Home / mailings [USN-2107-1] Linux kernel vulnerabilities
Posted on 19 February 2014
Ubuntu Security==========================
==========================
========================
Ubuntu Security Notice USN-2107-1
February 18, 2014
linux vulnerabilities
==========================
==========================
========================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux: Linux kernel
Details:
A flaw was discovered in the Linux kernel's compat ioctls for Adaptec
AACRAID scsi raid devices. An unprivileged local user could send
administrative commands to these devices potentially compromising the dat=
a
stored on the device. (CVE-2013-6383)
mpd reported an information leak in the recvfrom, recvmmsg, and recvmsg
system calls in the Linux kernel. An unprivileged local user could exploi=
t
this flaw to obtain sensitive information from kernel stack memory.
(CVE-2013-7263)
mpb reported an information leak in the Layer Two Tunneling Protocol (l2t=
p)
of the Linux kernel. A local user could exploit this flaw to obtain
sensitive information from kernel stack memory. (CVE-2013-7264)
mpb reported an information leak in the Phone Network protocol (phonet) i=
n
the Linux kernel. A local user could exploit this flaw to obtain sensitiv=
e
information from kernel stack memory. (CVE-2013-7265)
mpb reported an information leak in the Low-Rate Wireless Personal Area
Networks support (IEEE 802.15.4) in the Linux kernel. A local user could
exploit this flaw to obtain sensitive information from kernel stack memor=
y.
(CVE-2013-7281)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 10.04 LTS:
linux-image-2.6.32-56-386 2.6.32-56.118
linux-image-2.6.32-56-generic 2.6.32-56.118
linux-image-2.6.32-56-generic-pae 2.6.32-56.118
linux-image-2.6.32-56-ia64 2.6.32-56.118
linux-image-2.6.32-56-lpia 2.6.32-56.118
linux-image-2.6.32-56-powerpc 2.6.32-56.118
linux-image-2.6.32-56-powerpc-smp 2.6.32-56.118
linux-image-2.6.32-56-powerpc64-smp 2.6.32-56.118
linux-image-2.6.32-56-preempt 2.6.32-56.118
linux-image-2.6.32-56-server 2.6.32-56.118
linux-image-2.6.32-56-sparc64 2.6.32-56.118
linux-image-2.6.32-56-sparc64-smp 2.6.32-56.118
linux-image-2.6.32-56-versatile 2.6.32-56.118
linux-image-2.6.32-56-virtual 2.6.32-56.118
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic=
,
linux-server, linux-powerpc), a standard system upgrade will automaticall=
y
perform this as well.
References:
http://www.ubuntu.com/usn/usn-2107-1
CVE-2013-6383, CVE-2013-7263, CVE-2013-7264, CVE-2013-7265,
CVE-2013-7281
Package Information:
https://launchpad.net/ubuntu/+source/linux/2.6.32-56.118
