Ubuntu 1212-1: Linux kernel (OMAP4) vulnerabilities

    Date21 Sep 2011
    CategoryUbuntu
    405
    Posted ByLinuxSecurity Advisories
    Multiple kernel flaws have been fixed.
    ==========================================================================
    Ubuntu Security Notice USN-1212-1
    September 21, 2011
    
    linux-ti-omap4 vulnerabilities
    ==========================================================================
    
    A security issue affects these releases of Ubuntu and its derivatives:
    
    - Ubuntu 11.04
    
    Summary:
    
    Multiple kernel flaws have been fixed.
    
    Software Description:
    - linux-ti-omap4: Linux kernel for OMAP4
    
    Details:
    
    Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly
    clear memory when writing certain file holes. A local attacker could
    exploit this to read uninitialized data from the disk, leading to a loss of
    privacy. (CVE-2011-0463)
    
    Timo Warns discovered that the LDM disk partition handling code did not
    correctly handle certain values. By inserting a specially crafted disk
    device, a local attacker could exploit this to gain root privileges.
    (CVE-2011-1017)
    
    It was discovered that the /proc filesystem did not correctly handle
    permission changes when programs executed. A local attacker could hold open
    files to examine details about programs running with higher privileges,
    potentially increasing the chances of exploiting additional
    vulnerabilities. (CVE-2011-1020)
    
    Vasiliy Kulikov discovered that the Bluetooth stack did not correctly clear
    memory. A local attacker could exploit this to read kernel stack memory,
    leading to a loss of privacy. (CVE-2011-1078)
    
    Vasiliy Kulikov discovered that the Bluetooth stack did not correctly check
    that device name strings were NULL terminated. A local attacker could
    exploit this to crash the system, leading to a denial of service, or leak
    contents of kernel stack memory, leading to a loss of privacy.
    (CVE-2011-1079)
    
    Vasiliy Kulikov discovered that bridge network filtering did not check that
    name fields were NULL terminated. A local attacker could exploit this to
    leak contents of kernel stack memory, leading to a loss of privacy.
    (CVE-2011-1080)
    
    Peter Huewe discovered that the TPM device did not correctly initialize
    memory. A local attacker could exploit this to read kernel heap memory
    contents, leading to a loss of privacy. (CVE-2011-1160)
    
    Vasiliy Kulikov discovered that the netfilter code did not check certain
    strings copied from userspace. A local attacker with netfilter access could
    exploit this to read kernel memory or crash the system, leading to a denial
    of service. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-2534)
    
    Vasiliy Kulikov discovered that the Acorn Universal Networking driver did
    not correctly initialize memory. A remote attacker could send specially
    crafted traffic to read kernel stack memory, leading to a loss of privacy.
    (CVE-2011-1173)
    
    Dan Rosenberg discovered that the IRDA subsystem did not correctly check
    certain field sizes. If a system was using IRDA, a remote attacker could
    send specially crafted traffic to crash the system or gain root privileges.
    (CVE-2011-1180)
    
    Julien Tinnes discovered that the kernel did not correctly validate the
    signal structure from tkill(). A local attacker could exploit this to send
    signals to arbitrary threads, possibly bypassing expected restrictions.
    (CVE-2011-1182)
    
    Dan Rosenberg discovered that the X.25 Rose network stack did not correctly
    handle certain fields. If a system was running with Rose enabled, a remote
    attacker could send specially crafted traffic to gain root privileges.
    (CVE-2011-1493)
    
    Dan Rosenberg discovered that MPT devices did not correctly validate
    certain values in ioctl calls. If these drivers were loaded, a local
    attacker could exploit this to read arbitrary kernel memory, leading to a
    loss of privacy. (CVE-2011-1494, CVE-2011-1495)
    
    Timo Warns discovered that the GUID partition parsing routines did not
    correctly validate certain structures. A local attacker with physical
    access could plug in a specially crafted block device to crash the system,
    leading to a denial of service. (CVE-2011-1577)
    
    Phil Oester discovered that the network bonding system did not correctly
    handle large queues. On some systems, a remote attacker could send
    specially crafted traffic to crash the system, leading to a denial of
    service. (CVE-2011-1581)
    
    Tavis Ormandy discovered that the pidmap function did not correctly handle
    large requests. A local attacker could exploit this to crash the system,
    leading to a denial of service. (CVE-2011-1593)
    
    Oliver Hartkopp and Dave Jones discovered that the CAN network driver did
    not correctly validate certain socket structures. If this driver was
    loaded, a local attacker could crash the system, leading to a denial of
    service. (CVE-2011-1598, CVE-2011-1748)
    
    Vasiliy Kulikov discovered that the AGP driver did not check certain ioctl
    values. A local attacker with access to the video subsystem could exploit
    this to crash the system, leading to a denial of service, or possibly gain
    root privileges. (CVE-2011-1745, CVE-2011-2022)
    
    Vasiliy Kulikov discovered that the AGP driver did not check the size of
    certain memory allocations. A local attacker with access to the video
    subsystem could exploit this to run the system out of memory, leading to a
    denial of service. (CVE-2011-1746)
    
    Dan Rosenberg discovered that the DCCP stack did not correctly handle
    certain packet structures. A remote attacker could exploit this to crash
    the system, leading to a denial of service. (CVE-2011-1770)
    
    Ben Greear discovered that CIFS did not correctly handle direct I/O. A
    local attacker with access to a CIFS partition could exploit this to crash
    the system, leading to a denial of service. (CVE-2011-1771)
    
    Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not
    correctly check the origin of mount points. A local attacker could exploit
    this to trick the system into unmounting arbitrary mount points, leading to
    a denial of service. (CVE-2011-1833)
    
    Vasiliy Kulikov discovered that taskstats listeners were not correctly
    handled. A local attacker could expoit this to exhaust memory and CPU
    resources, leading to a denial of service. (CVE-2011-2484)
    
    It was discovered that Bluetooth l2cap and rfcomm did not correctly
    initialize structures. A local attacker could exploit this to read portions
    of the kernel stack, leading to a loss of privacy. (CVE-2011-2492)
    
    Sami Liedes discovered that ext4 did not correctly handle missing root
    inodes. A local attacker could trigger the mount of a specially crafted
    filesystem to cause the system to crash, leading to a denial of service.
    (CVE-2011-2493)
    
    It was discovered that GFS2 did not correctly check block sizes. A local
    attacker could exploit this to crash the system, leading to a denial of
    service. (CVE-2011-2689)
    
    Fernando Gont discovered that the IPv6 stack used predictable fragment
    identification numbers. A remote attacker could exploit this to exhaust
    network resources, leading to a denial of service. (CVE-2011-2699)
    
    The performance counter subsystem did not correctly handle certain
    counters. A local attacker could exploit this to crash the system, leading
    to a denial of service. (CVE-2011-2918)
    
    Update instructions:
    
    The problem can be corrected by updating your system to the following
    package versions:
    
    Ubuntu 11.04:
      linux-image-2.6.38-1209-omap4   2.6.38-1209.15
    
    After a standard system update you need to reboot your computer to make
    all the necessary changes.
    
    References:
      http://www.ubuntu.com/usn/usn-1212-1
      CVE-2011-0463, CVE-2011-1017, CVE-2011-1020, CVE-2011-1078,
      CVE-2011-1079, CVE-2011-1080, CVE-2011-1160, CVE-2011-1170,
      CVE-2011-1171, CVE-2011-1172, CVE-2011-1173, CVE-2011-1180,
      CVE-2011-1182, CVE-2011-1493, CVE-2011-1494, CVE-2011-1495,
      CVE-2011-1577, CVE-2011-1581, CVE-2011-1593, CVE-2011-1598,
      CVE-2011-1745, CVE-2011-1746, CVE-2011-1748, CVE-2011-1770,
      CVE-2011-1771, CVE-2011-1833, CVE-2011-2022, CVE-2011-2484,
      CVE-2011-2492, CVE-2011-2493, CVE-2011-2534, CVE-2011-2689,
      CVE-2011-2699, CVE-2011-2918
    
    Package Information:
      https://launchpad.net/ubuntu/+source/linux-ti-omap4/2.6.38-1209.15
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"23","type":"x","order":"1","pct":53.49,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":11.63,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"15","type":"x","order":"3","pct":34.88,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.