Bug 942149 (CVE-2015-6496) - VUL-0: CVE-2015-6496: conntrack-tools: conntrackd crash on unexpected network traffic
Summary: VUL-0: CVE-2015-6496: conntrack-tools: conntrackd crash on unexpected network...
Status: RESOLVED FIXED
Alias: CVE-2015-6496
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/126550/
Whiteboard: CVSSv2:RedHat:CVE-2015-6496:5.0:(AV:N...
Keywords:
Depends on:
Blocks:
 
Reported: 2015-08-18 14:10 UTC by Alexander Bergmann
Modified: 2016-04-27 19:44 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2015-08-18 14:10:59 UTC 
via rh#1253755

It was discovered that conntrackd would crash if it encountered network
traffic with an IP protocol type for which the corresponding kernel module
was not loaded.

Upstream commit:

https://git.netfilter.org/conntrack-tools/commit/?id=c392c159605956c7bd4a264ab4490e2b2704c0cd

CVE request on oss-security:

http://www.openwall.com/lists/oss-security/2015/08/14/4

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1253755
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6496
http://seclists.org/oss-sec/2015/q3/380
Comment 1 Bernhard Wiedemann 2015-08-18 15:00:11 UTC 
This is an autogenerated message for OBS integration:
This bug (942149) was mentioned in
https://build.opensuse.org/request/show/324127 13.2 / conntrack-tools
Comment 3 Swamp Workflow Management 2015-08-18 22:00:16 UTC 
bugbot adjusting priority
Comment 4 Swamp Workflow Management 2015-09-11 14:09:53 UTC 
SUSE-SU-2015:1545-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 942149,944339
CVE References: CVE-2015-6496
Sources used:
SUSE OpenStack Cloud Compute 5 (src):    conntrack-tools-1.4.2-5.2, libnetfilter_cthelper-1.0.0-7.1, libnetfilter_cttimeout-1.0.0-9.1
SUSE Linux Enterprise Software Development Kit 12 (src):    libnetfilter_cthelper-1.0.0-7.1, libnetfilter_cttimeout-1.0.0-9.1
SUSE Linux Enterprise High Availability 12 (src):    conntrack-tools-1.4.2-5.2, libnetfilter_cthelper-1.0.0-7.1, libnetfilter_cttimeout-1.0.0-9.1
Comment 5 Andreas Stieger 2015-10-05 16:28:37 UTC 
SLE is done, openSUSE was stuck. Taking and finishing.
Comment 6 Bernhard Wiedemann 2015-10-05 17:00:11 UTC 
This is an autogenerated message for OBS integration:
This bug (942149) was mentioned in
https://build.opensuse.org/request/show/336569 13.2+13.1 / conntrack-tools
Comment 7 Swamp Workflow Management 2015-10-05 17:10:21 UTC 
SUSE-SU-2015:1683-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 942149
CVE References: CVE-2015-6496
Sources used:
SUSE Linux Enterprise High Availability Extension 11-SP4 (src):    conntrack-tools-1.0.0-0.9.1
SUSE Linux Enterprise High Availability Extension 11-SP3 (src):    conntrack-tools-1.0.0-0.9.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    conntrack-tools-1.0.0-0.9.1
Comment 8 Andreas Stieger 2015-10-06 07:07:19 UTC 
Releasing openSUSE update, all done.
Comment 9 Swamp Workflow Management 2015-10-06 08:09:21 UTC 
openSUSE-SU-2015:1688-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 942149
CVE References: CVE-2015-6496
Sources used:
openSUSE 13.2 (src):    conntrack-tools-1.4.2-4.4.1
openSUSE 13.1 (src):    conntrack-tools-1.4.2-2.3.1