-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJRGoh6AAoJEAUvNnAY1cPYMM4P+QGN9FaQNIvyPLxKhGvXdbp/
CrE9iZafpnROtIV6ysc3fVKD5m9Dx0DmrvuQ3QU6oFRTbC1fMQFJ1El6Vb7H88cx
unywDFGFYoLIrLM9NvuC6wyd2QNMp1jesWBy580cI5a1sv8I4Kh3cozikeqm/wdm
bBdR9Mzao89kUn6tWw93OVkSk4n7o2Hlwq5EhplMRHbQ7PmIwQodn95j8neb4lcN
2W/JRRrFTYmqr01BF00B7EQKxpk7TYaRy01DEMVmY8uCdPYKYMwBU3I652H4qGX6
+T2U9iK8d7EqGSIEl3R7ZjLzjEPL6zUVEwMTOZGgfme4MCktqg3mJvd2s6xn1EAM
59DFKI5HTmEIWxcmkcEnw3tjFvdGnNmc8VAVIsVqWXM9bmt2zHtCFPWJtqVAnCMq
Duq9NczUVayjNPgfgGKGVEvycvp6PB5lNeePMhKogZyqfDU4Thg+D09E3bHQxeaL
4H+WiOsRYbZYgYmNUXP8h7O/qvL9OJPoOfwXKNZe1Vt+8uQ/OLVvafeFVEuIwHIF
3V0ZjiWu2RrdSvvlrwQZSFXUHb6au7sucFhfCw/OoA36AWnAHeS5jbzDSuH39AKr
6MZRJkctZWmzYFqXW0aZIH53/P2tjRJy4+WhfBzPB5SsuIP1+NNA2tXrGFE4gMC9
ukjeJhJ+VKTqF/4TDatf
=tj14
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1719-1
February 12, 2013
linux-lts-backport-oneiric vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux-lts-backport-oneiric: Linux kernel backport from Oneiric
Details:
It was discovered that hypervkvpd, which is distributed in the Linux
kernel, was not correctly validating the origin on Netlink messages. An
untrusted local user can cause a denial of service of Linux guests in
Hyper-V virtualization environments. (CVE-2012-2669)
Dmitry Monakhov reported a race condition flaw the Linux ext4 filesystem
that can expose stale data. An unprivileged user could exploit this flaw to
cause an information leak. (CVE-2012-4508)
Andrew Cooper of Citrix reported a Xen stack corruption in the Linux
kernel. An unprivileged user in a 32bit PVOPS guest can cause the guest
kernel to crash, or operate erroneously. (CVE-2013-0190)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 10.04 LTS:
linux-image-3.0.0-31-generic 3.0.0-31.48~lucid1
linux-image-3.0.0-31-generic-pae 3.0.0-31.48~lucid1
linux-image-3.0.0-31-server 3.0.0-31.48~lucid1
linux-image-3.0.0-31-virtual 3.0.0-31.48~lucid1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References:
http://www.ubuntu.com/usn/usn-1719-1
CVE-2012-2669, CVE-2012-4508, CVE-2013-0190
Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-backport-oneiric/3.0.0-31.48~lucid1
No comments:
Post a Comment