Home / mailings [USN-2075-1] Linux kernel vulnerabilities
Posted on 03 January 2014
Ubuntu Security==========================
==========================
========================
Ubuntu Security Notice USN-2075-1
January 03, 2014
linux vulnerabilities
==========================
==========================
========================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.10
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux: Linux kernel
Details:
Vasily Kulikov reported a flaw in the Linux kernel's implementation of
ptrace. An unprivileged local user could exploit this flaw to obtain
sensitive information from kernel memory. (CVE-2013-2929)
Dave Jones and Vince Weaver reported a flaw in the Linux kernel's per eve=
nt
subsystem that allows normal users to enable function tracing. An
unprivileged local user could exploit this flaw to obtain potentially
sensitive information from the kernel. (CVE-2013-2930)
Stephan Mueller reported an error in the Linux kernel's ansi cprng random=
number generator. This flaw makes it easier for a local attacker to break=
cryptographic protections. (CVE-2013-4345)
Jason Wang discovered a bug in the network flow dissector in the Linux
kernel. A remote attacker could exploit this flaw to cause a denial of
service (infinite loop). (CVE-2013-4348)
Multiple integer overflow flaws were discovered in the Alchemy LCD frame-=
buffer drivers in the Linux kernel. An unprivileged local user could
exploit this flaw to gain administrative privileges. (CVE-2013-4511)
Nico Golde and Fabian Yamaguchi reported a buffer overflow in the Ozmo
Devices USB over WiFi devices. A local user could exploit this flaw to
cause a denial of service or possibly unspecified impact. (CVE-2013-4513)=
Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's
driver for Agere Systems HERMES II Wireless PC Cards. A local user with t=
he
CAP_NET_ADMIN capability could exploit this flaw to cause a denial of
service or possibly gain adminstrative priviliges. (CVE-2013-4514)
Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's
driver for Beceem WIMAX chipset based devices. An unprivileged local user=
could exploit this flaw to obtain sensitive information from kernel memor=
y.
(CVE-2013-4515)
Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's
driver for the SystemBase Multi-2/PCI serial card. An unprivileged user
could obtain sensitive information from kernel memory. (CVE-2013-4516)
Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's
debugfs filesystem. An administrative local user could exploit this flaw =
to
cause a denial of service (OOPS). (CVE-2013-6378)
Nico Golde and Fabian Yamaguchi reported a flaw in the driver for Adaptec=
AACRAID scsi raid devices in the Linux kernel. A local user could use thi=
s
flaw to cause a denial of service or possibly other unspecified impact.
(CVE-2013-6380)
A flaw was discovered in the Linux kernel's compat ioctls for Adaptec
AACRAID scsi raid devices. An unprivileged local user could send
administrative commands to these devices potentially compromising the dat=
a
stored on the device. (CVE-2013-6383)
Nico Golde reported a flaw in the Linux kernel's userspace IO (uio) drive=
r.
A local user could exploit this flaw to cause a denial of service (memory=
corruption) or possibly gain privileges. (CVE-2013-6763)
A race condition flaw was discovered in the Linux kernel's ipc shared
memory implimentation. A local user could exploit this flaw to cause a
denial of service (system crash) or possibly have unspecied other impacts=
=2E
(CVE-2013-7026)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.10:
linux-image-3.11.0-15-generic 3.11.0-15.23
linux-image-3.11.0-15-generic-lpae 3.11.0-15.23
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic=
,
linux-server, linux-powerpc), a standard system upgrade will automaticall=
y
perform this as well.
References:
http://www.ubuntu.com/usn/usn-2075-1
CVE-2013-2929, CVE-2013-2930, CVE-2013-4345, CVE-2013-4348,
CVE-2013-4511, CVE-2013-4513, CVE-2013-4514, CVE-2013-4515,
CVE-2013-4516, CVE-2013-6378, CVE-2013-6380, CVE-2013-6383,
CVE-2013-6763, CVE-2013-7026
Package Information:
https://launchpad.net/ubuntu/+source/linux/3.11.0-15.23
