USN-1539-1: Linux kernel (Oneiric backport) vulnerabilities
Publication date
14 August 2012
Overview
Several security issues were fixed in the kernel.
Releases
Packages
- linux-lts-backport-oneiric - Linux kernel backport from Oneiric
Details
An error was discovered in the Linux kernel's network TUN/TAP device
implementation. A local user with access to the TUN/TAP interface (which is
not available to unprivileged users until granted by a root user) could
exploit this flaw to crash the system or potential gain administrative
privileges. (CVE-2012-2136)
Ulrich Obergfell discovered an error in the Linux kernel's memory
management subsystem on 32 bit PAE systems with more than 4GB of memory
installed. A local unprivileged user could exploit this flaw to crash the
system. (CVE-2012-2373)
An error was discovered in the Linux kernel's memory subsystem (hugetlb).
An unprivileged local user could exploit this flaw to cause a denial of
service (crash the system). (CVE-2012-2390)
A flaw was discovered in the Linux kernel's epoll system call....
An error was discovered in the Linux kernel's network TUN/TAP device
implementation. A local user with access to the TUN/TAP interface (which is
not available to unprivileged users until granted by a root user) could
exploit this flaw to crash the system or potential gain administrative
privileges. (CVE-2012-2136)
Ulrich Obergfell discovered an error in the Linux kernel's memory
management subsystem on 32 bit PAE systems with more than 4GB of memory
installed. A local unprivileged user could exploit this flaw to crash the
system. (CVE-2012-2373)
An error was discovered in the Linux kernel's memory subsystem (hugetlb).
An unprivileged local user could exploit this flaw to cause a denial of
service (crash the system). (CVE-2012-2390)
A flaw was discovered in the Linux kernel's epoll system call. An
unprivileged local user could use this flaw to crash the system.
(CVE-2012-3375)
Some errors where discovered in the Linux kernel's UDF file system, which
is used to mount some CD-ROMs and DVDs. An unprivileged local user could
use these flaws to crash the system. (CVE-2012-3400)
A flaw was discovered in the madvise feature of the Linux kernel's memory
subsystem. An unprivileged local use could exploit the flaw to cause a
denial of service (crash the system). (CVE-2012-3511)
Update instructions
After a standard system update you need to reboot your computer to make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 10.04 lucid | linux-image-3.0.0-24-server – 3.0.0-24.40~lucid1 | ||
| linux-image-3.0.0-24-generic – 3.0.0-24.40~lucid1 | |||
| linux-image-3.0.0-24-virtual – 3.0.0-24.40~lucid1 | |||
| linux-image-3.0.0-24-generic-pae – 3.0.0-24.40~lucid1 | |||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.
References
Related notices
- USN-1598-1
- USN-1577-1
- USN-1574-1
- USN-1573-1
- USN-1572-1
- USN-1567-1
- USN-1562-1
- USN-1557-1
- USN-1556-1
- USN-1555-1
- USN-1598-1
- USN-1577-1
- USN-1574-1
- USN-1573-1
- USN-1572-1
- USN-1567-1
- USN-1562-1
- USN-1557-1
- USN-1556-1
- USN-1555-1
- USN-1538-1
- USN-1535-1
- USN-1534-1
- USN-1533-1
- USN-1532-1
- USN-1531-1
- USN-1530-1
- USN-1529-1
- USN-1515-1
- USN-1514-1
- USN-1508-1
Have additional questions?