Ubuntu 1798-1: Linux kernel (EC2) vulnerabilities

    Date08 Apr 2013
    56
    Posted ByLinuxSecurity Advisories
    Several security issues were fixed in the kernel.
    ==========================================================================
    Ubuntu Security Notice USN-1798-1
    April 09, 2013
    
    linux-ec2 vulnerabilities
    ==========================================================================
    
    A security issue affects these releases of Ubuntu and its derivatives:
    
    - Ubuntu 10.04 LTS
    
    Summary:
    
    Several security issues were fixed in the kernel.
    
    Software Description:
    - linux-ec2: Linux kernel for EC2
    
    Details:
    
    Mathias Krause discovered several errors in the Linux kernel's xfrm_user
    implementation. A local attacker could exploit these flaws to examine parts
    of kernel memory. (CVE-2012-6537)
    
    Mathias Krause discovered information leak in the Linux kernel's compat
    ioctl interface. A local user could exploit the flaw to examine parts of
    kernel stack memory (CVE-2012-6539)
    
    Mathias Krause discovered an information leak in the Linux kernel's
    getsockopt for IP_VS_SO_GET_TIMEOUT. A local user could exploit this flaw
    to examine parts of kernel stack memory. (CVE-2012-6540)
    
    Emese Revfy discovered that in the Linux kernel signal handlers could leak
    address information across an exec, making it possible to by pass ASLR
    (Address Space Layout Randomization). A local user could use this flaw to
    by pass ASLR to reliably deliver an exploit payload that would otherwise be
    stopped (by ASLR). (CVE-2013-0914)
    
    A memory use after free error was discover in the Linux kernel's tmpfs
    filesystem. A local user could exploit this flaw to gain privileges or
    cause a denial of service (system crash). (CVE-2013-1767)
    
    Mateusz Guzik discovered a race in the Linux kernel's keyring. A local user
    could exploit this flaw to cause a denial of service (system crash).
    (CVE-2013-1792)
    
    Update instructions:
    
    The problem can be corrected by updating your system to the following
    package versions:
    
    Ubuntu 10.04 LTS:
      linux-image-2.6.32-351-ec2      2.6.32-351.63
    
    After a standard system update you need to reboot your computer to make
    all the necessary changes.
    
    References:
      https://www.ubuntu.com/usn/usn-1798-1
      CVE-2012-6537, CVE-2012-6539, CVE-2012-6540, CVE-2013-0914,
      CVE-2013-1767, CVE-2013-1792
    
    Package Information:
      https://launchpad.net/ubuntu/+source/linux-ec2/2.6.32-351.63
    
    

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"94","type":"x","order":"1","pct":79.66,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"18","type":"x","order":"2","pct":15.25,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"6","type":"x","order":"3","pct":5.08,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.