Ubuntu 1384-1: Linux kernel (Oneiric backport) vulnerabilities

    Date06 Mar 2012
    Posted ByLinuxSecurity Advisories
    Several security issues were fixed in the kernel.
    Ubuntu Security Notice USN-1384-1
    March 06, 2012
    linux-lts-backport-oneiric vulnerabilities
    A security issue affects these releases of Ubuntu and its derivatives:
    - Ubuntu 10.04 LTS
    Several security issues were fixed in the kernel.
    Software Description:
    - linux-lts-backport-oneiric: Linux kernel backport from Oneiric
    A bug was discovered in the Linux kernel's calculation of OOM (Out of
    memory) scores, that would result in the wrong process being killed. A user
    could use this to kill the process with the highest OOM score, even if that
    process belongs to another user or the system. (CVE-2011-4097)
    Paolo Bonzini discovered a flaw in Linux's handling of the SG_IO ioctl
    command. A local user, or user in a VM could exploit this flaw to bypass
    restrictions and gain read/write access to all data on the affected block
    device. (CVE-2011-4127)
    A flaw was found in KVM's Programmable Interval Timer (PIT). When a virtual
    interrupt control is not available a local user could use this to cause a
    denial of service by starting a timer. (CVE-2011-4622)
    A flaw was discovered in the XFS filesystem. If a local user mounts a
    specially crafted XFS image it could potential execute arbitrary code on
    the system. (CVE-2012-0038)
    Andy Whitcroft discovered a that the Overlayfs filesystem was not doing the
    extended permission checks needed by cgroups and Linux Security Modules
    (LSMs). A local user could exploit this to by-pass security policy and
    access files that should not be accessible. (CVE-2012-0055)
    A flaw was found in the linux kernels IPv4 IGMP query processing. A remote
    attacker could exploit this to cause a denial of service. (CVE-2012-0207)
    Update instructions:
    The problem can be corrected by updating your system to the following
    package versions:
    Ubuntu 10.04 LTS:
      linux-image-3.0.0-16-generic    3.0.0-16.29~lucid1
      linux-image-3.0.0-16-generic-pae  3.0.0-16.29~lucid1
      linux-image-3.0.0-16-server     3.0.0-16.29~lucid1
      linux-image-3.0.0-16-virtual    3.0.0-16.29~lucid1
    After a standard system update you need to reboot your computer to make
    all the necessary changes.
    ATTENTION: Due to an unavoidable ABI change the kernel updates have
    been given a new version number, which requires you to recompile and
    reinstall all third party kernel modules you might have installed. If
    you use linux-restricted-modules, you have to update that package as
    well to get modules which work with the new kernel version. Unless you
    manually uninstalled the standard kernel metapackages (e.g. linux-generic,
    linux-server, linux-powerpc), a standard system upgrade will automatically
    perform this as well.
      CVE-2011-4097, CVE-2011-4127, CVE-2011-4622, CVE-2012-0038,
      CVE-2012-0055, CVE-2012-0207
    Package Information:
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"39","type":"x","order":"1","pct":50,"resources":[]},{"id":"88","title":"Should be more technical","votes":"11","type":"x","order":"2","pct":14.1,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"28","type":"x","order":"3","pct":35.9,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.