- Home
- CVEs with nessus.description==This+update+fixes+the+CVEs+described+below.%0A%0ACVE-2015-0272%0A%0AIt+was+discovered+that+NetworkManager+would+set+IPv6+MTUs+based+on+the+values+received+in+IPv6+RAs+%28Router+Advertisements%29%2C+without+sufficiently+validating+these+values.+A+remote+attacker+could+exploit+this+attack+to+disable+IPv6+connectivity.+This+has+been+mitigated+by+adding+validation+in+the+kernel.%0A%0ACVE-2015-5156%0A%0AJason+Wang+discovered+that+when+a+virtio_net+device+is+connected+to+a+bridge+in+the+same+VM%2C+a+series+of+TCP+packets+forwarded+through+the+bridge+may+cause+a+heap+buffer+overflow.+A+remote+attacker+could+use+this+to+cause+a+denial+of+service+%28crash%29+or+possibly+for+privilege+escalation.%0A%0ACVE-2015-5364%0A%0AIt+was+discovered+that+the+Linux+kernel+does+not+properly+handle+invalid+UDP+checksums.+A+remote+attacker+could+exploit+this+flaw+to+cause+a+denial+of+service+using+a+flood+of+UDP+packets+with+invalid+checksums.%0A%0ACVE-2015-5366%0A%0AIt+was+discovered+that+the+Linux+kernel+does+not+properly+handle+invalid+UDP+checksums.+A+remote+attacker+can+cause+a+denial+of+service+against+applications+that+use+epoll+by+injecting+a+single+packet+with+an+invalid+checksum.%0A%0ACVE-2015-5697%0A%0AA+flaw+was+discovered+in+the+md+driver+in+the+Linux+kernel+leading+to+an+information+leak.%0A%0ACVE-2015-5707%0A%0AAn+integer+overflow+in+the+SCSI+generic+driver+in+the+Linux+kernel+was+discovered.+A+local+user+with+write+permission+on+a+SCSI+generic+device+could+potentially+exploit+this+flaw+for+privilege+escalation.%0A%0ACVE-2015-6937%0A%0AIt+was+found+that+the+Reliable+Datagram+Sockets+%28RDS%29+protocol+implementation+did+not+verify+that+an+underlying+transport+exists+when+creating+a+connection.+Depending+on+how+a+local+RDS+application+initialised+its+sockets%2C+a+remote+attacker+might+be+able+to+cause+a+denial+of+service+%28crash%29+by+sending+a+crafted+packet.%0A%0AFor+the+oldoldstable+distribution+%28squeeze%29%2C+these+problems+have+been+fixed+in+version+2.6.32-48squeeze14.%0A%0AFor+the+oldstable+distribution+%28wheezy%29%2C+these+problems+have+been+fixed+in+version+3.2.68-1%2Bdeb7u4+or+earlier.%0A%0AFor+the+stable+distribution+%28jessie%29%2C+these+problems+have+been+fixed+in+version+3.16.7-ckt11-1%2Bdeb8u4+or+earlier.%0A%0ANOTE%3A+Tenable+Network+Security+has+extracted+the+preceding+description+block+directly+from+the+DLA+security+advisory.+Tenable+has+attempted+to+automatically+clean+and+format+it+as+much+as+possible+without+introducing+additional+issues
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top