SecurityHome.eu [USN-2070-1] Linux kernel (Saucy HWE) vulnerabilities

Home / mailings PDF

[USN-2070-1] Linux kernel (Saucy HWE) vulnerabilities
Posted on 03 January 2014
Ubuntu Security
==========================
==========================
========================
Ubuntu Security Notice USN-2070-1
January 03, 2014

linux-lts-saucy vulnerabilities
==========================
==========================
========================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux-lts-saucy: Linux hardware enablement kernel from Saucy

Details:

Vasily Kulikov reported a flaw in the Linux kernel's implementation of
ptrace. An unprivileged local user could exploit this flaw to obtain
sensitive information from kernel memory. (CVE-2013-2929)

Dave Jones and Vince Weaver reported a flaw in the Linux kernel's per eve=
nt
subsystem that allows normal users to enable function tracing. An
unprivileged local user could exploit this flaw to obtain potentially
sensitive information from the kernel. (CVE-2013-2930)

Stephan Mueller reported an error in the Linux kernel's ansi cprng random=

number generator. This flaw makes it easier for a local attacker to break=

cryptographic protections. (CVE-2013-4345)

Jason Wang discovered a bug in the network flow dissector in the Linux
kernel. A remote attacker could exploit this flaw to cause a denial of
service (infinite loop). (CVE-2013-4348)

Multiple integer overflow flaws were discovered in the Alchemy LCD frame-=

buffer drivers in the Linux kernel. An unprivileged local user could
exploit this flaw to gain administrative privileges. (CVE-2013-4511)

Nico Golde and Fabian Yamaguchi reported a buffer overflow in the Ozmo
Devices USB over WiFi devices. A local user could exploit this flaw to
cause a denial of service or possibly unspecified impact. (CVE-2013-4513)=

Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's
driver for Agere Systems HERMES II Wireless PC Cards. A local user with t=
he
CAP_NET_ADMIN capability could exploit this flaw to cause a denial of
service or possibly gain adminstrative priviliges. (CVE-2013-4514)

Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's
driver for Beceem WIMAX chipset based devices. An unprivileged local user=

could exploit this flaw to obtain sensitive information from kernel memor=
y.
(CVE-2013-4515)

Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's
driver for the SystemBase Multi-2/PCI serial card. An unprivileged user
could obtain sensitive information from kernel memory. (CVE-2013-4516)

Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's
debugfs filesystem. An administrative local user could exploit this flaw =
to
cause a denial of service (OOPS). (CVE-2013-6378)

Nico Golde and Fabian Yamaguchi reported a flaw in the driver for Adaptec=

AACRAID scsi raid devices in the Linux kernel. A local user could use thi=
s
flaw to cause a denial of service or possibly other unspecified impact.
(CVE-2013-6380)

A flaw was discovered in the Linux kernel's compat ioctls for Adaptec
AACRAID scsi raid devices. An unprivileged local user could send
administrative commands to these devices potentially compromising the dat=
a
stored on the device. (CVE-2013-6383)

Nico Golde reported a flaw in the Linux kernel's userspace IO (uio) drive=
r.
A local user could exploit this flaw to cause a denial of service (memory=

corruption) or possibly gain privileges. (CVE-2013-6763)

A race condition flaw was discovered in the Linux kernel's ipc shared
memory implimentation. A local user could exploit this flaw to cause a
denial of service (system crash) or possibly have unspecied other impacts=
=2E
(CVE-2013-7026)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
linux-image-3.11.0-15-generic 3.11.0-15.23~precise1
linux-image-3.11.0-15-generic-lpae 3.11.0-15.23~precise1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic=
,
linux-server, linux-powerpc), a standard system upgrade will automaticall=
y
perform this as well.

References:
http://www.ubuntu.com/usn/usn-2070-1
CVE-2013-2929, CVE-2013-2930, CVE-2013-4345, CVE-2013-4348,
CVE-2013-4511, CVE-2013-4513, CVE-2013-4514, CVE-2013-4515,
CVE-2013-4516, CVE-2013-6378, CVE-2013-6380, CVE-2013-6383,
CVE-2013-6763, CVE-2013-7026

Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-saucy/3.11.0-15.23~preci=
se1

TOP

Mailings :

Last 20

Exploits :

Last 20