Home / mailingsPDF  

[USN-2108-1] Linux kernel (EC2) vulnerabilities

Posted on 19 February 2014
Ubuntu Security

==========================
==========================
========================
Ubuntu Security Notice USN-2108-1
February 18, 2014

linux-ec2 vulnerabilities
==========================
==========================
========================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux-ec2: Linux kernel for EC2

Details:

A flaw was discovered in the Linux kernel's compat ioctls for Adaptec
AACRAID scsi raid devices. An unprivileged local user could send
administrative commands to these devices potentially compromising the dat=
a
stored on the device. (CVE-2013-6383)

mpd reported an information leak in the recvfrom, recvmmsg, and recvmsg
system calls in the Linux kernel. An unprivileged local user could exploi=
t
this flaw to obtain sensitive information from kernel stack memory.
(CVE-2013-7263)

mpb reported an information leak in the Layer Two Tunneling Protocol (l2t=
p)
of the Linux kernel. A local user could exploit this flaw to obtain
sensitive information from kernel stack memory. (CVE-2013-7264)

mpb reported an information leak in the Phone Network protocol (phonet) i=
n
the Linux kernel. A local user could exploit this flaw to obtain sensitiv=
e
information from kernel stack memory. (CVE-2013-7265)

mpb reported an information leak in the Low-Rate Wireless Personal Area
Networks support (IEEE 802.15.4) in the Linux kernel. A local user could
exploit this flaw to obtain sensitive information from kernel stack memor=
y.
(CVE-2013-7281)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.04 LTS:
linux-image-2.6.32-361-ec2 2.6.32-361.74

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic=
,
linux-server, linux-powerpc), a standard system upgrade will automaticall=
y
perform this as well.

References:
http://www.ubuntu.com/usn/usn-2108-1
CVE-2013-6383, CVE-2013-7263, CVE-2013-7264, CVE-2013-7265,
CVE-2013-7281

Package Information:
https://launchpad.net/ubuntu/+source/linux-ec2/2.6.32-361.74

 

TOP

Mailings :

Exploits :