * sata_highbank: increase retry count but shorten duration for Calxeda
    controller
    - LP: #1204666
  * clocksource: dw_apb: Fix error check
    - LP: #1204666
  * zram: avoid invalid memory access in zram_exit()
    - LP: #1204666
  * zram: use zram->lock to protect zram_free_page() in swap free notify
    path
    - LP: #1204666
  * zram: destroy all devices on error recovery path in zram_init()
    - LP: #1204666
  * zram: avoid access beyond the zram device
    - LP: #1204666
  * zram: protect sysfs handler from invalid memory access
    - LP: #1204666
  * pcmcia: at91_cf: fix gpio_get_value in at91_cf_get_status
    - LP: #1204666
  * PCI: Fix refcount issue in pci_create_root_bus() error recovery path
    - LP: #1204666
  * ahci: remove pmp link online check in FBS EH
    - LP: #1204666
  * usb: gadget: f_mass_storage: add missing memory barrier for
    thread_wakeup_needed
    - LP: #1204666
  * x86, efi: retry ExitBootServices() on failure
    - LP: #1204666
  * libata: skip SRST for all SIMG [34]7x port-multipliers
    - LP: #1204666
  * ASoC: wm8962: Remove remaining direct register cache accesses
    - LP: #1204666
  * xen/pcifront: Deal with toolstack missing 'XenbusStateClosing' state.
    - LP: #1204666
  * ACPICA: Do not use extended sleep registers unless HW-reduced bit is
    set
    - LP: #1204666
  * ALSA: hda - Cache the MUX selection for generic HDMI
    - LP: #1204666
  * cgroup: fix umount vs cgroup_cfts_commit() race
    - LP: #1204666
  * cgroup: fix umount vs cgroup_event_remove() race
    - LP: #1204666
  * xhci: check for failed dma pool al...

Changed in linux (Ubuntu Raring):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (12.6 KiB)

This bug was fixed in the package linux-lts-raring - 3.8.0-29.42~precise1

---------------
linux-lts-raring (3.8.0-29.42~precise1) precise; urgency=low

  [Brad Figg]

  * Release Tracking Bug
    - LP: #1212057

  [ Upstream Kernel Changes ]

  * Revert "veth: avoid a NULL deref in veth_stats_one"
  * Revert "veth: extend device features"
  * Revert "veth: reduce stat overhead"

linux (3.8.0-28.41) raring; urgency=low

  [Brad Figg]

  * Release Tracking Bug
    - LP: #1205373

  [ Andy Whitcroft ]

  * [Config] add iwldvm to nic-modules
    - LP: #1204194

  [ Brad Figg ]

  * [Config] added qlcnic driver to d-i modules
    - LP: #1196597

  [ Rob Herring ]

  * SAUCE: ARM: highbank: Only touch common coherency control register
    fields
    - LP: #1196946

  [ Upstream Kernel Changes ]

  * hp-wmi: add more definitions for new event_id's
    - LP: #1152458
  * MFD: rtsx_pcr: Fix probe fail path
    - LP: #1201321
  * mfd: rtsx: Add support for RTL8411B
    - LP: #1201321
  * veth: reduce stat overhead
    - LP: #1201869
  * veth: extend device features
    - LP: #1201869
  * veth: avoid a NULL deref in veth_stats_one
    - LP: #1201869
  * Input: elantech - fix for newer hardware versions (v7)
    - LP: #1166442
  * UBIFS: correct mount message
    - LP: #1204666
  * zfcp: fix adapter (re)open recovery while link to SAN is down
    - LP: #1204666
  * zfcp: block queue limits with data router
    - LP: #1204666
  * zfcp: status read buffers on first adapter open with link down
    - LP: #1204666
  * ahci: Add AMD CZ SATA device ID
    - LP: #1204666
  * i2c-piix4: Add AMD CZ SMBus device ID
    - LP: #1204666
  * sata_highbank: increase retry count but shorten duration for Calxeda
    controller
    - LP: #1204666
  * clocksource: dw_apb: Fix error check
    - LP: #1204666
  * zram: avoid invalid memory access in zram_exit()
    - LP: #1204666
  * zram: use zram->lock to protect zram_free_page() in swap free notify
    path
    - LP: #1204666
  * zram: destroy all devices on error recovery path in zram_init()
    - LP: #1204666
  * zram: avoid access beyond the zram device
    - LP: #1204666
  * zram: protect sysfs handler from invalid memory access
    - LP: #1204666
  * pcmcia: at91_cf: fix gpio_get_value in at91_cf_get_status
    - LP: #1204666
  * PCI: Fix refcount issue in pci_create_root_bus() error recovery path
    - LP: #1204666
  * ahci: remove pmp link online check in FBS EH
    - LP: #1204666
  * usb: gadget: f_mass_storage: add missing memory barrier for
    thread_wakeup_needed
    - LP: #1204666
  * x86, efi: retry ExitBootServices() on failure
    - LP: #1204666
  * libata: skip SRST for all SIMG [34]7x port-multipliers
    - LP: #1204666
  * ASoC: wm8962: Remove remaining direct register cache accesses
    - LP: #1204666
  * xen/pcifront: Deal with toolstack missing 'XenbusStateClosing' state.
    - LP: #1204666
  * ACPICA: Do not use extended sleep registers unless HW-reduced bit is
    set
    - LP: #1204666
  * ALSA: hda - Cache the MUX selection for generic HDMI
    - LP: #1204666
  * cgroup: fix umount vs cgroup_cfts_commit() race
    - LP: #1204666
  * cgroup: fix umount vs cgroup_event_remove() race
    - LP: #12046...

Changed in linux-lts-raring (Ubuntu Precise):
status: Fix Committed → Fix Released
Jamie Strandboge (jdstrand) wrote :

Thank you for reporting this bug to Ubuntu. lucid has reached EOL
(End of Life) for this package and is no longer supported. As
a result, this bug against lucid is being marked "Won't Fix".
Please see https://wiki.ubuntu.com/Releases for currently
supported Ubuntu releases.

Please feel free to report any other bugs you may find.

Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: New → Won't Fix
Jamie Strandboge (jdstrand) wrote :

Thank you for reporting this bug to Ubuntu. precise has reached EOL
(End of Life) for this package and is no longer supported. As
a result, this bug against precise is being marked "Won't Fix".
Please see https://wiki.ubuntu.com/Releases for currently
supported Ubuntu releases.

Please feel free to report any other bugs you may find.

Changed in linux-lts-backport-natty (Ubuntu Precise):
status: New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status: New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Precise):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Quantal):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Raring):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Saucy):
status: New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Quantal):
status: New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Raring):
status: New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Saucy):
status: New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu):
status: New → Won't Fix
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers