星球
USN-1096-1: Subversion vulnerability
Ubuntu Security Notice USN-1096-1
29th March, 2011
subversion vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 9.10
- Ubuntu 8.04 LTS
- Ubuntu 6.06 LTS
Summary
An attacker could send crafted input to the Subversion mod_dav_svn module
for Apache and cause it to crash.
Software description
- subversion
- Advanced version control system
Details
Philip Martin discovered that the Subversion mod_dav_svn module for Apache
did not properly handle certain requests containing a lock token. A remote
attacker could use this flaw to cause the service to crash, leading to a
denial of service.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 10.10:
libapache2-svn
1.6.12dfsg-1ubuntu1.2
- Ubuntu 10.04 LTS:
libapache2-svn
1.6.6dfsg-2ubuntu1.2
- Ubuntu 9.10:
libapache2-svn
1.6.5dfsg-1ubuntu1.2
- Ubuntu 8.04 LTS:
libapache2-svn
1.4.6dfsg1-2ubuntu1.3
- Ubuntu 6.06 LTS:
libapache2-svn
1.3.1-3ubuntu1.4
After a standard system update you need to restart any applications that
use Subversion, such as Apache when using mod_dav_svn, to make all the
necessary changes.
References
USN-1095-1: Quagga vulnerabilities
Ubuntu Security Notice USN-1095-1
29th March, 2011
quagga vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 9.10
- Ubuntu 8.04 LTS
- Ubuntu 6.06 LTS
Summary
An attacker could send crafted input to Quagga and cause it to crash.
Software description
- quagga
- BGP/OSPF/RIP routing daemon
Details
It was discovered that Quagga incorrectly parsed certain malformed extended
communities. A remote attacker could use this flaw to cause Quagga to
crash, resulting in a denial of service. (CVE-2010-1674)
It was discovered that Quagga resets BGP sessions when encountering
malformed AS_PATHLIMIT attributes. A remote attacker could use this flaw to
disrupt BGP sessions, resulting in a denial of service. This update removes
AS_PATHLIMIT support from Quagga. This issue only affected Ubuntu 8.04 LTS,
9.10, 10.04 LTS and 10.10. (CVE-2010-1675)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 10.10:
quagga
0.99.17-1ubuntu0.1
- Ubuntu 10.04 LTS:
quagga
0.99.15-1ubuntu0.2
- Ubuntu 9.10:
quagga
0.99.13-1ubuntu0.2
- Ubuntu 8.04 LTS:
quagga
0.99.9-2ubuntu1.5
- Ubuntu 6.06 LTS:
quagga
0.99.2-1ubuntu3.8
In general, a standard system update will make all the necessary changes.
References
USN-1094-1: Libvirt vulnerability
Ubuntu Security Notice USN-1094-1
29th March, 2011
libvirt vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 9.10
Summary
An attacker could send crafted input to libvirt and cause it to crash.
Software description
- libvirt
- Libvirt virtualization toolkit
Details
Petr Matousek discovered that libvirt did not always honor read-only
connections. An attacker who is authorized to connect to the libvirt daemon
could exploit this to cause a denial of service via application crash.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 10.10:
libvirt0
0.8.3-1ubuntu14.1
- Ubuntu 10.04 LTS:
libvirt0
0.7.5-5ubuntu27.9
- Ubuntu 9.10:
libvirt0
0.7.0-1ubuntu13.3
In general, a standard system update will make all the necessary changes.
References
USN-1093-1: Linux Kernel vulnerabilities (Marvell Dove)
Ubuntu Security Notice USN-1093-1
25th March, 2011
linux-mvl-dove vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 10.10
- Ubuntu 10.04 LTS
Summary
An attacker could send crafted input to the kernel and cause it to
crash.
Software description
- linux-mvl-dove
- Block storage devices (udeb)
Details
Joel Becker discovered that OCFS2 did not correctly validate on-disk
symlink structures. If an attacker were able to trick a user or automated
system into mounting a specially crafted filesystem, it could crash the
system or exposde kernel memory, leading to a loss of privacy.
Ben Hutchings discovered that the ethtool interface did not correctly
check certain sizes. A local attacker could perform malicious ioctl calls
that could crash the system, leading to a denial of service. (Only Ubuntu
10.04 LTS was affected.) (CVE-2010-2478, CVE-2010-3084)
Eric Dumazet discovered that many network functions could leak kernel
stack contents. A local attacker could exploit this to read portions
of kernel memory, leading to a loss of privacy. (Ubuntu 10.10 was not
affected.) (CVE-2010-2942, CVE-2010-3477)
Dave Chinner discovered that the XFS filesystem did not correctly order
inode lookups when exported by NFS. A remote attacker could exploit this to
read or write disk blocks that had changed file assignment or had become
unlinked, leading to a loss of privacy. (CVE-2010-2943)
Tavis Ormandy discovered that the IRDA subsystem did not correctly shut
down. A local attacker could exploit this to cause the system to crash
or possibly gain root privileges. (Ubuntu 10.10 was not affected.)
(CVE-2010-2954)
Brad Spengler discovered that the wireless extensions did not correctly
validate certain request sizes. A local attacker could exploit this
to read portions of kernel memory, leading to a loss of privacy. (Only
Ubuntu 10.04 LTS was affected.) (CVE-2010-2955)
Tavis Ormandy discovered that the session keyring did not correctly
check for its parent. On systems without a default session keyring,
a local attacker could exploit this to crash the system, leading to a
denial of service. (Only Ubuntu 10.04 LTS was affected.) (CVE-2010-2960)
Kees Cook discovered that the Intel i915 graphics driver did not correctly
validate memory regions. A local attacker with access to the video card
could read and write arbitrary kernel memory to gain root privileges.
(CVE-2010-2962)
Kees Cook discovered that the V4L1 32bit compat interface did not correctly
validate certain parameters. A local attacker on a 64bit system with access
to a video device could exploit this to gain root privileges.
(CVE-2010-2963)
Tavis Ormandy discovered that the AIO subsystem did not correctly
validate certain parameters. A local attacker could exploit this to
crash the system or possibly gain root privileges. (Ubuntu 10.10 was
not affected.) (CVE-2010-3067)
Dan Rosenberg discovered that certain XFS ioctls leaked kernel stack
contents. A local attacker could exploit this to read portions of kernel
memory, leading to a loss of privacy. (10.10 was not affected.)
(CVE-2010-3078)
Robert Swiecki discovered that ftrace did not correctly handle mutexes. A
local attacker could exploit this to crash the kernel, leading to a denial
of service. (CVE-2010-3079)
Tavis Ormandy discovered that the OSS sequencer device did not
correctly shut down. A local attacker could exploit this to crash
the system or possibly gain root privileges. (Ubuntu 10.10 was not
affected.) (CVE-2010-3080)
Dan Rosenberg discovered that several network ioctls did not clear kernel
memory correctly. A local user could exploit this to read kernel stack
memory, leading to a loss of privacy. (CVE-2010-3296, CVE-2010-3297,
CVE-2010-3298)
Dan Rosenberg discovered that the ROSE driver did not correctly check
parameters. A local attacker with access to a ROSE network device could
exploit this to crash the system or possibly gain root privileges. (Ubuntu
10.10 was not affected.) (CVE-2010-3310)
Thomas Dreibholz discovered that SCTP did not correctly handle appending
packet chunks. A remote attacker could send specially crafted traffic
to crash the system, leading to a denial of service. (Ubuntu 10.10 was
not affected.) (CVE-2010-3432)
Dan Rosenberg discovered that the CD driver did not correctly check
parameters. A local attacker could exploit this to read arbitrary kernel
memory, leading to a loss of privacy. (CVE-2010-3437)
Dan Rosenberg discovered that the Sound subsystem did not correctly
validate parameters. A local attacker could exploit this to crash
the system, leading to a denial of service. (Ubuntu 10.10 was not
affected.) (CVE-2010-3442)
Dan Rosenberg discovered that SCTP did not correctly handle HMAC
calculations. A remote attacker could send specially crafted traffic
that would crash the system, leading to a denial of service.
(CVE-2010-3705)
Nelson Elhage discovered several problems with the Acorn Econet protocol
driver. A local user could cause a denial of service via a NULL pointer
dereference, escalate privileges by overflowing the kernel stack, and
assign Econet addresses to arbitrary interfaces. (CVE-2010-3848,
CVE-2010-3849, CVE-2010-3850)
Brad Spengler discovered that stack memory for new a process was not
correctly calculated. A local attacker could exploit this to crash the
system, leading to a denial of service. (CVE-2010-3858)
Dan Rosenberg discovered that the Linux kernel TIPC implementation
contained multiple integer signedness errors. A local attacker could
exploit this to gain root privileges. (CVE-2010-3859)
Kees Cook discovered that the ethtool interface did not correctly clear
kernel memory. A local attacker could read kernel heap memory, leading to a
loss of privacy. (CVE-2010-3861)
Thomas Pollet discovered that the RDS network protocol did not check
certain iovec buffers. A local attacker could exploit this to crash the
system or possibly execute arbitrary code as the root user. (CVE-2010-3865)
Dan Rosenberg discovered that the Linux kernel X.25 implementation
incorrectly parsed facilities. A remote attacker could exploit this to
crash the kernel, leading to a denial of service. (CVE-2010-3873)
Dan Rosenberg discovered that the CAN protocol on 64bit systems did not
correctly calculate the size of certain buffers. A local attacker could
exploit this to crash the system or possibly execute arbitrary code as the
root user. (CVE-2010-3874)
Vasiliy Kulikov discovered that the Linux kernel X.25 implementation did
not correctly clear kernel memory. A local attacker could exploit this to
read kernel stack memory, leading to a loss of privacy. (CVE-2010-3875)
Vasiliy Kulikov discovered that the Linux kernel sockets implementation did
not properly initialize certain structures. A local attacker could exploit
this to read kernel stack memory, leading to a loss of privacy.
(CVE-2010-3876)
Vasiliy Kulikov discovered that the TIPC interface did not correctly
initialize certain structures. A local attacker could exploit this to read
kernel stack memory, leading to a loss of privacy. (CVE-2010-3877)
Nelson Elhage discovered that the Linux kernel IPv4 implementation did not
properly audit certain bytecodes in netlink messages. A local attacker
could exploit this to cause the kernel to hang, leading to a denial of
service. (CVE-2010-3880)
Dan Rosenberg discovered that the RDS network protocol did not
correctly check certain parameters. A local attacker could exploit
this gain root privileges. (CVE-2010-3904)
Kees Cook and Vasiliy Kulikov discovered that the shm interface did not
clear kernel memory correctly. A local attacker could exploit this to read
kernel stack memory, leading to a loss of privacy. (CVE-2010-4072)
Dan Rosenberg discovered that multiple terminal ioctls did not correctly
initialize structure memory. A local attacker could exploit this to read
portions of kernel stack memory, leading to a loss of privacy.
(CVE-2010-4075, CVE-2010-4076, CVE-2010-4077)
Dan Rosenberg discovered that the socket filters did not correctly
initialize structure memory. A local attacker could create malicious
filters to read portions of kernel stack memory, leading to a loss of
privacy. (CVE-2010-4158)
Dan Rosenberg discovered that the SCSI subsystem did not correctly validate
iov segments. A local attacker with access to a SCSI device could send
specially crafted requests to crash the system, leading to a denial of
service. (CVE-2010-4163)
Steve Chen discovered that setsockopt did not correctly check MSS values. A
local attacker could make a specially crafted socket call to crash the
system, leading to a denial of service. (CVE-2010-4165)
Dave Jones discovered that the mprotect system call did not correctly
handle merged VMAs. A local attacker could exploit this to crash the
system, leading to a denial of service. (CVE-2010-4169)
Dan Rosenberg discovered that the RDS protocol did not correctly check
ioctl arguments. A local attacker could exploit this to crash the system,
leading to a denial of service. (CVE-2010-4175)
Vegard Nossum discovered that memory garbage collection was not handled
correctly for active sockets. A local attacker could exploit this to
allocate all available kernel memory, leading to a denial of service.
(CVE-2010-4249)
It was discovered that multithreaded exec did not handle CPU timers
correctly. A local attacker could exploit this to crash the system, leading
to a denial of service. (CVE-2010-4248)
Krishna Gudipati discovered that the bfa adapter driver did not correctly
initialize certain structures. A local attacker could read files in /sys to
crash the system, leading to a denial of service. (CVE-2010-4343)
Tavis Ormandy discovered that the install_special_mapping function could
bypass the mmap_min_addr restriction. A local attacker could exploit this
to mmap 4096 bytes below the mmap_min_addr area, possibly improving the
chances of performing NULL pointer dereference attacks. (CVE-2010-4346)
It was discovered that the ICMP stack did not correctly handle certain
unreachable messages. If a remote attacker were able to acquire a socket
lock, they could send specially crafted traffic that would crash the
system, leading to a denial of service. (CVE-2010-4526)
Dan Rosenberg discovered that the OSS subsystem did not handle name
termination correctly. A local attacker could exploit this crash the system
or gain root privileges. (CVE-2010-4527)
Dan Carpenter discovered that the Infiniband driver did not correctly
handle certain requests. A local user could exploit this to crash the
system or potentially gain root privileges. (CVE-2010-4649, CVE-2011-1044)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 10.10:
linux-image-2.6.32-416-dove
2.6.32-416.33
- Ubuntu 10.04 LTS:
linux-image-2.6.32-216-dove
2.6.32-216.33
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References
CVE-2010-2478,
CVE-2010-2942,
CVE-2010-2943,
CVE-2010-2954,
CVE-2010-2955,
CVE-2010-2960,
CVE-2010-2962,
CVE-2010-2963,
CVE-2010-3067,
CVE-2010-3078,
CVE-2010-3079,
CVE-2010-3080,
CVE-2010-3084,
CVE-2010-3296,
CVE-2010-3297,
CVE-2010-3298,
CVE-2010-3310,
CVE-2010-3432,
CVE-2010-3437,
CVE-2010-3442,
CVE-2010-3477,
CVE-2010-3705,
CVE-2010-3848,
CVE-2010-3849,
CVE-2010-3850,
CVE-2010-3858,
CVE-2010-3859,
CVE-2010-3861,
CVE-2010-3865,
CVE-2010-3873,
CVE-2010-3874,
CVE-2010-3875,
CVE-2010-3876,
CVE-2010-3877,
CVE-2010-3880,
CVE-2010-3904,
CVE-2010-4072,
CVE-2010-4075,
CVE-2010-4076,
CVE-2010-4077,
CVE-2010-4158,
CVE-2010-4163,
CVE-2010-4165,
CVE-2010-4169,
CVE-2010-4175,
CVE-2010-4248,
CVE-2010-4249,
CVE-2010-4343,
CVE-2010-4346,
CVE-2010-4526,
CVE-2010-4527,
CVE-2010-4649,
CVE-2011-1044
USN-1092-1: Linux Kernel vulnerabilities
Ubuntu Security Notice USN-1092-1
25th March, 2011
linux-source-2.6.15 vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 6.06 LTS
Summary
A local attacker could exploit this to run programs with admininstrator
privileges.
Software description
- linux-source-2.6.15
- ACPI support modules (udeb)
Details
Dan Rosenberg discovered that multiple terminal ioctls did not correctly
initialize structure memory. A local attacker could exploit this to read
portions of kernel stack memory, leading to a loss of privacy.
(CVE-2010-4075, CVE-2010-4077)
Dan Rosenberg discovered that the socket filters did not correctly
initialize structure memory. A local attacker could create malicious
filters to read portions of kernel stack memory, leading to a loss of
privacy. (CVE-2010-4158)
Dan Rosenberg discovered that certain iovec operations did not calculate
page counts correctly. A local attacker could exploit this to crash the
system, leading to a denial of service. (CVE-2010-4162)
Dan Rosenberg discovered that the SCSI subsystem did not correctly validate
iov segments. A local attacker with access to a SCSI device could send
specially crafted requests to crash the system, leading to a denial of
service. (CVE-2010-4163)
Alan Cox discovered that the HCI UART driver did not correctly check if a
write operation was available. If the mmap_min-addr sysctl was changed from
the Ubuntu default to a value of 0, a local attacker could exploit this
flaw to gain root privileges. (CVE-2010-4242)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 6.06 LTS:
linux-image-2.6.15-57-itanium
2.6.15-57.94
linux-image-2.6.15-57-hppa64-smp
2.6.15-57.94
linux-image-2.6.15-57-amd64-k8
2.6.15-57.94
linux-image-2.6.15-57-hppa32
2.6.15-57.94
linux-image-2.6.15-57-386
2.6.15-57.94
linux-image-2.6.15-57-powerpc
2.6.15-57.94
linux-image-2.6.15-57-server-bigiron
2.6.15-57.94
linux-image-2.6.15-57-server
2.6.15-57.94
linux-image-2.6.15-57-k7
2.6.15-57.94
linux-image-2.6.15-57-amd64-server
2.6.15-57.94
linux-image-2.6.15-57-powerpc-smp
2.6.15-57.94
linux-image-2.6.15-57-686
2.6.15-57.94
linux-image-2.6.15-57-hppa32-smp
2.6.15-57.94
linux-image-2.6.15-57-amd64-generic
2.6.15-57.94
linux-image-2.6.15-57-itanium-smp
2.6.15-57.94
linux-image-2.6.15-57-hppa64
2.6.15-57.94
linux-image-2.6.15-57-powerpc64-smp
2.6.15-57.94
linux-image-2.6.15-57-sparc64
2.6.15-57.94
linux-image-2.6.15-57-mckinley
2.6.15-57.94
linux-image-2.6.15-57-mckinley-smp
2.6.15-57.94
linux-image-2.6.15-57-amd64-xeon
2.6.15-57.94
linux-image-2.6.15-57-sparc64-smp
2.6.15-57.94
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References
CVE-2010-4075,
CVE-2010-4077,
CVE-2010-4158,
CVE-2010-4162,
CVE-2010-4163,
CVE-2010-4242
USN-1091-1: Firefox and Xulrunner vulnerabilities
Ubuntu Security Notice USN-1091-1
24th March, 2011
firefox, firefox-{3.0,3.5}, xulrunner-1.9.2 vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 9.10
- Ubuntu 8.04 LTS
Summary
Firefox/xulrunner update for blacklisted certificates
Software description
- firefox
- safe and easy web browser from Mozilla
- firefox-3.0
- dummy upgrade package for firefox-3.0 -> firefox
- firefox-3.5
- dummy upgrade package for firefox-3.5 -> firefox
- xulrunner-1.9.2
- XUL + XPCOM application runner
Details
It was discovered that several invalid HTTPS certificates were issued and
revoked. An attacker could use these to perform a man-in-the-middle attack.
These were placed on the certificate blacklist to prevent their misuse.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 10.10:
firefox
3.6.16+build1+nobinonly-0ubuntu0.10.10.1
xulrunner-1.9.2
1.9.2.16+build1+nobinonly-0ubuntu0.10.10.1
- Ubuntu 10.04 LTS:
firefox
3.6.16+build1+nobinonly-0ubuntu0.10.04.1
xulrunner-1.9.2
1.9.2.16+build1+nobinonly-0ubuntu0.10.04.1
- Ubuntu 9.10:
firefox
3.6.16+build1+nobinonly-0ubuntu0.9.10.1
xulrunner-1.9.2
1.9.2.16+build1+nobinonly-0ubuntu0.9.10.1
- Ubuntu 8.04 LTS:
firefox
3.6.16+build1+nobinonly-0ubuntu0.8.04.1
xulrunner-1.9.2
1.9.2.16+build1+nobinonly-0ubuntu0.8.04.1
After a standard system update you need to restart Firefox and any
applications which use Xulrunner to make all the necessary changes.
References
USN-1090-1: Linux kernel vulnerabilities
Ubuntu Security Notice USN-1090-1
18th March, 2011
linux vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 10.10
- Ubuntu 10.04 LTS
Summary
Multiple kernel vulnerabilities.
Software description
- linux
- Linux kernel
Details
Dan Rosenberg discovered that multiple terminal ioctls did not correctly
initialize structure memory. A local attacker could exploit this to read
portions of kernel stack memory, leading to a loss of privacy.
(CVE-2010-4075, CVE-2010-4076, CVE-2010-4077)
Dan Rosenberg discovered that the socket filters did not correctly
initialize structure memory. A local attacker could create malicious
filters to read portions of kernel stack memory, leading to a loss of
privacy. (Ubuntu 10.10 was already fixed in a prior update.) (CVE-2010-4158)
Dan Rosenberg discovered that the SCSI subsystem did not correctly validate
iov segments. A local attacker with access to a SCSI device could send
specially crafted requests to crash the system, leading to a denial of
service. (CVE-2010-4163)
Dan Rosenberg discovered that the RDS protocol did not correctly check
ioctl arguments. A local attacker could exploit this to crash the system,
leading to a denial of service. (CVE-2010-4175)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 10.10:
linux-image-2.6.35-28-server
2.6.35-28.49
linux-image-2.6.35-28-versatile
2.6.35-28.49
linux-image-2.6.35-28-powerpc-smp
2.6.35-28.49
linux-image-2.6.35-28-virtual
2.6.35-28.49
linux-image-2.6.35-28-powerpc64-smp
2.6.35-28.49
linux-image-2.6.35-28-powerpc
2.6.35-28.49
linux-image-2.6.35-28-generic-pae
2.6.35-28.49
linux-image-2.6.35-28-omap
2.6.35-28.49
linux-image-2.6.35-28-generic
2.6.35-28.49
- Ubuntu 10.04 LTS:
linux-image-2.6.32-30-generic
2.6.32-30.59
linux-image-2.6.32-30-powerpc-smp
2.6.32-30.59
linux-image-2.6.32-30-ia64
2.6.32-30.59
linux-image-2.6.32-30-lpia
2.6.32-30.59
linux-image-2.6.32-30-preempt
2.6.32-30.59
linux-image-2.6.32-30-sparc64-smp
2.6.32-30.59
linux-image-2.6.32-30-sparc64
2.6.32-30.59
linux-image-2.6.32-30-generic-pae
2.6.32-30.59
linux-image-2.6.32-30-virtual
2.6.32-30.59
linux-image-2.6.32-30-server
2.6.32-30.59
linux-image-2.6.32-30-powerpc
2.6.32-30.59
linux-image-2.6.32-30-386
2.6.32-30.59
linux-image-2.6.32-30-powerpc64-smp
2.6.32-30.59
linux-image-2.6.32-30-versatile
2.6.32-30.59
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References
CVE-2010-4075,
CVE-2010-4076,
CVE-2010-4077,
CVE-2010-4158,
CVE-2010-4163,
CVE-2010-4175
USN-1089-1: Linux kernel vulnerabilities
Ubuntu Security Notice USN-1089-1
18th March, 2011
linux, linux-ec2 vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 9.10
Summary
Multiple kernel vulnerabilities.
Software description
- linux
- Linux kernel
- linux-ec2
- Linux kernel for EC2
Details
Dan Rosenberg discovered that multiple terminal ioctls did not correctly
initialize structure memory. A local attacker could exploit this to read
portions of kernel stack memory, leading to a loss of privacy.
(CVE-2010-4075, CVE-2010-4076, CVE-2010-4077)
Dan Rosenberg discovered that the socket filters did not correctly
initialize structure memory. A local attacker could create malicious
filters to read portions of kernel stack memory, leading to a loss of
privacy. (CVE-2010-4158)
Dan Rosenberg discovered that certain iovec operations did not calculate
page counts correctly. A local attacker could exploit this to crash the
system, leading to a denial of service. (CVE-2010-4162)
Dan Rosenberg discovered that the SCSI subsystem did not correctly validate
iov segments. A local attacker with access to a SCSI device could send
specially crafted requests to crash the system, leading to a denial of
service. (CVE-2010-4163)
Dan Rosenberg discovered that the RDS protocol did not correctly check
ioctl arguments. A local attacker could exploit this to crash the system,
leading to a denial of service. (CVE-2010-4175)
Alan Cox discovered that the HCI UART driver did not correctly check if
a write operation was available. If the mmap_min-addr sysctl was changed
from the Ubuntu default to a value of 0, a local attacker could exploit
this flaw to gain root privileges. (CVE-2010-4242)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 9.10:
linux-image-2.6.31-23-generic
2.6.31-23.74
linux-image-2.6.31-23-sparc64-smp
2.6.31-23.74
linux-image-2.6.31-23-powerpc-smp
2.6.31-23.74
linux-image-2.6.31-308-ec2
2.6.31-308.28
linux-image-2.6.31-23-powerpc64-smp
2.6.31-23.74
linux-image-2.6.31-23-virtual
2.6.31-23.74
linux-image-2.6.31-23-generic-pae
2.6.31-23.74
linux-image-2.6.31-23-386
2.6.31-23.74
linux-image-2.6.31-23-powerpc
2.6.31-23.74
linux-image-2.6.31-23-sparc64
2.6.31-23.74
linux-image-2.6.31-23-server
2.6.31-23.74
linux-image-2.6.31-23-ia64
2.6.31-23.74
linux-image-2.6.31-23-lpia
2.6.31-23.74
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References
CVE-2010-4075,
CVE-2010-4076,
CVE-2010-4077,
CVE-2010-4158,
CVE-2010-4162,
CVE-2010-4163,
CVE-2010-4175,
CVE-2010-4242
USN-1088-1: Kerberos vulnerability
Ubuntu Security Notice USN-1088-1
15th March, 2011
krb5 vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 9.10
Summary
MIT Kerberos 5 Key Distribution Center (KDC) daemon denial of service
vulnerability.
Software description
- krb5
- MIT Kerberos master server (kadmind)
Details
Cameron Meadors discovered that the MIT Kerberos 5 Key Distribution
Center (KDC) daemon is vulnerable to a double-free condition if
the Public Key Cryptography for Initial Authentication (PKINIT)
capability is enabled. This could allow a remote attacker to cause
a denial of service.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 10.10:
krb5-kdc
1.8.1+dfsg-5ubuntu0.6
- Ubuntu 10.04 LTS:
krb5-kdc
1.8.1+dfsg-2ubuntu0.8
- Ubuntu 9.10:
krb5-kdc
1.7dfsg~beta3-1ubuntu0.12
In general, a standard system update will make all the necessary changes.
References
USN-1087-1: libvpx vulnerability
Ubuntu Security Notice USN-1087-1
11th March, 2011
libvpx vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 10.10
Summary
libvpx DOS bad read
Software description
- libvpx
- VP8 video codec (development files)
Details
Chris Evans discovered that libvpx did not properly perform bounds
checking. If an application using libvpx opened a specially crafted WebM
file, an attacker could cause a denial of service.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 10.10:
libvpx0
0.9.5-2~build0.10.10.1
This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.