This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============1510503157985134911== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="tp2ifTQkamCFTTMX81U4BMeVNVxcFEm8a"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --tp2ifTQkamCFTTMX81U4BMeVNVxcFEm8a Content-Type: text/plain; charset=UTF- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-2110-1 February 18, 2014
linux-ti-omap4 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description: - linux-ti-omap4: Linux kernel for OMAP4
Details:
Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-2929)
Stephan Mueller reported an error in the Linux kernel's ansi cprng random number generator. This flaw makes it easier for a local attacker to break cryptographic protections. (CVE-2013-4345)
Andrew Honig reported a flaw in the Linux Kernel's kvm_vm_ioctl_create_vcpu function of the Kernel Virtual Machine (KVM) subsystem. A local user could exploit this flaw to gain privileges on the host machine. (CVE-2013-4587)
Andrew Honig reported a flaw in the apic_get_tmcct function of the Kernel Virtual Machine (KVM) subsystem if the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service or host OS system crash. (CVE-2013-6367)
Nico Golde and Fabian Yamaguchi reported a flaw in the driver for Adaptec AACRAID scsi raid devices in the Linux kernel. A local user could use this flaw to cause a denial of service or possibly other unspecified impact. (CVE-2013-6380)
Nico Golde and Fabian Yamaguchi reported buffer underflow errors in the implementation of the XFS filesystem in the Linux kernel. A local user with CAP_SYS_ADMIN could exploit these flaw to cause a denial of service (memory corruption) or possibly other unspecified issues. (CVE-2013-6382)
mpd reported an information leak in the recvfrom, recvmmsg, and recvmsg system calls in the Linux kernel. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7263)
mpb reported an information leak in the Layer Two Tunneling Protocol (l2tp) of the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7264)
mpb reported an information leak in the Phone Network protocol (phonet) in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7265)
An information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with ISDN sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7266)
An information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with apple talk sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7267)
An information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with ipx protocol sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7268)
An information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with the netrom address family in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7269)
An information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with packet address family sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7270)
An information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with x25 protocol sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7271)
mpb reported an information leak in the Low-Rate Wireless Personal Area Networks support (IEEE 802.15.4) in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7281)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 LTS: linux-image-3.2.0-1443-omap4 3.2.0-1443.62
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well.
References: http://www.ubuntu.com/usn/usn-2110-1 CVE-2013-2929, CVE-2013-4345, CVE-2013-4587, CVE-2013-6367, CVE-2013-6380, CVE-2013-6382, CVE-2013-7263, CVE-2013-7264, CVE-2013-7265, CVE-2013-7266, CVE-2013-7267, CVE-2013-7268, CVE-2013-7269, CVE-2013-7270, CVE-2013-7271, CVE-2013-7281
Package Information: https://launchpad.net/ubuntu/+source/linux-ti-omap4/3.2.0-1443.62
--tp2ifTQkamCFTTMX81U4BMeVNVxcFEm8a Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCgAGBQJTA+0dAAoJEAUvNnAY1cPYUlcP/1Fieobvgl/V5Df5I/4Yqay1 UQcMJwHfDJh6Um4sb/5acS9Dxyw1Sq4ZoKQK7Ehs1JNpKoXLCxk1ar2eHx0ecFID x0EGwokUADmAjU/8FP6Y8eMHXzsUqtAbE6Am/Phx2a/V6lMue386KXdNmHXMsj4n xBU8UVnKfchS0/LFi2Fz4GhIO5T35dEu6RZipfZ0etqf5qiQPibONF7cFvE1q+w0 wzUJ1M9qX1vNsXurm8dd9urRsTlH4217ui7wvYlBJUWhxK6j4RnAes3QQtIP0wDT xAqylI4083pl83ytIskroqrrLeFvaycGKNQcPZIBJMPhGf2NzIS0gu2JQ6lU3ujX pyPVpOd2uUDMOh58z9nHy8Jy2n+LlgBs0bHEBZOH+yr2qUkyL+u8RITlWE5dZ3pY 6XqdcH3WeMxvQDlSHGSDq07sIg1dmkhYcCdLOgXNC32Nm5/gKGuR2HfnYQvry3N/ fDJU1cVQtboiqt9eLgaABWxQb0YDWIFd5kNSnoZ/FOhBlepqiXAPiSDZDNyHbX3K RjP47SOcTsCZo7u0mqxecfU33+aElnV4Sj0Z/TWSsyh/tDfZnDH+liev2z8S8lKZ 9Q7fBP40wuyefQwC7bw+MJZagzg4ksGtX1aNYwTx7V7BdzU/FjfmxX9Nst1FYvaW WHS2O2O4tSoK0Q6UzGIs =leEI -----END PGP SIGNATURE-----
--tp2ifTQkamCFTTMX81U4BMeVNVxcFEm8a--
--===============1510503157985134911== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============1510503157985134911==--
|