This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============3848737747495974120== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="bIKWo6Kx2H1Gl1pu9j7lkxiSR8nToUcvp"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --bIKWo6Kx2H1Gl1pu9j7lkxiSR8nToUcvp Content-Type: text/plain; charset=UTF- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-2128-1 March 05, 2014
linux vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description: - linux: Linux kernel
Details:
An information leak was discovered in the Linux kernel when inotify is used to monitor the /dev/ptmx device. A local user could exploit this flaw to discover keystroke timing and potentially discover sensitive information like password length. (CVE-2013-0160)
Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-2929)
Andrew Honig reported a flaw in the Linux Kernel's kvm_vm_ioctl_create_vcpu function of the Kernel Virtual Machine (KVM) subsystem. A local user could exploit this flaw to gain privileges on the host machine. (CVE-2013-4587)
Andrew Honig reported a flaw in the apic_get_tmcct function of the Kernel Virtual Machine (KVM) subsystem if the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service or host OS system crash. (CVE-2013-6367)
Nico Golde and Fabian Yamaguchi reported a flaw in the driver for Adaptec AACRAID scsi raid devices in the Linux kernel. A local user could use this flaw to cause a denial of service or possibly other unspecified impact. (CVE-2013-6380)
Nico Golde and Fabian Yamaguchi reported buffer underflow errors in the implementation of the XFS filesystem in the Linux kernel. A local user with CAP_SYS_ADMIN could exploit these flaw to cause a denial of service (memory corruption) or possibly other unspecified issues. (CVE-2013-6382)
Evan Huus reported a buffer overflow in the Linux kernel's radiotap header parsing. A remote attacker could cause a denial of service (buffer over- read) via a specially crafted header. (CVE-2013-7027)
An information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with ISDN sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7266)
An information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with apple talk sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7267)
An information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with ipx protocol sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7268)
An information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with the netrom address family in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7269)
An information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with packet address family sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7270)
An information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with x25 protocol sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7271)
An information leak was discovered in the Linux kernel's SIOCWANDEV ioctl call. A local user with the CAP_NET_ADMIN capability could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-1444)
An information leak was discovered in the wanxl ioctl function the Linux kernel. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-1445)
An information leak was discovered in the Linux kernel's hamradio YAM driver for AX.25 packet radio. A local user with the CAP_NET_ADMIN capability could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2014-1446)
Matthew Thode reported a denial of service vulnerability in the Linux kernel when SELinux support is enabled. A local user with the CAP_MAC_ADMIN capability (and the SELinux mac_admin permission if running in enforcing mode) could exploit this flaw to cause a denial of service (kernel crash). (CVE-2014-1874)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 10.04 LTS: linux-image-2.6.32-57-386 2.6.32-57.119 linux-image-2.6.32-57-generic 2.6.32-57.119 linux-image-2.6.32-57-generic-pae 2.6.32-57.119 linux-image-2.6.32-57-ia64 2.6.32-57.119 linux-image-2.6.32-57-lpia 2.6.32-57.119 linux-image-2.6.32-57-powerpc 2.6.32-57.119 linux-image-2.6.32-57-powerpc-smp 2.6.32-57.119 linux-image-2.6.32-57-powerpc64-smp 2.6.32-57.119 linux-image-2.6.32-57-preempt 2.6.32-57.119 linux-image-2.6.32-57-server 2.6.32-57.119 linux-image-2.6.32-57-sparc64 2.6.32-57.119 linux-image-2.6.32-57-sparc64-smp 2.6.32-57.119 linux-image-2.6.32-57-versatile 2.6.32-57.119 linux-image-2.6.32-57-virtual 2.6.32-57.119
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well.
References: http://www.ubuntu.com/usn/usn-2128-1 CVE-2013-0160, CVE-2013-2929, CVE-2013-4587, CVE-2013-6367, CVE-2013-6380, CVE-2013-6382, CVE-2013-7027, CVE-2013-7266, CVE-2013-7267, CVE-2013-7268, CVE-2013-7269, CVE-2013-7270, CVE-2013-7271, CVE-2014-1444, CVE-2014-1445, CVE-2014-1446, CVE-2014-1874
Package Information: https://launchpad.net/ubuntu/+source/linux/2.6.32-57.119
--bIKWo6Kx2H1Gl1pu9j7lkxiSR8nToUcvp Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCgAGBQJTGAtqAAoJEAUvNnAY1cPYNwcQALBJixLHSBIYcCAcjvwHyps3 IdA08MSbslbHApgDx3uhh8ELoFWDQD6nwwZKgV5zS0SDlJOBltr4IuVvR+X2HpX+ 03111JXlvN7bWkhQ4jc/hTvvwReTGMjeeV5Wdkfca3mF7cGy1/eimNANno6LX1Ov +h87qe0U2EjXVrHhWEtKioJOuY0NIDnOW/nfqLfECWEmaXeruDgrRHKAXpRTUk+n qVDjCAdpnvd/hz+vyXcHxBZ2ld76Ond4z8IHEf77nLT2tziUUVi/efa4YLVIKaOo YhfoGgVplzEYsAsZaMDjnYUvMj/YvYGVQSi9uPESjM4eo86Zu9s9Evijqd7cCXIv yqd3j+JPeW3lyZiT+zAJK07jiVi4mehnjsjYTlBn3lQU8fAZ38B6lq3masIGci3g 4nEy1LX3xP2XqwmTYJ196KwG0Mj4TPv/IPFKFsoLXLgLgUym0+cCqkwsaROy5l+d W6Q1uVujDXlnkitWxVPPkC0AjMag4FA3lq0DWnMAOHSyFHxWvWeEryxwkXXNtQ2S y9KSa/dowAL1ywUvxNnOCjlF1iV9n3IKKLY/xCA1g50QrKkFOSEHqOYMZNLo8xO1 NDiJQdWyN90cI8DsIjau70QrqbsPSP6JLZl++uwThh8YdAVwCrTK7P6STdyg0Lpn DuvBsaJZ8/5Hsc5xvCWB =pc64 -----END PGP SIGNATURE-----
--bIKWo6Kx2H1Gl1pu9j7lkxiSR8nToUcvp--
--===============3848737747495974120== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============3848737747495974120==--
|