-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJReOG9AAoJEAUvNnAY1cPYh6IP/jzkeRvmqarbUbpvRNbAnRK6
LY1NmgF7E6Gy0GdrunWnYNbHG94mDw6lEEtJXUSn6EFizJx0hiHU7T09rPPGth7E
zGaqpVLnmwLmSSsMZZ27M3vCraS6YBzHF8J4U5xkKNxJ+DKLWgcrEUFlFlOSfQhH
4RP8nccnmMRN+9uKeWS7NRsBjYjvCpO6nht7hfQzTMiNUOxu/NZ+RskpZbxZeF+z
8smNpkaN9Qg4l7ybzuebc0aNdfhC5ZwmzG1/ANspoJxyMnVOxJRgo+z8u6TSrOCN
LaXfSTxZgY0hHeObB+XJgNUhxVhMuqmt1sE1iwV1Axw34tkxoTbTLWqju6tP055J
flmhi3GDYvlKKBYwh4uI6r2O42bWZXxx/U763x30b36PDdsW11wdEddN8vBBfhsz
u+rHa0JKvSxCyoZVAvM+YpNZIdSfl4hsnNudMw4T6Td7ZnaQn7Ld2uclgS5OBjl0
xI44QLanmWpVbzSvBW5rokdrbFncC667ZF82i/TfhY9zzTvaRC1kIC14IiQ8UqC1
Ps+PjfGpeozpVDo446o9Xhh0l2Kv2bxGdwS/nbdS/9hgNOHu+4gHi0sl+JOHAr2p
Rlh/W7iX70yw00bPsrxsewvem9eh9eiAVGL9R4fVPK6Fom1N8IaNwbflm6wz8Mnl
w9hMKMUkczwmujhEm0wU
=275x
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1808-1
April 25, 2013
linux-ec2 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux-ec2: Linux kernel for EC2
Details:
Mathias Krause discovered an information leak in the Linux kernel's
getsockname implementation for Logical Link Layer (llc) sockets. A local
user could exploit this flaw to examine some of the kernel's stack memory.
(CVE-2012-6542)
Mathias Krause discovered information leaks in the Linux kernel's Bluetooth
Logical Link Control and Adaptation Protocol (L2CAP) implementation. A
local user could exploit these flaws to examine some of the kernel's stack
memory. (CVE-2012-6544)
Mathias Krause discovered information leaks in the Linux kernel's Bluetooth
RFCOMM protocol implementation. A local user could exploit these flaws to
examine parts of kernel memory. (CVE-2012-6545)
Mathias Krause discovered information leaks in the Linux kernel's
Asynchronous Transfer Mode (ATM) networking stack. A local user could
exploit these flaws to examine some parts of kernel memory. (CVE-2012-6546)
Mathias Krause discovered an information leak in the Linux kernel's UDF
file system implementation. A local user could exploit this flaw to examine
some of the kernel's heap memory. (CVE-2012-6548)
Andrew Jones discovered a flaw with the xen_iret function in Linux kernel's
Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged
guest OS user could exploit this flaw to cause a denial of service (crash
the system) or gain guest OS privilege. (CVE-2013-0228)
An information leak was discovered in the Linux kernel's Bluetooth stack
when HIDP (Human Interface Device Protocol) support is enabled. A local
unprivileged user could exploit this flaw to cause an information leak from
the kernel. (CVE-2013-0349)
A flaw was discovered in the Edgeort USB serial converter driver when the
device is disconnected while it is in use. A local user could exploit this
flaw to cause a denial of service (system crash). (CVE-2013-1774)
Andrew Honig discovered a flaw in guest OS time updates in the Linux
kernel's KVM (Kernel-based Virtual Machine). A privileged guest user could
exploit this flaw to cause a denial of service (crash host system) or
potential escalate privilege to the host kernel level. (CVE-2013-1796)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 10.04 LTS:
linux-image-2.6.32-351-ec2 2.6.32-351.64
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1808-1
CVE-2012-6542, CVE-2012-6544, CVE-2012-6545, CVE-2012-6546,
CVE-2012-6548, CVE-2013-0228, CVE-2013-0349, CVE-2013-1774,
CVE-2013-1796
Package Information:
https://launchpad.net/ubuntu/+source/linux-ec2/2.6.32-351.64
No comments:
Post a Comment