USN-1205-1: Linux kernel (Maverick backport) vulnerabilities
Publication date
13 September 2011
Overview
Multiple kernel flaws have been fixed.
Releases
Packages
- linux-lts-backport-maverick - Linux kernel backport from Maverick
Details
It was discovered that the /proc filesystem did not correctly handle
permission changes when programs executed. A local attacker could hold open
files to examine details about programs running with higher privileges,
potentially increasing the chances of exploiting additional
vulnerabilities. (CVE-2011-1020)
Dan Rosenberg discovered that the X.25 Rose network stack did not correctly
handle certain fields. If a system was running with Rose enabled, a remote
attacker could send specially crafted traffic to gain root privileges.
(CVE-2011-1493)
Dan Rosenberg discovered that the DCCP stack did not correctly handle
certain packet structures. A remote attacker could exploit this to crash
the system, leading to a denial of service. (CVE-2011-1770)
Vasiliy Kulikov discovered that taskstats listeners were not...
It was discovered that the /proc filesystem did not correctly handle
permission changes when programs executed. A local attacker could hold open
files to examine details about programs running with higher privileges,
potentially increasing the chances of exploiting additional
vulnerabilities. (CVE-2011-1020)
Dan Rosenberg discovered that the X.25 Rose network stack did not correctly
handle certain fields. If a system was running with Rose enabled, a remote
attacker could send specially crafted traffic to gain root privileges.
(CVE-2011-1493)
Dan Rosenberg discovered that the DCCP stack did not correctly handle
certain packet structures. A remote attacker could exploit this to crash
the system, leading to a denial of service. (CVE-2011-1770)
Vasiliy Kulikov discovered that taskstats listeners were not correctly
handled. A local attacker could expoit this to exhaust memory and CPU
resources, leading to a denial of service. (CVE-2011-2484)
It was discovered that Bluetooth l2cap and rfcomm did not correctly
initialize structures. A local attacker could exploit this to read portions
of the kernel stack, leading to a loss of privacy. (CVE-2011-2492)
A flaw was found in the Linux kernel's /proc//map* interface. A local,
unprivileged user could exploit this flaw to cause a denial of service.
(CVE-2011-3637)
Ben Hutchings discovered several flaws in the Linux Rose (X.25 PLP) layer.
A local user or a remote user on an X.25 network could exploit these flaws
to execute arbitrary code as root. (CVE-2011-4914)
Update instructions
After a standard system update you need to reboot your computer to make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 10.04 lucid | linux-image-2.6.35-30-generic-pae – 2.6.35-30.59~lucid1 | ||
| linux-image-2.6.35-30-server – 2.6.35-30.59~lucid1 | |||
| linux-image-2.6.35-30-generic – 2.6.35-30.59~lucid1 | |||
| linux-image-2.6.35-30-virtual – 2.6.35-30.59~lucid1 | |||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.
References
Related notices
- USN-1256-1
- USN-1218-1
- USN-1216-1
- USN-1212-1
- USN-1211-1
- USN-1208-1
- USN-1204-1
- USN-1203-1
- USN-1202-1
- USN-1201-1
- USN-1256-1
- USN-1218-1
- USN-1216-1
- USN-1212-1
- USN-1211-1
- USN-1208-1
- USN-1204-1
- USN-1203-1
- USN-1202-1
- USN-1201-1
- USN-1193-1
- USN-1189-1
- USN-1186-1
- USN-1168-1
- USN-1167-1
- USN-1162-1
- USN-1161-1
- USN-1159-1