Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 488
Alerts This Week
Warning Icon 1 488

Ubuntu 10.10 USN-1119-1 Moderate: Linux Kernel OMAP4 Security Flaws

ubuntu
Calendar Grey April 20, 2011
Scroller Ubuntu
Resolution implemented for various vulnerabilities within the OMAP4 adaptation of the Linux kernel, thereby bolstering overall system robustness and defense.
Multiple security flaws have been fixed in the OMAP4 port of the Linux kernel.

Summary

Multiple security flaws have been fixed in the OMAP4 port of the Linux kernel.

Software Description:

- linux-ti-omap4: Linux kernel for OMAP4 devices

Details:

Dan Rosenberg discovered that the RDS network protocol did not correctly

check certain parameters. A local attacker could exploit this gain root

privileges. (CVE-2010-3904)

Nelson Elhage discovered several problems with the Acorn Econet protocol

driver. A local user could cause a denial of service via a NULL pointer

dereference, escalate privileges by overflowing the kernel stack, and

assign Econet addresses to arbitrary interfaces. (CVE-2010-3848,

CVE-2010-3849, CVE-2010-3850)

Ben Hawkes discovered that the Linux kernel did not correctly validate

memory ranges on 64bit kernels when allocating memory on behalf of 32bit

system calls. On a 64bit system, a local attacker could perform malicious

multicast getsockopt calls to gain root privileges. (CVE-2010-3081)

Tavis Ormandy discovered that the IRDA subsystem did not corre...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.10:
  linux-image-2.6.35-903-omap4    2.6.35-903.22

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2010-2954, CVE-2010-2955, CVE-2010-2960, CVE-2010-2962,

CVE-2010-2963, CVE-2010-3079, CVE-2010-3080, CVE-2010-3081,

CVE-2010-3437, CVE-2010-3705, CVE-2010-3848, CVE-2010-3849,

CVE-2010-3850, CVE-2010-3861, CVE-2010-3865, CVE-2010-3873,

CVE-2010-3875, CVE-2010-3876, CVE-2010-3877, CVE-2010-3904,

CVE-2010-4072, CVE-2010-4079, CVE-2010-4158, CVE-2010-4164,

CVE-2010-4165, CVE-2010-4249, CVE-2010-4342, CVE-2010-4346,

CVE-2010-4527, CVE-2010-4529

Severity
important
Lowest
Low
Medium
High
Critical

April 20, 2011

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.