Home / mailings [USN-2073-1] Linux kernel vulnerabilities
Posted on 03 January 2014
Ubuntu Security==========================
==========================
========================
Ubuntu Security Notice USN-2073-1
January 03, 2014
linux vulnerabilities
==========================
==========================
========================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.04
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux: Linux kernel
Details:
Hannes Frederic Sowa discovered a flaw in the Linux kernel's UDP
Fragmentation Offload (UFO). An unprivileged local user could exploit thi=
s
flaw to cause a denial of service (system crash) or possibly gain
administrative privileges. (CVE-2013-4470)
Multiple integer overflow flaws were discovered in the Alchemy LCD frame-=
buffer drivers in the Linux kernel. An unprivileged local user could
exploit this flaw to gain administrative privileges. (CVE-2013-4511)
Nico Golde and Fabian Yamaguchi reported a buffer overflow in the Ozmo
Devices USB over WiFi devices. A local user could exploit this flaw to
cause a denial of service or possibly unspecified impact. (CVE-2013-4513)=
Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's
driver for Agere Systems HERMES II Wireless PC Cards. A local user with t=
he
CAP_NET_ADMIN capability could exploit this flaw to cause a denial of
service or possibly gain adminstrative priviliges. (CVE-2013-4514)
Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's
driver for Beceem WIMAX chipset based devices. An unprivileged local user=
could exploit this flaw to obtain sensitive information from kernel memor=
y.
(CVE-2013-4515)
Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's
driver for the SystemBase Multi-2/PCI serial card. An unprivileged user
could obtain sensitive information from kernel memory. (CVE-2013-4516)
A flaw was discovered in the Linux kernel's compat ioctls for Adaptec
AACRAID scsi raid devices. An unprivileged local user could send
administrative commands to these devices potentially compromising the dat=
a
stored on the device. (CVE-2013-6383)
Nico Golde reported a flaw in the Linux kernel's userspace IO (uio) drive=
r.
A local user could exploit this flaw to cause a denial of service (memory=
corruption) or possibly gain privileges. (CVE-2013-6763)
Evan Huus reported a buffer overflow in the Linux kernel's radiotap heade=
r
parsing. A remote attacker could cause a denial of service (buffer over-
read) via a specially crafted header. (CVE-2013-7027)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.04:
linux-image-3.8.0-35-generic 3.8.0-35.50
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic=
,
linux-server, linux-powerpc), a standard system upgrade will automaticall=
y
perform this as well.
References:
http://www.ubuntu.com/usn/usn-2073-1
CVE-2013-4470, CVE-2013-4511, CVE-2013-4513, CVE-2013-4514,
CVE-2013-4515, CVE-2013-4516, CVE-2013-6383, CVE-2013-6763,
CVE-2013-7027
Package Information:
https://launchpad.net/ubuntu/+source/linux/3.8.0-35.50
