Ubuntu 1792-1: Linux kernel vulnerabilities

    Date08 Apr 2013
    Posted ByLinuxSecurity Advisories
    Several security issues were fixed in the kernel.
    Ubuntu Security Notice USN-1792-1
    April 08, 2013
    linux vulnerabilities
    A security issue affects these releases of Ubuntu and its derivatives:
    - Ubuntu 10.04 LTS
    Several security issues were fixed in the kernel.
    Software Description:
    - linux: Linux kernel
    Mathias Krause discovered several errors in the Linux kernel's xfrm_user
    implementation. A local attacker could exploit these flaws to examine parts
    of kernel memory. (CVE-2012-6537)
    Mathias Krause discovered information leak in the Linux kernel's compat
    ioctl interface. A local user could exploit the flaw to examine parts of
    kernel stack memory (CVE-2012-6539)
    Mathias Krause discovered an information leak in the Linux kernel's
    getsockopt for IP_VS_SO_GET_TIMEOUT. A local user could exploit this flaw
    to examine parts of kernel stack memory. (CVE-2012-6540)
    Emese Revfy discovered that in the Linux kernel signal handlers could leak
    address information across an exec, making it possible to by pass ASLR
    (Address Space Layout Randomization). A local user could use this flaw to
    by pass ASLR to reliably deliver an exploit payload that would otherwise be
    stopped (by ASLR). (CVE-2013-0914)
    A memory use after free error was discover in the Linux kernel's tmpfs
    filesystem. A local user could exploit this flaw to gain privileges or
    cause a denial of service (system crash). (CVE-2013-1767)
    Mateusz Guzik discovered a race in the Linux kernel's keyring. A local user
    could exploit this flaw to cause a denial of service (system crash).
    Update instructions:
    The problem can be corrected by updating your system to the following
    package versions:
    Ubuntu 10.04 LTS:
      linux-image-2.6.32-46-386       2.6.32-46.107
      linux-image-2.6.32-46-generic   2.6.32-46.107
      linux-image-2.6.32-46-generic-pae  2.6.32-46.107
      linux-image-2.6.32-46-ia64      2.6.32-46.107
      linux-image-2.6.32-46-lpia      2.6.32-46.107
      linux-image-2.6.32-46-powerpc   2.6.32-46.107
      linux-image-2.6.32-46-powerpc-smp  2.6.32-46.107
      linux-image-2.6.32-46-powerpc64-smp  2.6.32-46.107
      linux-image-2.6.32-46-preempt   2.6.32-46.107
      linux-image-2.6.32-46-server    2.6.32-46.107
      linux-image-2.6.32-46-sparc64   2.6.32-46.107
      linux-image-2.6.32-46-sparc64-smp  2.6.32-46.107
      linux-image-2.6.32-46-versatile  2.6.32-46.107
      linux-image-2.6.32-46-virtual   2.6.32-46.107
    After a standard system update you need to reboot your computer to make
    all the necessary changes.
      CVE-2012-6537, CVE-2012-6539, CVE-2012-6540, CVE-2013-0914,
      CVE-2013-1767, CVE-2013-1792
    Package Information:
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"90","title":"Love them!","votes":"29","type":"x","order":"1","pct":90.63,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"2","type":"x","order":"2","pct":6.25,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"1","type":"x","order":"3","pct":3.13,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.