USN-1594-1: Linux kernel (Oneiric backport) vulnerabilities
Publication date
3 October 2012
Overview
Several security issues were fixed in the kernel.
Releases
Packages
- linux-lts-backport-oneiric - Linux kernel backport from Oneiric
Details
Vadim Ponomarev discovered a flaw in the Linux kernel causing a reference
leak when PID namespaces are used. A remote attacker could exploit this
flaw causing a denial of service. (CVE-2012-2127)
A flaw was found in how the Linux kernel's KVM (Kernel-based Virtual
Machine) subsystem handled MSI (Message Signaled Interrupts). A local
unprivileged user could exploit this flaw to cause a denial of service or
potentially elevate privileges. (CVE-2012-2137)
Mathias Krause discover an error in Linux kernel's Datagram Congestion
Control Protocol (DCCP) Congestion Control Identifier (CCID) use. A local
attack could exploit this flaw to cause a denial of service (crash) and
potentially escalate privileges if the user can mmap page 0.
(CVE-2013-1827)
Vadim Ponomarev discovered a flaw in the Linux kernel causing a reference
leak when PID namespaces are used. A remote attacker could exploit this
flaw causing a denial of service. (CVE-2012-2127)
A flaw was found in how the Linux kernel's KVM (Kernel-based Virtual
Machine) subsystem handled MSI (Message Signaled Interrupts). A local
unprivileged user could exploit this flaw to cause a denial of service or
potentially elevate privileges. (CVE-2012-2137)
Mathias Krause discover an error in Linux kernel's Datagram Congestion
Control Protocol (DCCP) Congestion Control Identifier (CCID) use. A local
attack could exploit this flaw to cause a denial of service (crash) and
potentially escalate privileges if the user can mmap page 0.
(CVE-2013-1827)
Update instructions
After a standard system update you need to reboot your computer to make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 10.04 lucid | linux-image-3.0.0-26-server – 3.0.0-26.43~lucid1 | ||
| linux-image-3.0.0-26-generic – 3.0.0-26.43~lucid1 | |||
| linux-image-3.0.0-26-virtual – 3.0.0-26.43~lucid1 | |||
| linux-image-3.0.0-26-generic-pae – 3.0.0-26.43~lucid1 | |||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.