OVAL Reference oval:com.ubuntu.xenial:def:20134125000

Oval Definition:

oval:com.ubuntu.xenial:def:20134125000

Revision Date:	2013-07-15	Version:	1
Title:	CVE-2013-4125 on Ubuntu 16.04 LTS (xenial) - medium.
Description:	The fib6_add_rt2node function in net/ipv6/ip6_fib.c in the IPv6 stack in the Linux kernel through 3.10.1 does not properly handle Router Advertisement (RA) messages in certain circumstances involving three routes that initially qualified for membership in an ECMP route set until a change occurred for one of the first two routes, which allows remote attackers to cause a denial of service (system crash) via a crafted sequence of messages. Hannes Frederic Sowa discovered that the Linux kernel's IPv6 stack does not correctly handle Router Advertisement (RA) message in some cases. A remote attacker could exploit this flaw to cause a denial of service (system crash).
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2013-4125
Platform(s):	Ubuntu 16.04 LTS	Product(s):
Definition Synopsis
Ubuntu 16.04 LTS (xenial) is installed. AND Package Information NOT While related to the CVE in some way, the 'linux' package in xenial is not affected (note: '4.2.0-16.19'). OR NOT While related to the CVE in some way, the 'linux-aws' package in xenial is not affected (note: '4.4.0-1001.10'). OR NOT While related to the CVE in some way, the 'linux-flo' package in xenial is not affected. OR NOT While related to the CVE in some way, the 'linux-gke' package in xenial is not affected (note: '4.4.0-1003.3'). OR NOT While related to the CVE in some way, the 'linux-goldfish' package in xenial is not affected. OR NOT While related to the CVE in some way, the 'linux-hwe' package in xenial is not affected (note: '4.8.0-36.36~16.04.1'). OR NOT While related to the CVE in some way, the 'linux-hwe-edge' package in xenial is not affected (note: '4.8.0-36.36~16.04.1'). OR NOT While related to the CVE in some way, the 'linux-mako' package in xenial is not affected. OR NOT While related to the CVE in some way, the 'linux-raspi2' package in xenial is not affected (note: '4.2.0-1013.19'). OR NOT While related to the CVE in some way, the 'linux-snapdragon' package in xenial is not affected (note: '4.4.0-1012.12').

BACK