===========================================================
Ubuntu Security Notice USN-1077-1 February 28, 2011
fuse vulnerabilities
CVE-2011-0541, CVE-2011-0542, CVE-2011-0543
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
fuse-utils 2.7.2-1ubuntu2.3

Ubuntu 9.10:
fuse-utils 2.7.4-1.1ubuntu4.5

Ubuntu 10.04 LTS:
fuse-utils 2.8.1-1.1ubuntu3.1

Ubuntu 10.10:
fuse-utils 2.8.4-1ubuntu1.3

In general, a standard system update will make all the necessary changes.

Details follow:

It was discovered that FUSE would incorrectly follow symlinks when checking
mountpoints under certain conditions. A local attacker, with access to use
FUSE, could unmount arbitrary locations, leading to a denial of service.

===========================================================
Ubuntu Security Notice USN-1076-1 February 28, 2011
clamav vulnerability
CVE-2011-1003
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.10:
libclamav6 0.95.3+dfsg-1ubuntu0.09.10.4

Ubuntu 10.04 LTS:
libclamav6 0.96.5+dfsg-1ubuntu1.10.04.2

Ubuntu 10.10:
libclamav6 0.96.5+dfsg-1ubuntu1.10.10.2

In general, a standard system update will make all the necessary changes.

Details follow:

It was discovered that the Microsoft Office processing code in libclamav
improperly handled certain Visual Basic for Applications (VBA) data. This
could allow a remote attacker to craft a document that could crash clamav
or possibly execute arbitrary code.

In the default installation, attackers would be isolated by the
ClamAV AppArmor profile.

===========================================================
Ubuntu Security Notice USN-1075-1 February 28, 2011
samba vulnerability
CVE-2011-0719
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
samba 3.0.22-1ubuntu3.14

Ubuntu 8.04 LTS:
samba 3.0.28a-1ubuntu4.14

Ubuntu 9.10:
samba 2:3.4.0-3ubuntu5.8

Ubuntu 10.04 LTS:
samba 2:3.4.7~dfsg-1ubuntu3.4

Ubuntu 10.10:
samba 2:3.5.4~dfsg-1ubuntu8.3

In general, a standard system update will make all the necessary changes.

Details follow:

Volker Lendecke discovered that Samba incorrectly handled certain file
descriptors. A remote attacker could send a specially crafted request to
the server and cause Samba to crash or hang, resulting in a denial of
service.

===========================================================
Ubuntu Security Notice USN-1074-1 February 25, 2011
linux-fsl-imx51 vulnerabilities
CVE-2009-4895, CVE-2010-2066, CVE-2010-2226, CVE-2010-2240,
CVE-2010-2248, CVE-2010-2478, CVE-2010-2495, CVE-2010-2521,
CVE-2010-2524, CVE-2010-2538, CVE-2010-2798, CVE-2010-2803,
CVE-2010-2942, CVE-2010-2943, CVE-2010-2946, CVE-2010-2954,
CVE-2010-2955, CVE-2010-2959, CVE-2010-2962, CVE-2010-2963,
CVE-2010-3015, CVE-2010-3067, CVE-2010-3078, CVE-2010-3079,
CVE-2010-3080, CVE-2010-3081, CVE-2010-3084, CVE-2010-3296,
CVE-2010-3297, CVE-2010-3298, CVE-2010-3301, CVE-2010-3310,
CVE-2010-3432, CVE-2010-3437, CVE-2010-3442, CVE-2010-3448,
CVE-2010-3477, CVE-2010-3698, CVE-2010-3705, CVE-2010-3848,
CVE-2010-3849, CVE-2010-3850, CVE-2010-3858, CVE-2010-3861,
CVE-2010-3904, CVE-2010-4072, CVE-2010-4073, CVE-2010-4074,
CVE-2010-4078, CVE-2010-4079, CVE-2010-4165, CVE-2010-4169,
CVE-2010-4249
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.10:
linux-image-2.6.31-112-imx51 2.6.31-112.30

After a standard system update you need to reboot your computer to make
all the necessary changes.

Details follow:

Al Viro discovered a race condition in the TTY driver. A local attacker
could exploit this to crash the system, leading to a denial of service.
(CVE-2009-4895)

Dan Rosenberg discovered that the MOVE_EXT ext4 ioctl did not correctly
check file permissions. A local attacker could overwrite append-only files,
leading to potential data loss. (CVE-2010-2066)

Dan Rosenberg discovered that the swapexit xfs ioctl did not correctly
check file permissions. A local attacker could exploit this to read from
write-only files, leading to a loss of privacy. (CVE-2010-2226)

Gael Delalleu, Rafal Wojtczuk, and Brad Spengler discovered that the memory
manager did not properly handle when applications grow stacks into adjacent
memory regions. A local attacker could exploit this to gain control of
certain applications, potentially leading to privilege escalation, as
demonstrated in attacks against the X server. (CVE-2010-2240)

Suresh Jayaraman discovered that CIFS did not correctly validate certain
response packats. A remote attacker could send specially crafted traffic
that would crash the system, leading to a denial of service.
(CVE-2010-2248)

Ben Hutchings discovered that the ethtool interface did not correctly check
certain sizes. A local attacker could perform malicious ioctl calls that
could crash the system, leading to a denial of service. (CVE-2010-2478,
CVE-2010-3084)

James Chapman discovered that L2TP did not correctly evaluate checksum
capabilities. If an attacker could make malicious routing changes, they
could crash the system, leading to a denial of service. (CVE-2010-2495)

Neil Brown discovered that NFSv4 did not correctly check certain write
requests. A remote attacker could send specially crafted traffic that could
crash the system or possibly gain root privileges. (CVE-2010-2521)

David Howells discovered that DNS resolution in CIFS could be spoofed. A
local attacker could exploit this to control DNS replies, leading to a loss
of privacy and possible privilege escalation. (CVE-2010-2524)

Dan Rosenberg discovered that the btrfs filesystem did not correctly
validate permissions when using the clone function. A local attacker could
overwrite the contents of file handles that were opened for append-only, or
potentially read arbitrary contents, leading to a loss of privacy. Only
Ubuntu 9.10 was affected. (CVE-2010-2538)

Bob Peterson discovered that GFS2 rename operations did not correctly
validate certain sizes. A local attacker could exploit this to crash the
system, leading to a denial of service. (CVE-2010-2798)

Kees Cook discovered that under certain situations the ioctl subsystem for
DRM did not properly sanitize its arguments. A local attacker could exploit
this to read previously freed kernel memory, leading to a loss of privacy.
(CVE-2010-2803)

Eric Dumazet discovered that many network functions could leak kernel stack
contents. A local attacker could exploit this to read portions of kernel
memory, leading to a loss of privacy. (CVE-2010-2942, CVE-2010-3477)

Dave Chinner discovered that the XFS filesystem did not correctly order
inode lookups when exported by NFS. A remote attacker could exploit this to
read or write disk blocks that had changed file assignment or had become
unlinked, leading to a loss of privacy. (CVE-2010-2943)

Sergey Vlasov discovered that JFS did not correctly handle certain extended
attributes. A local attacker could bypass namespace access rules, leading
to a loss of privacy. (CVE-2010-2946)

Tavis Ormandy discovered that the IRDA subsystem did not correctly shut
down. A local attacker could exploit this to cause the system to crash or
possibly gain root privileges. (CVE-2010-2954)

Brad Spengler discovered that the wireless extensions did not correctly
validate certain request sizes. A local attacker could exploit this to read
portions of kernel memory, leading to a loss of privacy. (CVE-2010-2955)

Ben Hawkes discovered an integer overflow in the Controller Area Network
(CVE-2010-2959)

Kees Cook discovered that the Intel i915 graphics driver did not correctly
validate memory regions. A local attacker with access to the video card
could read and write arbitrary kernel memory to gain root privileges.
Ubuntu 10.10 was not affected. (CVE-2010-2962)

Kees Cook discovered that the V4L1 32bit compat interface did not correctly
validate certain parameters. A local attacker on a 64bit system with access
to a video device could exploit this to gain root privileges.
(CVE-2010-2963)

Toshiyuki Okajima discovered that ext4 did not correctly check certain
parameters. A local attacker could exploit this to crash the system or
overwrite the last block of large files. (CVE-2010-3015)

Tavis Ormandy discovered that the AIO subsystem did not correctly validate
certain parameters. A local attacker could exploit this to crash the system
or possibly gain root privileges. (CVE-2010-3067)

Dan Rosenberg discovered that certain XFS ioctls leaked kernel stack
contents. A local attacker could exploit this to read portions of kernel
memory, leading to a loss of privacy. (CVE-2010-3078)

Robert Swiecki discovered that ftrace did not correctly handle mutexes. A
local attacker could exploit this to crash the kernel, leading to a denial
of service. (CVE-2010-3079)

Tavis Ormandy discovered that the OSS sequencer device did not correctly
shut down. A local attacker could exploit this to crash the system or
possibly gain root privileges. (CVE-2010-3080)

Ben Hawkes discovered that the Linux kernel did not correctly validate
memory ranges on 64bit kernels when allocating memory on behalf of 32bit
system calls. On a 64bit system, a local attacker could perform malicious
multicast getsockopt calls to gain root privileges. (CVE-2010-3081)

Dan Rosenberg discovered that several network ioctls did not clear kernel
memory correctly. A local user could exploit this to read kernel stack
memory, leading to a loss of privacy. (CVE-2010-3296, CVE-2010-3297,
CVE-2010-3298)

Ben Hawkes discovered that the Linux kernel did not correctly filter
registers on 64bit kernels when performing 32bit system calls. On a 64bit
system, a local attacker could manipulate 32bit system calls to gain root
privileges. (CVE-2010-3301)

Dan Rosenberg discovered that the ROSE driver did not correctly check
parameters. A local attacker with access to a ROSE network device could
exploit this to crash the system or possibly gain root privileges.
(CVE-2010-3310)

Thomas Dreibholz discovered that SCTP did not correctly handle appending
packet chunks. A remote attacker could send specially crafted traffic to
crash the system, leading to a denial of service. (CVE-2010-3432)

Dan Rosenberg discovered that the CD driver did not correctly check
parameters. A local attacker could exploit this to read arbitrary kernel
memory, leading to a loss of privacy. (CVE-2010-3437)

Dan Rosenberg discovered that the Sound subsystem did not correctly
validate parameters. A local attacker could exploit this to crash the
system, leading to a denial of service. (CVE-2010-3442)

Dan Jacobson discovered that ThinkPad video output was not correctly access
controlled. A local attacker could exploit this to hang the system, leading
to a denial of service. (CVE-2010-3448)

It was discovered that KVM did not correctly initialize certain CPU
registers. A local attacker could exploit this to crash the system, leading
to a denial of service. (CVE-2010-3698)

Dan Rosenberg discovered that SCTP did not correctly handle HMAC
calculations. A remote attacker could send specially crafted traffic that
would crash the system, leading to a denial of service. (CVE-2010-3705)

Nelson Elhage discovered several problems with the Acorn Econet protocol
driver. A local user could cause a denial of service via a NULL pointer
dereference, escalate privileges by overflowing the kernel stack, and
assign Econet addresses to arbitrary interfaces. (CVE-2010-3848,
CVE-2010-3849, CVE-2010-3850)

Brad Spengler discovered that stack memory for new a process was not
correctly calculated. A local attacker could exploit this to crash the
system, leading to a denial of service. (CVE-2010-3858)

Kees Cook discovered that the ethtool interface did not correctly clear
kernel memory. A local attacker could read kernel heap memory, leading to a
loss of privacy. (CVE-2010-3861)

Dan Rosenberg discovered that the RDS network protocol did not correctly
check certain parameters. A local attacker could exploit this gain root
privileges. (CVE-2010-3904)

Kees Cook and Vasiliy Kulikov discovered that the shm interface did not
clear kernel memory correctly. A local attacker could exploit this to read
kernel stack memory, leading to a loss of privacy. (CVE-2010-4072)

Dan Rosenberg discovered that the USB subsystem did not correctly
initialize certian structures. A local attacker could exploit this to read
kernel stack memory, leading to a loss of privacy. (CVE-2010-4074)

Dan Rosenberg discovered that the SiS video driver did not correctly clear
kernel memory. A local attacker could exploit this to read kernel stack
memory, leading to a loss of privacy. (CVE-2010-4078)

Dan Rosenberg discovered that the ivtv V4L driver did not correctly
initialize certian structures. A local attacker could exploit this to read
kernel stack memory, leading to a loss of privacy. (CVE-2010-4079)

Steve Chen discovered that setsockopt did not correctly check MSS values. A
local attacker could make a specially crafted socket call to crash the
system, leading to a denial of service. (CVE-2010-4165)

Dave Jones discovered that the mprotect system call did not correctly
handle merged VMAs. A local attacker could exploit this to crash the
system, leading to a denial of service. (CVE-2010-4169)

Vegard Nossum discovered that memory garbage collection was not handled
correctly for active sockets. A local attacker could exploit this to
allocate all available kernel memory, leading to a denial of service.
(CVE-2010-4249)

===========================================================
Ubuntu Security Notice USN-1073-1 February 25, 2011
linux, linux-ec2 vulnerabilities
CVE-2010-0435, CVE-2010-3448, CVE-2010-3698, CVE-2010-3859,
CVE-2010-3865, CVE-2010-3873, CVE-2010-3874, CVE-2010-3875,
CVE-2010-3876, CVE-2010-3877, CVE-2010-3880, CVE-2010-4073,
CVE-2010-4074, CVE-2010-4078, CVE-2010-4079, CVE-2010-4080,
CVE-2010-4081, CVE-2010-4082, CVE-2010-4083, CVE-2010-4157,
CVE-2010-4160, CVE-2010-4165, CVE-2010-4169, CVE-2010-4248,
CVE-2010-4249
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.10:
linux-image-2.6.31-22-386 2.6.31-22.73
linux-image-2.6.31-22-generic 2.6.31-22.73
linux-image-2.6.31-22-generic-pae 2.6.31-22.73
linux-image-2.6.31-22-ia64 2.6.31-22.73
linux-image-2.6.31-22-lpia 2.6.31-22.73
linux-image-2.6.31-22-powerpc 2.6.31-22.73
linux-image-2.6.31-22-powerpc-smp 2.6.31-22.73
linux-image-2.6.31-22-powerpc64-smp 2.6.31-22.73
linux-image-2.6.31-22-server 2.6.31-22.73
linux-image-2.6.31-22-sparc64 2.6.31-22.73
linux-image-2.6.31-22-sparc64-smp 2.6.31-22.73
linux-image-2.6.31-22-virtual 2.6.31-22.73
linux-image-2.6.31-307-ec2 2.6.31-307.27

After a standard system update you need to reboot your computer to make
all the necessary changes.

Details follow:

Gleb Napatov discovered that KVM did not correctly check certain privileged
operations. A local attacker with access to a guest kernel could exploit
this to crash the host system, leading to a denial of service.
(CVE-2010-0435)

Dan Jacobson discovered that ThinkPad video output was not correctly access
controlled. A local attacker could exploit this to hang the system, leading
to a denial of service. (CVE-2010-3448)

It was discovered that KVM did not correctly initialize certain CPU
registers. A local attacker could exploit this to crash the system, leading
to a denial of service. (CVE-2010-3698)

Dan Rosenberg discovered that the Linux kernel TIPC implementation
contained multiple integer signedness errors. A local attacker could
exploit this to gain root privileges. (CVE-2010-3859)

Thomas Pollet discovered that the RDS network protocol did not
check certain iovec buffers. A local attacker could exploit this
to crash the system or possibly execute arbitrary code as the root
user. (CVE-2010-3865)

Dan Rosenberg discovered that the Linux kernel X.25 implementation
incorrectly parsed facilities. A remote attacker could exploit this to
crash the kernel, leading to a denial of service. (CVE-2010-3873)

Dan Rosenberg discovered that the CAN protocol on 64bit systems did not
correctly calculate the size of certain buffers. A local attacker could
exploit this to crash the system or possibly execute arbitrary code as
the root user. (CVE-2010-3874)

Vasiliy Kulikov discovered that the Linux kernel X.25 implementation did
not correctly clear kernel memory. A local attacker could exploit this to
read kernel stack memory, leading to a loss of privacy. (CVE-2010-3875)

Vasiliy Kulikov discovered that the Linux kernel sockets implementation did
not properly initialize certain structures. A local attacker could exploit
this to read kernel stack memory, leading to a loss of privacy.
(CVE-2010-3876)

Vasiliy Kulikov discovered that the TIPC interface did not correctly
initialize certain structures. A local attacker could exploit this to read
kernel stack memory, leading to a loss of privacy. (CVE-2010-3877)

Nelson Elhage discovered that the Linux kernel IPv4 implementation did not
properly audit certain bytecodes in netlink messages. A local attacker
could exploit this to cause the kernel to hang, leading to a denial of
service. (CVE-2010-3880)

Dan Rosenberg discovered that IPC structures were not correctly initialized
on 64bit systems. A local attacker could exploit this to read kernel stack
memory, leading to a loss of privacy. (CVE-2010-4073)

Dan Rosenberg discovered that the USB subsystem did not correctly
initialize certian structures. A local attacker could exploit this to read
kernel stack memory, leading to a loss of privacy. (CVE-2010-4074)

Dan Rosenberg discovered that the SiS video driver did not correctly clear
kernel memory. A local attacker could exploit this to read kernel stack
memory, leading to a loss of privacy. (CVE-2010-4078)

Dan Rosenberg discovered that the ivtv V4L driver did not correctly
initialize certian structures. A local attacker could exploit this to read
kernel stack memory, leading to a loss of privacy. (CVE-2010-4079)

Dan Rosenberg discovered that the RME Hammerfall DSP audio interface driver
did not correctly clear kernel memory. A local attacker could exploit this
to read kernel stack memory, leading to a loss of privacy. (CVE-2010-4080,
CVE-2010-4081)

Dan Rosenberg discovered that the VIA video driver did not correctly
clear kernel memory. A local attacker could exploit this to read kernel
stack memory, leading to a loss of privacy. (CVE-2010-4082)

Dan Rosenberg discovered that the semctl syscall did not correctly clear
kernel memory. A local attacker could exploit this to read kernel stack
memory, leading to a loss of privacy. (CVE-2010-4083)

James Bottomley discovered that the ICP vortex storage array controller
driver did not validate certain sizes. A local attacker on a 64bit system
could exploit this to crash the kernel, leading to a denial of service.
(CVE-2010-4157)

Dan Rosenberg discovered that the Linux kernel L2TP implementation
contained multiple integer signedness errors. A local attacker could
exploit this to to crash the kernel, or possibly gain root privileges.
(CVE-2010-4160)

Steve Chen discovered that setsockopt did not correctly check MSS values. A
local attacker could make a specially crafted socket call to crash the
system, leading to a denial of service. (CVE-2010-4165)

Dave Jones discovered that the mprotect system call did not correctly
handle merged VMAs. A local attacker could exploit this to crash the
system, leading to a denial of service. (CVE-2010-4169)

It was discovered that multithreaded exec did not handle CPU timers
correctly. A local attacker could exploit this to crash the system, leading
to a denial of service. (CVE-2010-4248)

Vegard Nossum discovered that memory garbage collection was not handled
correctly for active sockets. A local attacker could exploit this to
allocate all available kernel memory, leading to a denial of service.
(CVE-2010-4249)

===========================================================
Ubuntu Security Notice USN-1072-1 February 25, 2011
linux vulnerabilities
CVE-2010-0435, CVE-2010-2943, CVE-2010-3296, CVE-2010-3297,
CVE-2010-3448, CVE-2010-3698, CVE-2010-3699, CVE-2010-3858,
CVE-2010-3859, CVE-2010-3873, CVE-2010-3875, CVE-2010-3876,
CVE-2010-3877, CVE-2010-3880, CVE-2010-4072, CVE-2010-4074,
CVE-2010-4078, CVE-2010-4079, CVE-2010-4080, CVE-2010-4081,
CVE-2010-4083, CVE-2010-4157, CVE-2010-4160, CVE-2010-4248
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
linux-image-2.6.24-28-386 2.6.24-28.86
linux-image-2.6.24-28-generic 2.6.24-28.86
linux-image-2.6.24-28-hppa32 2.6.24-28.86
linux-image-2.6.24-28-hppa64 2.6.24-28.86
linux-image-2.6.24-28-itanium 2.6.24-28.86
linux-image-2.6.24-28-lpia 2.6.24-28.86
linux-image-2.6.24-28-lpiacompat 2.6.24-28.86
linux-image-2.6.24-28-mckinley 2.6.24-28.86
linux-image-2.6.24-28-openvz 2.6.24-28.86
linux-image-2.6.24-28-powerpc 2.6.24-28.86
linux-image-2.6.24-28-powerpc-smp 2.6.24-28.86
linux-image-2.6.24-28-powerpc64-smp 2.6.24-28.86
linux-image-2.6.24-28-rt 2.6.24-28.86
linux-image-2.6.24-28-server 2.6.24-28.86
linux-image-2.6.24-28-sparc64 2.6.24-28.86
linux-image-2.6.24-28-sparc64-smp 2.6.24-28.86
linux-image-2.6.24-28-virtual 2.6.24-28.86
linux-image-2.6.24-28-xen 2.6.24-28.86

After a standard system update you need to reboot your computer to make
all the necessary changes.

Details follow:

Gleb Napatov discovered that KVM did not correctly check certain privileged
operations. A local attacker with access to a guest kernel could exploit
this to crash the host system, leading to a denial of service.
(CVE-2010-0435)

Dave Chinner discovered that the XFS filesystem did not correctly order
inode lookups when exported by NFS. A remote attacker could exploit this to
read or write disk blocks that had changed file assignment or had become
unlinked, leading to a loss of privacy. (CVE-2010-2943)

Dan Rosenberg discovered that several network ioctls did not clear kernel
memory correctly. A local user could exploit this to read kernel stack
memory, leading to a loss of privacy. (CVE-2010-3296, CVE-2010-3297)

Dan Jacobson discovered that ThinkPad video output was not correctly
access controlled. A local attacker could exploit this to hang the system,
leading to a denial of service. (CVE-2010-3448)

It was discovered that KVM did not correctly initialize certain CPU
registers. A local attacker could exploit this to crash the system,
leading to a denial of service. (CVE-2010-3698)

It was discovered that Xen did not correctly clean up threads. A local
attacker in a guest system could exploit this to exhaust host system
resources, leading to a denial of serivce. (CVE-2010-3699)

Brad Spengler discovered that stack memory for new a process was not
correctly calculated. A local attacker could exploit this to crash the
system, leading to a denial of service. (CVE-2010-3858)

Dan Rosenberg discovered that the Linux kernel TIPC implementation
contained multiple integer signedness errors. A local attacker could
exploit this to gain root privileges. (CVE-2010-3859)

Dan Rosenberg discovered that the Linux kernel X.25 implementation
incorrectly parsed facilities. A remote attacker could exploit this to
crash the kernel, leading to a denial of service. (CVE-2010-3873)

Vasiliy Kulikov discovered that the Linux kernel X.25 implementation did
not correctly clear kernel memory. A local attacker could exploit this to
read kernel stack memory, leading to a loss of privacy. (CVE-2010-3875)

Vasiliy Kulikov discovered that the Linux kernel sockets implementation did
not properly initialize certain structures. A local attacker could exploit
this to read kernel stack memory, leading to a loss of privacy.
(CVE-2010-3876)

Vasiliy Kulikov discovered that the TIPC interface did not correctly
initialize certain structures. A local attacker could exploit this to
read kernel stack memory, leading to a loss of privacy. (CVE-2010-3877)

Nelson Elhage discovered that the Linux kernel IPv4 implementation did not
properly audit certain bytecodes in netlink messages. A local attacker
could exploit this to cause the kernel to hang, leading to a denial of
service. (CVE-2010-3880)

Kees Cook and Vasiliy Kulikov discovered that the shm interface did not
clear kernel memory correctly. A local attacker could exploit this to read
kernel stack memory, leading to a loss of privacy. (CVE-2010-4072)

Dan Rosenberg discovered that the USB subsystem did not correctly
initialize certian structures. A local attacker could exploit this to
read kernel stack memory, leading to a loss of privacy. (CVE-2010-4074)

Dan Rosenberg discovered that the SiS video driver did not correctly clear
kernel memory. A local attacker could exploit this to read kernel stack
memory, leading to a loss of privacy. (CVE-2010-4078)

Dan Rosenberg discovered that the ivtv V4L driver did not correctly
initialize certian structures. A local attacker could exploit this to
read kernel stack memory, leading to a loss of privacy. (CVE-2010-4079)

Dan Rosenberg discovered that the RME Hammerfall DSP audio interface driver
did not correctly clear kernel memory. A local attacker could exploit this
to read kernel stack memory, leading to a loss of privacy. (CVE-2010-4080,
CVE-2010-4081)

Dan Rosenberg discovered that the semctl syscall did not correctly clear
kernel memory. A local attacker could exploit this to read kernel stack
memory, leading to a loss of privacy. (CVE-2010-4083)

James Bottomley discovered that the ICP vortex storage array controller
driver did not validate certain sizes. A local attacker on a 64bit system
could exploit this to crash the kernel, leading to a denial of service.
(CVE-2010-4157)

Dan Rosenberg discovered that the Linux kernel L2TP implementation
contained multiple integer signedness errors. A local attacker could
exploit this to to crash the kernel, or possibly gain root privileges.
(CVE-2010-4160)

It was discovered that multithreaded exec did not handle CPU timers
correctly. A local attacker could exploit this to crash the system,
leading to a denial of service. (CVE-2010-4248)

===========================================================
Ubuntu Security Notice USN-1071-1 February 25, 2011
linux-source-2.6.15 vulnerabilities
CVE-2010-3086, CVE-2010-3859, CVE-2010-3873, CVE-2010-3875,
CVE-2010-3876, CVE-2010-3880, CVE-2010-4078, CVE-2010-4080,
CVE-2010-4081, CVE-2010-4083, CVE-2010-4157, CVE-2010-4160
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
linux-image-2.6.15-55-386 2.6.15-55.93
linux-image-2.6.15-55-686 2.6.15-55.93
linux-image-2.6.15-55-amd64-generic 2.6.15-55.93
linux-image-2.6.15-55-amd64-k8 2.6.15-55.93
linux-image-2.6.15-55-amd64-server 2.6.15-55.93
linux-image-2.6.15-55-amd64-xeon 2.6.15-55.93
linux-image-2.6.15-55-hppa32 2.6.15-55.93
linux-image-2.6.15-55-hppa32-smp 2.6.15-55.93
linux-image-2.6.15-55-hppa64 2.6.15-55.93
linux-image-2.6.15-55-hppa64-smp 2.6.15-55.93
linux-image-2.6.15-55-itanium 2.6.15-55.93
linux-image-2.6.15-55-itanium-smp 2.6.15-55.93
linux-image-2.6.15-55-k7 2.6.15-55.93
linux-image-2.6.15-55-mckinley 2.6.15-55.93
linux-image-2.6.15-55-mckinley-smp 2.6.15-55.93
linux-image-2.6.15-55-powerpc 2.6.15-55.93
linux-image-2.6.15-55-powerpc-smp 2.6.15-55.93
linux-image-2.6.15-55-powerpc64-smp 2.6.15-55.93
linux-image-2.6.15-55-server 2.6.15-55.93
linux-image-2.6.15-55-server-bigiron 2.6.15-55.93
linux-image-2.6.15-55-sparc64 2.6.15-55.93
linux-image-2.6.15-55-sparc64-smp 2.6.15-55.93

After a standard system update you need to reboot your computer to make
all the necessary changes.

Details follow:

Tavis Ormandy discovered that the Linux kernel did not properly implement
exception fixup. A local attacker could exploit this to crash the kernel,
leading to a denial of service. (CVE-2010-3086)

Dan Rosenberg discovered that the Linux kernel TIPC implementation
contained multiple integer signedness errors. A local attacker could
exploit this to gain root privileges. (CVE-2010-3859)

Dan Rosenberg discovered that the Linux kernel X.25 implementation
incorrectly parsed facilities. A remote attacker could exploit this to
crash the kernel, leading to a denial of service. (CVE-2010-3873)

Vasiliy Kulikov discovered that the Linux kernel X.25 implementation did
not correctly clear kernel memory. A local attacker could exploit this to
read kernel stack memory, leading to a loss of privacy. (CVE-2010-3875)

Vasiliy Kulikov discovered that the Linux kernel sockets implementation
did not properly initialize certain structures. A local attacker could
exploit this to read kernel stack memory, leading to a loss of privacy.
(CVE-2010-3876)

Nelson Elhage discovered that the Linux kernel IPv4 implementation did not
properly audit certain bytecodes in netlink messages. A local attacker
could exploit this to cause the kernel to hang, leading to a denial of
service. (CVE-2010-3880)

Dan Rosenberg discovered that the SiS video driver did not correctly clear
kernel memory. A local attacker could exploit this to read kernel stack
memory, leading to a loss of privacy. (CVE-2010-4078)

Dan Rosenberg discovered that the RME Hammerfall DSP audio interface driver
did not correctly clear kernel memory. A local attacker could exploit this
to read kernel stack memory, leading to a loss of privacy. (CVE-2010-4080,
CVE-2010-4081)

Dan Rosenberg discovered that the semctl syscall did not correctly clear
kernel memory. A local attacker could exploit this to read kernel stack
memory, leading to a loss of privacy. (CVE-2010-4083)

James Bottomley discovered that the ICP vortex storage array controller
driver did not validate certain sizes. A local attacker on a 64bit system
could exploit this to crash the kernel, leading to a denial of service.
(CVE-2010-4157)

Dan Rosenberg discovered that the Linux kernel L2TP implementation
contained multiple integer signedness errors. A local attacker could
exploit this to to crash the kernel, or possibly gain root privileges.
(CVE-2010-4160)

===========================================================
Ubuntu Security Notice USN-1070-1 February 23, 2011
bind9 vulnerability
CVE-2011-0414
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 10.10:
libdns66 1:9.7.1.dfsg.P2-2ubuntu0.2

In general, a standard system update will make all the necessary changes.

Details follow:

It was discovered that Bind incorrectly handled IXFR transfers and dynamic
updates while under heavy load when used as an authoritative server. A
remote attacker could use this flaw to cause Bind to stop responding,
resulting in a denial of service.