Ubuntu 1164-1: Linux kernel vulnerabilities (i.MX51)

    Date06 Jul 2011
    CategoryUbuntu
    51
    Posted ByLinuxSecurity Advisories
    Multiple kernel flaws have been fixed.
    ==========================================================================
    Ubuntu Security Notice USN-1164-1
    July 06, 2011
    
    linux-fsl-imx51 vulnerabilities
    ==========================================================================
    
    A security issue affects these releases of Ubuntu and its derivatives:
    
    - Ubuntu 10.04 LTS
    
    Summary:
    
    Multiple kernel flaws have been fixed.
    
    Software Description:
    - linux-fsl-imx51: Linux kernel for IMX51
    
    Details:
    
    Thomas Pollet discovered that the RDS network protocol did not check
    certain iovec buffers. A local attacker could exploit this to crash the
    system or possibly execute arbitrary code as the root user. (CVE-2010-3865)
    
    Dan Rosenberg discovered that the CAN protocol on 64bit systems did not
    correctly calculate the size of certain buffers. A local attacker could
    exploit this to crash the system or possibly execute arbitrary code as the
    root user. (CVE-2010-3874)
    
    Vasiliy Kulikov discovered that the Linux kernel X.25 implementation did
    not correctly clear kernel memory. A local attacker could exploit this to
    read kernel stack memory, leading to a loss of privacy. (CVE-2010-3875)
    
    Vasiliy Kulikov discovered that the Linux kernel sockets implementation did
    not properly initialize certain structures. A local attacker could exploit
    this to read kernel stack memory, leading to a loss of privacy.
    (CVE-2010-3876)
    
    Vasiliy Kulikov discovered that the TIPC interface did not correctly
    initialize certain structures. A local attacker could exploit this to read
    kernel stack memory, leading to a loss of privacy. (CVE-2010-3877)
    
    Nelson Elhage discovered that the Linux kernel IPv4 implementation did not
    properly audit certain bytecodes in netlink messages. A local attacker
    could exploit this to cause the kernel to hang, leading to a denial of
    service. (CVE-2010-3880)
    
    Dan Rosenberg discovered that the RME Hammerfall DSP audio interface driver
    did not correctly clear kernel memory. A local attacker could exploit this
    to read kernel stack memory, leading to a loss of privacy. (CVE-2010-4080,
    CVE-2010-4081)
    
    Dan Rosenberg discovered that the VIA video driver did not correctly clear
    kernel memory. A local attacker could exploit this to read kernel stack
    memory, leading to a loss of privacy. (CVE-2010-4082)
    
    Dan Rosenberg discovered that the semctl syscall did not correctly clear
    kernel memory. A local attacker could exploit this to read kernel stack
    memory, leading to a loss of privacy. (CVE-2010-4083)
    
    James Bottomley discovered that the ICP vortex storage array controller
    driver did not validate certain sizes. A local attacker on a 64bit system
    could exploit this to crash the kernel, leading to a denial of service.
    (CVE-2010-4157)
    
    Dan Rosenberg discovered multiple flaws in the X.25 facilities parsing. If
    a system was using X.25, a remote attacker could exploit this to crash the
    system, leading to a denial of service. (CVE-2010-4164)
    
    It was discovered that multithreaded exec did not handle CPU timers
    correctly. A local attacker could exploit this to crash the system, leading
    to a denial of service. (CVE-2010-4248)
    
    Nelson Elhage discovered that the kernel did not correctly handle process
    cleanup after triggering a recoverable kernel bug. If a local attacker were
    able to trigger certain kinds of kernel bugs, they could create a specially
    crafted process to gain root privileges. (CVE-2010-4258)
    
    Nelson Elhage discovered that Econet did not correctly handle AUN packets
    over UDP. A local attacker could send specially crafted traffic to crash
    the system, leading to a denial of service. (CVE-2010-4342)
    
    Tavis Ormandy discovered that the install_special_mapping function could
    bypass the mmap_min_addr restriction. A local attacker could exploit this
    to mmap 4096 bytes below the mmap_min_addr area, possibly improving the
    chances of performing NULL pointer dereference attacks. (CVE-2010-4346)
    
    Dan Rosenberg discovered that the OSS subsystem did not handle name
    termination correctly. A local attacker could exploit this crash the system
    or gain root privileges. (CVE-2010-4527)
    
    Dan Rosenberg discovered that IRDA did not correctly check the size of
    buffers. On non-x86 systems, a local attacker could exploit this to read
    kernel heap memory, leading to a loss of privacy. (CVE-2010-4529)
    
    Dan Rosenburg discovered that the CAN subsystem leaked kernel addresses
    into the /proc filesystem. A local attacker could use this to increase the
    chances of a successful memory corruption exploit. (CVE-2010-4565)
    
    Kees Cook discovered that some ethtool functions did not correctly clear
    heap memory. A local attacker with CAP_NET_ADMIN privileges could exploit
    this to read portions of kernel heap memory, leading to a loss of privacy.
    (CVE-2010-4655)
    
    Kees Cook discovered that the IOWarrior USB device driver did not correctly
    check certain size fields. A local attacker with physical access could plug
    in a specially crafted USB device to crash the system or potentially gain
    root privileges. (CVE-2010-4656)
    
    Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly
    clear memory when writing certain file holes. A local attacker could
    exploit this to read uninitialized data from the disk, leading to a loss of
    privacy. (CVE-2011-0463)
    
    Dan Carpenter discovered that the TTPCI DVB driver did not check certain
    values during an ioctl. If the dvb-ttpci module was loaded, a local
    attacker could exploit this to crash the system, leading to a denial of
    service, or possibly gain root privileges. (CVE-2011-0521)
    
    Jens Kuehnel discovered that the InfiniBand driver contained a race
    condition. On systems using InfiniBand, a local attacker could send
    specially crafted requests to crash the system, leading to a denial of
    service. (CVE-2011-0695)
    
    Dan Rosenberg discovered that XFS did not correctly initialize memory. A
    local attacker could make crafted ioctl calls to leak portions of kernel
    stack memory, leading to a loss of privacy. (CVE-2011-0711)
    
    Rafael Dominguez Vega discovered that the caiaq Native Instruments USB
    driver did not correctly validate string lengths. A local attacker with
    physical access could plug in a specially crafted USB device to crash the
    system or potentially gain root privileges. (CVE-2011-0712)
    
    Timo Warns discovered that the LDM disk partition handling code did not
    correctly handle certain values. By inserting a specially crafted disk
    device, a local attacker could exploit this to gain root privileges.
    (CVE-2011-1017)
    
    Julien Tinnes discovered that the kernel did not correctly validate the
    signal structure from tkill(). A local attacker could exploit this to send
    signals to arbitrary threads, possibly bypassing expected restrictions.
    (CVE-2011-1182)
    
    Dan Rosenberg discovered that MPT devices did not correctly validate
    certain values in ioctl calls. If these drivers were loaded, a local
    attacker could exploit this to read arbitrary kernel memory, leading to a
    loss of privacy. (CVE-2011-1494, CVE-2011-1495)
    
    Tavis Ormandy discovered that the pidmap function did not correctly handle
    large requests. A local attacker could exploit this to crash the system,
    leading to a denial of service. (CVE-2011-1593)
    
    Vasiliy Kulikov discovered that the AGP driver did not check certain ioctl
    values. A local attacker with access to the video subsystem could exploit
    this to crash the system, leading to a denial of service, or possibly gain
    root privileges. (CVE-2011-1745, CVE-2011-2022)
    
    Vasiliy Kulikov discovered that the AGP driver did not check the size of
    certain memory allocations. A local attacker with access to the video
    subsystem could exploit this to run the system out of memory, leading to a
    denial of service. (CVE-2011-1746, CVE-2011-1747)
    
    Oliver Hartkopp and Dave Jones discovered that the CAN network driver did
    not correctly validate certain socket structures. If this driver was
    loaded, a local attacker could crash the system, leading to a denial of
    service. (CVE-2011-1748)
    
    Update instructions:
    
    The problem can be corrected by updating your system to the following
    package versions:
    
    Ubuntu 10.04 LTS:
      linux-image-2.6.31-609-imx51    2.6.31-609.26
    
    After a standard system update you need to reboot your computer to make
    all the necessary changes.
    
    ATTENTION: Due to an unavoidable ABI change the kernel updates have
    been given a new version number, which requires you to recompile and
    reinstall all third party kernel modules you might have installed. If
    you use linux-restricted-modules, you have to update that package as
    well to get modules which work with the new kernel version. Unless you
    manually uninstalled the standard kernel metapackages (e.g. linux-generic,
    linux-server, linux-powerpc), a standard system upgrade will automatically
    perform this as well.
    
    References:
      http://www.ubuntu.com/usn/usn-1164-1
      CVE-2010-3865, CVE-2010-3874, CVE-2010-3875, CVE-2010-3876,
      CVE-2010-3877, CVE-2010-3880, CVE-2010-4080, CVE-2010-4081,
      CVE-2010-4082, CVE-2010-4083, CVE-2010-4157, CVE-2010-4164,
      CVE-2010-4248, CVE-2010-4258, CVE-2010-4342, CVE-2010-4346,
      CVE-2010-4527, CVE-2010-4529, CVE-2010-4565, CVE-2010-4655,
      CVE-2010-4656, CVE-2011-0463, CVE-2011-0521, CVE-2011-0695,
      CVE-2011-0711, CVE-2011-0712, CVE-2011-1017, CVE-2011-1182,
      CVE-2011-1494, CVE-2011-1495, CVE-2011-1593, CVE-2011-1745,
      CVE-2011-1746, CVE-2011-1747, CVE-2011-1748, CVE-2011-2022
    
    Package Information:
      https://launchpad.net/ubuntu/+source/linux-fsl-imx51/2.6.31-609.26
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"23","type":"x","order":"1","pct":53.49,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":11.63,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"15","type":"x","order":"3","pct":34.88,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.