1. Ubuntu Security Notices
  2. USN-1337-1

USN-1337-1: Linux kernel (Natty backport) vulnerabilities

Publication date

23 January 2012

Overview

Several security issues were fixed in the kernel.

Releases

Packages

Details

Peter Huewe discovered an information leak in the handling of reading
security-related TPM data. A local, unprivileged user could read the
results of a previous TPM command. (CVE-2011-1162)

Clement Lecigne discovered a bug in the HFS filesystem. A local attacker
could exploit this to cause a kernel oops. (CVE-2011-2203)

A flaw was found in how the Linux kernel handles user-defined key types. An
unprivileged local user could exploit this to crash the system.
(CVE-2011-4110)

Peter Huewe discovered an information leak in the handling of reading
security-related TPM data. A local, unprivileged user could read the
results of a previous TPM command. (CVE-2011-1162)

Clement Lecigne discovered a bug in the HFS filesystem. A local attacker
could exploit this to cause a kernel oops. (CVE-2011-2203)

A flaw was found in how the Linux kernel handles user-defined key types. An
unprivileged local user could exploit this to crash the system.
(CVE-2011-4110)

Update instructions

After a standard system update you need to reboot your computer to make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
10.04 lucid linux-image-2.6.38-13-virtual –  2.6.38-13.54~lucid1
linux-image-2.6.38-13-server –  2.6.38-13.54~lucid1
linux-image-2.6.38-13-generic-pae –  2.6.38-13.54~lucid1
linux-image-2.6.38-13-generic –  2.6.38-13.54~lucid1

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›