Home / mailings [USN-2066-1] Linux kernel vulnerabilities
Posted on 03 January 2014
Ubuntu Security==========================
==========================
========================
Ubuntu Security Notice USN-2066-1
January 03, 2014
linux vulnerabilities
==========================
==========================
========================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux: Linux kernel
Details:
A flaw was discovered in the Linux kernel's dm snapshot facility. A remot=
e
authenticated user could exploit this flaw to obtain sensitive informatio=
n
or modify/corrupt data. (CVE-2013-4299)
Hannes Frederic Sowa discovered a flaw in the Linux kernel's UDP
Fragmentation Offload (UFO). An unprivileged local user could exploit thi=
s
flaw to cause a denial of service (system crash) or possibly gain
administrative privileges. (CVE-2013-4470)
Multiple integer overflow flaws were discovered in the Alchemy LCD frame-=
buffer drivers in the Linux kernel. An unprivileged local user could
exploit this flaw to gain administrative privileges. (CVE-2013-4511)
Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's
driver for Agere Systems HERMES II Wireless PC Cards. A local user with t=
he
CAP_NET_ADMIN capability could exploit this flaw to cause a denial of
service or possibly gain adminstrative priviliges. (CVE-2013-4514)
Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's
driver for Beceem WIMAX chipset based devices. An unprivileged local user=
could exploit this flaw to obtain sensitive information from kernel memor=
y.
(CVE-2013-4515)
A flaw in the handling of memory regions of the kernel virtual machine
(KVM) subsystem was discovered. A local user with the ability to assign a=
device could exploit this flaw to cause a denial of service (memory
consumption). (CVE-2013-4592)
Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's
debugfs filesystem. An administrative local user could exploit this flaw =
to
cause a denial of service (OOPS). (CVE-2013-6378)
A flaw was discovered in the Linux kernel's compat ioctls for Adaptec
AACRAID scsi raid devices. An unprivileged local user could send
administrative commands to these devices potentially compromising the dat=
a
stored on the device. (CVE-2013-6383)
Nico Golde reported a flaw in the Linux kernel's userspace IO (uio) drive=
r.
A local user could exploit this flaw to cause a denial of service (memory=
corruption) or possibly gain privileges. (CVE-2013-6763)
Evan Huus reported a buffer overflow in the Linux kernel's radiotap heade=
r
parsing. A remote attacker could cause a denial of service (buffer over-
read) via a specially crafted header. (CVE-2013-7027)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
linux-image-3.2.0-58-generic 3.2.0-58.88
linux-image-3.2.0-58-generic-pae 3.2.0-58.88
linux-image-3.2.0-58-highbank 3.2.0-58.88
linux-image-3.2.0-58-omap 3.2.0-58.88
linux-image-3.2.0-58-powerpc-smp 3.2.0-58.88
linux-image-3.2.0-58-powerpc64-smp 3.2.0-58.88
linux-image-3.2.0-58-virtual 3.2.0-58.88
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic=
,
linux-server, linux-powerpc), a standard system upgrade will automaticall=
y
perform this as well.
References:
http://www.ubuntu.com/usn/usn-2066-1
CVE-2013-4299, CVE-2013-4470, CVE-2013-4511, CVE-2013-4514,
CVE-2013-4515, CVE-2013-4592, CVE-2013-6378, CVE-2013-6383,
CVE-2013-6763, CVE-2013-7027
Package Information:
https://launchpad.net/ubuntu/+source/linux/3.2.0-58.88
