Ubuntu 10.04 LTS USN-1205-1 Critical: Multiple Kernel Flaws Resolved
Sep 13, 2011
•
LinuxSecurity Advisories
1 - 2 min read
Topics Covered
Multiple kernel flaws have been fixed.
=========================================================================Ubuntu Security Notice USN-1205-1 September 13, 2011 linux-lts-backport-maverick vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 10.04 LTS Summary: Multiple kernel flaws have been fixed. Software Description: - linux-lts-backport-maverick: Linux kernel backport from Maverick Details: It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. (CVE-2011-1020) Dan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fields. If a system was running with Rose enabled, a remote attacker could send specially crafted traffic to gain root privileges. (CVE-2011-1493) Dan Rosenberg discovered that the DCCP stack did not correctly handle certain packet structures. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-1770) Vasiliy Kulikov discovered that taskstats listeners were not correctly handled. A local attacker could expoit this to exhaust memory and CPU resources, leading to a denial of service. (CVE-2011-2484) It was discovered that Bluetooth l2cap and rfcomm did not correctly initialize structures. A local attacker could exploit this to read portions of the kernel stack, leading to a loss of privacy. (CVE-2011-2492) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 10.04 LTS: linux-image-2.6.35-30-generic 2.6.35-30.59~lucid1 linux-image-2.6.35-30-generic-pae 2.6.35-30.59~lucid1 linux-image-2.6.35-30-server 2.6.35-30.59~lucid1 linux-image-2.6.35-30-virtual 2.6.35-30.59~lucid1 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-1205-1 CVE-2011-1020, CVE-2011-1493, CVE-2011-1770, CVE-2011-2484, CVE-2011-2492 Package Information: https://launchpad.net/ubuntu/+source/linux-lts-backport-maverick/2.6.35-30.59~lucid1
PREVIOUS
NEXT
Ubuntu 10.04 LTS USN-1205-1 Critical: Multiple Kernel Flaws Resolved
ubuntu
September 13, 2011
Multiple kernel flaws have been fixed.
Summary
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 10.04 LTS: linux-image-2.6.35-30-generic 2.6.35-30.59~lucid1 linux-image-2.6.35-30-generic-pae 2.6.35-30.59~lucid1 linux-image-2.6.35-30-server 2.6.35-30.59~lucid1 linux-image-2.6.35-30-virtual 2.6.35-30.59~lucid1 After a standard system update you need to reboot your computer to make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-1205-1
CVE-2011-1020, CVE-2011-1493, CVE-2011-1770, CVE-2011-2484,
CVE-2011-2492
Severity
critical
Lowest
Low
Medium
High
Critical
September 13, 2011
Topics Covered
Package Information
https://launchpad.net/ubuntu/+source/linux-lts-backport-maverick/2.6.35-30.59~lucid1
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!