Home / mailings [USN-2071-1] Linux kernel vulnerabilities
Posted on 03 January 2014
Ubuntu Security==========================
==========================
========================
Ubuntu Security Notice USN-2071-1
January 03, 2014
linux vulnerabilities
==========================
==========================
========================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.10
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux: Linux kernel
Details:
Dave Jones and Vince Weaver reported a flaw in the Linux kernel's per eve=
nt
subsystem that allows normal users to enable function tracing. An
unprivileged local user could exploit this flaw to obtain potentially
sensitive information from the kernel. (CVE-2013-2930)
Stephan Mueller reported an error in the Linux kernel's ansi cprng random=
number generator. This flaw makes it easier for a local attacker to break=
cryptographic protections. (CVE-2013-4345)
Multiple integer overflow flaws were discovered in the Alchemy LCD frame-=
buffer drivers in the Linux kernel. An unprivileged local user could
exploit this flaw to gain administrative privileges. (CVE-2013-4511)
Nico Golde and Fabian Yamaguchi reported a buffer overflow in the Ozmo
Devices USB over WiFi devices. A local user could exploit this flaw to
cause a denial of service or possibly unspecified impact. (CVE-2013-4513)=
Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's
driver for Agere Systems HERMES II Wireless PC Cards. A local user with t=
he
CAP_NET_ADMIN capability could exploit this flaw to cause a denial of
service or possibly gain adminstrative priviliges. (CVE-2013-4514)
Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's
driver for Beceem WIMAX chipset based devices. An unprivileged local user=
could exploit this flaw to obtain sensitive information from kernel memor=
y.
(CVE-2013-4515)
A flaw was discovered in the Linux kernel's compat ioctls for Adaptec
AACRAID scsi raid devices. An unprivileged local user could send
administrative commands to these devices potentially compromising the dat=
a
stored on the device. (CVE-2013-6383)
Nico Golde reported a flaw in the Linux kernel's userspace IO (uio) drive=
r.
A local user could exploit this flaw to cause a denial of service (memory=
corruption) or possibly gain privileges. (CVE-2013-6763)
Evan Huus reported a buffer overflow in the Linux kernel's radiotap heade=
r
parsing. A remote attacker could cause a denial of service (buffer over-
read) via a specially crafted header. (CVE-2013-7027)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.10:
linux-image-3.5.0-45-generic 3.5.0-45.68
linux-image-3.5.0-45-highbank 3.5.0-45.68
linux-image-3.5.0-45-omap 3.5.0-45.68
linux-image-3.5.0-45-powerpc-smp 3.5.0-45.68
linux-image-3.5.0-45-powerpc64-smp 3.5.0-45.68
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic=
,
linux-server, linux-powerpc), a standard system upgrade will automaticall=
y
perform this as well.
References:
http://www.ubuntu.com/usn/usn-2071-1
CVE-2013-2930, CVE-2013-4345, CVE-2013-4511, CVE-2013-4513,
CVE-2013-4514, CVE-2013-4515, CVE-2013-6383, CVE-2013-6763,
CVE-2013-7027
Package Information:
https://launchpad.net/ubuntu/+source/linux/3.5.0-45.68
