Home / mailings [USN-1808-1] Linux kernel (EC2) vulnerabilities
Posted on 25 April 2013
Ubuntu Security==========================
==========================
========================
Ubuntu Security Notice USN-1808-1
April 25, 2013
linux-ec2 vulnerabilities
==========================
==========================
========================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux-ec2: Linux kernel for EC2
Details:
Mathias Krause discovered an information leak in the Linux kernel's
getsockname implementation for Logical Link Layer (llc) sockets. A local
user could exploit this flaw to examine some of the kernel's stack memory=
=2E
(CVE-2012-6542)
Mathias Krause discovered information leaks in the Linux kernel's Bluetoo=
th
Logical Link Control and Adaptation Protocol (L2CAP) implementation. A
local user could exploit these flaws to examine some of the kernel's stac=
k
memory. (CVE-2012-6544)
Mathias Krause discovered information leaks in the Linux kernel's Bluetoo=
th
RFCOMM protocol implementation. A local user could exploit these flaws to=
examine parts of kernel memory. (CVE-2012-6545)
Mathias Krause discovered information leaks in the Linux kernel's
Asynchronous Transfer Mode (ATM) networking stack. A local user could
exploit these flaws to examine some parts of kernel memory. (CVE-2012-654=
6)
Mathias Krause discovered an information leak in the Linux kernel's UDF
file system implementation. A local user could exploit this flaw to exami=
ne
some of the kernel's heap memory. (CVE-2012-6548)
Andrew Jones discovered a flaw with the xen_iret function in Linux kernel=
's
Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged
guest OS user could exploit this flaw to cause a denial of service (crash=
the system) or gain guest OS privilege. (CVE-2013-0228)
An information leak was discovered in the Linux kernel's Bluetooth stack
when HIDP (Human Interface Device Protocol) support is enabled. A local
unprivileged user could exploit this flaw to cause an information leak fr=
om
the kernel. (CVE-2013-0349)
A flaw was discovered in the Edgeort USB serial converter driver when the=
device is disconnected while it is in use. A local user could exploit thi=
s
flaw to cause a denial of service (system crash). (CVE-2013-1774)
Andrew Honig discovered a flaw in guest OS time updates in the Linux
kernel's KVM (Kernel-based Virtual Machine). A privileged guest user coul=
d
exploit this flaw to cause a denial of service (crash host system) or
potential escalate privilege to the host kernel level. (CVE-2013-1796)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 10.04 LTS:
linux-image-2.6.32-351-ec2 2.6.32-351.64
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1808-1
CVE-2012-6542, CVE-2012-6544, CVE-2012-6545, CVE-2012-6546,
CVE-2012-6548, CVE-2013-0228, CVE-2013-0349, CVE-2013-1774,
CVE-2013-1796
Package Information:
https://launchpad.net/ubuntu/+source/linux-ec2/2.6.32-351.64
--------------060808020701010802080500
Content-Type: text/plain; charset=UTF-8;
name="Attached Message Part"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="Attached Message Part"
--------------060808020701010802080500--
------------
