Ubuntu 1704-1: Linux kernel (Quantal HWE) vulnerabilities

    Date22 Jan 2013
    CategoryUbuntu
    63
    Posted ByLinuxSecurity Advisories
    Several security issues were fixed in the kernel.
    ==========================================================================
    Ubuntu Security Notice USN-1704-1
    January 22, 2013
    
    linux-lts-quantal - Linux kernel hardware enablement from Quantal vulnerabilities
    ==========================================================================
    
    A security issue affects these releases of Ubuntu and its derivatives:
    
    - Ubuntu 12.04 LTS
    
    Summary:
    
    Several security issues were fixed in the kernel.
    
    Software Description:
    - linux-lts-quantal: Linux kernel LTS from Quantal
    
    Details:
    
    Brad Spengler discovered a flaw in the Linux kernel's uname system call. An
    unprivileged user could exploit this flaw to read kernel stack memory.
    (CVE-2012-0957)
    
    Jon Howell reported a flaw in the Linux kernel's KVM (Kernel-based virtual
    machine) subsystem's handling of the XSAVE feature. On hosts, using qemu
    userspace, without the XSAVE feature an unprivileged local attacker could
    exploit this flaw to crash the system. (CVE-2012-4461)
    
    Dmitry Monakhov reported a race condition flaw the Linux ext4 filesystem
    that can expose stale data. An unprivileged user could exploit this flaw to
    cause an information leak. (CVE-2012-4508)
    
    A flaw was discovered in the Linux kernel's handling of script execution
    when module loading is enabled. A local attacker could exploit this flaw to
    cause a leak of kernel stack contents. (CVE-2012-4530)
    
    Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois
    congestion control algorithm. A local attacker could use this to cause a
    denial of service. (CVE-2012-4565)
    
    A flaw was discovered in the Linux kernel's handling of new hot-plugged
    memory. An unprivileged local user could exploit this flaw to cause a
    denial of service by crashing the system. (CVE-2012-5517)
    
    Florian Weimer discovered that hypervkvpd, which is distributed in the
    Linux kernel, was not correctly validating source addresses of netlink
    packets. An untrusted local user can cause a denial of service by causing
    hypervkvpd to exit. (CVE-2012-5532)
    
    Update instructions:
    
    The problem can be corrected by updating your system to the following
    package versions:
    
    Ubuntu 12.04 LTS:
      linux-image-3.5.0-22-generic    3.5.0-22.34~precise1
    
    After a standard system update you need to reboot your computer to make
    all the necessary changes.
    
    References:
      http://www.ubuntu.com/usn/usn-1704-1
      CVE-2012-0957, CVE-2012-4461, CVE-2012-4508, CVE-2012-4530,
      CVE-2012-4565, CVE-2012-5517, CVE-2012-5532
    
    Package Information:
      https://launchpad.net/ubuntu/+source/linux-lts-quantal/3.5.0-22.34~precise1
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"23","type":"x","order":"1","pct":56.1,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":12.2,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"13","type":"x","order":"3","pct":31.71,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.