-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJRY3NXAAoJEAUvNnAY1cPYYEcP/ijb/Hss+uLFaJ8DfDo8pxpN
qy2lZfk1og9n2Y0OfxLR3OgoaUtwShOOPSQHh6doHn5USP20KfvIiRPI2wJ72Ddj
5PvDm+VXoydIU1d3+vhipBjqDuDAUORd0K5u50AsNB0Vpc3sYVAn81ElX1q5Zf3J
z2DqHCUyLUsBJq0WaUrNgNYxNF35CAkJyRpt5Np5aec+N5yYvYOTFFIgcBqXsD3f
6q5o9S+6WUuOGDjO0YTGMSLYwAlTsZlekAsaCmTMTW2xj5MMqZYmz2Gh5E5YKCLq
+BZrQv8F1hH9qLkLNGZ72FTvYcmEYUrDvX+L+7osxPUOeNyb41fHRk69wLZa3kxW
EYCXXdD5DPk06Z3m+tFl9+mrI08EzT0EDgyz+BwO1/XFafvlRstsAADD5nk0leOh
KljU2WzzP5JWdGq/X73nL3AdMjTvKBXOiFszIWnArRlaVSK0uz4X7FfAA2mOeKEC
JpKvUXo5cHdgVyqMhIESo8KHk46fg6w5Jqwe/JPR1xk7nMEv7c6YjQor+nXe6Vce
4buCaaD6kpwkmcj5MxHAWsf2psPRsrlqNDxSMBzdtnSXm6+VgahbOay4I0oc2yZ3
xhlVWoEAgmpTbyKQQTVnqZ9qRO3BlHIjxYHIPNmCDtxOCtrFLhxhRnVBaE1U8g67
r54bH1kK/xxaUQ7Gus6+
=sJOE
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1798-1
April 09, 2013
linux-ec2 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux-ec2: Linux kernel for EC2
Details:
Mathias Krause discovered several errors in the Linux kernel's xfrm_user
implementation. A local attacker could exploit these flaws to examine parts
of kernel memory. (CVE-2012-6537)
Mathias Krause discovered information leak in the Linux kernel's compat
ioctl interface. A local user could exploit the flaw to examine parts of
kernel stack memory (CVE-2012-6539)
Mathias Krause discovered an information leak in the Linux kernel's
getsockopt for IP_VS_SO_GET_TIMEOUT. A local user could exploit this flaw
to examine parts of kernel stack memory. (CVE-2012-6540)
Emese Revfy discovered that in the Linux kernel signal handlers could leak
address information across an exec, making it possible to by pass ASLR
(Address Space Layout Randomization). A local user could use this flaw to
by pass ASLR to reliably deliver an exploit payload that would otherwise be
stopped (by ASLR). (CVE-2013-0914)
A memory use after free error was discover in the Linux kernel's tmpfs
filesystem. A local user could exploit this flaw to gain privileges or
cause a denial of service (system crash). (CVE-2013-1767)
Mateusz Guzik discovered a race in the Linux kernel's keyring. A local user
could exploit this flaw to cause a denial of service (system crash).
(CVE-2013-1792)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 10.04 LTS:
linux-image-2.6.32-351-ec2 2.6.32-351.63
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1798-1
CVE-2012-6537, CVE-2012-6539, CVE-2012-6540, CVE-2013-0914,
CVE-2013-1767, CVE-2013-1792
Package Information:
https://launchpad.net/ubuntu/+source/linux-ec2/2.6.32-351.63
No comments:
Post a Comment