1. Ubuntu Security Notices
  2. USN-1133-1

USN-1133-1: Linux kernel vulnerabilities

Publication date

24 May 2011

Overview

Multiple flaws in the Linux kernel.

Releases

Packages

Details

Nelson Elhage discovered that Econet did not correctly handle AUN packets
over UDP. A local attacker could send specially crafted traffic to crash
the system, leading to a denial of service. (CVE-2010-4342)

Dan Rosenberg discovered that the OSS subsystem did not handle name
termination correctly. A local attacker could exploit this crash the system
or gain root privileges. (CVE-2010-4527)

Dan Rosenberg discovered that IRDA did not correctly check the size of
buffers. On non-x86 systems, a local attacker could exploit this to read
kernel heap memory, leading to a loss of privacy. (CVE-2010-4529)

Dan Carpenter discovered that the TTPCI DVB driver did not check certain
values during an ioctl. If the dvb-ttpci module was loaded, a local
attacker could exploit this to crash the system, leading to a denial...

Nelson Elhage discovered that Econet did not correctly handle AUN packets
over UDP. A local attacker could send specially crafted traffic to crash
the system, leading to a denial of service. (CVE-2010-4342)

Dan Rosenberg discovered that the OSS subsystem did not handle name
termination correctly. A local attacker could exploit this crash the system
or gain root privileges. (CVE-2010-4527)

Dan Rosenberg discovered that IRDA did not correctly check the size of
buffers. On non-x86 systems, a local attacker could exploit this to read
kernel heap memory, leading to a loss of privacy. (CVE-2010-4529)

Dan Carpenter discovered that the TTPCI DVB driver did not check certain
values during an ioctl. If the dvb-ttpci module was loaded, a local
attacker could exploit this to crash the system, leading to a denial of
service, or possibly gain root privileges. (CVE-2011-0521)

Update instructions

After a standard system update you need to reboot your computer to make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
8.04 hardy linux-image-2.6.24-29-sparc64 –  2.6.24-29.89
linux-image-2.6.24-29-rt –  2.6.24-29.89
linux-image-2.6.24-29-386 –  2.6.24-29.89
linux-image-2.6.24-29-itanium –  2.6.24-29.89
linux-image-2.6.24-29-hppa32 –  2.6.24-29.89
linux-image-2.6.24-29-openvz –  2.6.24-29.89
linux-image-2.6.24-29-generic –  2.6.24-29.89
linux-image-2.6.24-29-xen –  2.6.24-29.89
linux-image-2.6.24-29-powerpc –  2.6.24-29.89
linux-image-2.6.24-29-powerpc-smp –  2.6.24-29.89
linux-image-2.6.24-29-hppa64 –  2.6.24-29.89
linux-image-2.6.24-29-server –  2.6.24-29.89
linux-image-2.6.24-29-powerpc64-smp –  2.6.24-29.89
linux-image-2.6.24-29-lpia –  2.6.24-29.89
linux-image-2.6.24-29-virtual –  2.6.24-29.89
linux-image-2.6.24-29-mckinley –  2.6.24-29.89
linux-image-2.6.24-29-sparc64-smp –  2.6.24-29.89
linux-image-2.6.24-29-lpiacompat –  2.6.24-29.89

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›