Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

USN-1211-1: Linux kernel vulnerabilities

21 September 2011

Multiple kernel flaws have been fixed.

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Releases

Packages

Details

It was discovered that the /proc filesystem did not correctly handle
permission changes when programs executed. A local attacker could hold open
files to examine details about programs running with higher privileges,
potentially increasing the chances of exploiting additional
vulnerabilities. (CVE-2011-1020)

Dan Rosenberg discovered that the X.25 Rose network stack did not correctly
handle certain fields. If a system was running with Rose enabled, a remote
attacker could send specially crafted traffic to gain root privileges.
(CVE-2011-1493)

Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not
correctly check the origin of mount points. A local attacker could exploit
this to trick the system into unmounting arbitrary mount points, leading to
a denial of service. (CVE-2011-1833)

It was discovered that Bluetooth l2cap and rfcomm did not correctly
initialize structures. A local attacker could exploit this to read portions
of the kernel stack, leading to a loss of privacy. (CVE-2011-2492)

It was discovered that GFS2 did not correctly check block sizes. A local
attacker could exploit this to crash the system, leading to a denial of
service. (CVE-2011-2689)

Fernando Gont discovered that the IPv6 stack used predictable fragment
identification numbers. A remote attacker could exploit this to exhaust
network resources, leading to a denial of service. (CVE-2011-2699)

The performance counter subsystem did not correctly handle certain
counters. A local attacker could exploit this to crash the system, leading
to a denial of service. (CVE-2011-2918)

A flaw was found in the Linux kernel's /proc//map* interface. A local,
unprivileged user could exploit this flaw to cause a denial of service.
(CVE-2011-3637)

Ben Hutchings discovered several flaws in the Linux Rose (X.25 PLP) layer.
A local user or a remote user on an X.25 network could exploit these flaws
to execute arbitrary code as root. (CVE-2011-4914)

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 11.04

After a standard system update you need to reboot your computer to make
all the necessary changes.

Related notices

  • USN-1205-1: linux-image-2.6.35-30-generic, linux-image-2.6.35-30-server, linux-image-2.6.35-30-virtual, linux-image-2.6.35-30-generic-pae, linux-lts-backport-maverick
  • USN-1189-1: linux-image-2.6.24-29-rt, linux-image-2.6.24-29-powerpc, linux-image-2.6.24-29-386, linux-image-2.6.24-29-mckinley, linux-image-2.6.24-29-virtual, linux-image-2.6.24-29-hppa32, linux-image-2.6.24-29-server, linux-image-2.6.24-29-openvz, linux-image-2.6.24-29-hppa64, linux-image-2.6.24-29-xen, linux-image-2.6.24-29-lpia, linux-image-2.6.24-29-sparc64, linux-image-2.6.24-29-sparc64-smp, linux-image-2.6.24-29-itanium, linux-image-2.6.24-29-lpiacompat, linux, linux-image-2.6.24-29-powerpc-smp, linux-image-2.6.24-29-generic, linux-image-2.6.24-29-powerpc64-smp
  • USN-1202-1: linux-ti-omap4, linux-image-2.6.35-903-omap4
  • USN-1203-1: linux-image-2.6.32-218-dove, linux-mvl-dove
  • USN-1218-1: linux-image-2.6.32-34-server, linux, linux-image-2.6.32-34-versatile, linux-image-2.6.32-34-virtual, linux-image-2.6.32-34-powerpc-smp, linux-image-2.6.32-34-powerpc, linux-image-2.6.32-34-powerpc64-smp, linux-image-2.6.32-34-generic-pae, linux-image-2.6.32-34-386, linux-image-2.6.32-34-sparc64, linux-image-2.6.32-34-generic, linux-image-2.6.32-34-preempt, linux-image-2.6.32-34-ia64, linux-image-2.6.32-34-sparc64-smp, linux-image-2.6.32-34-lpia
  • USN-1204-1: linux-fsl-imx51, linux-image-2.6.31-610-imx51
  • USN-1208-1: linux-mvl-dove, linux-image-2.6.32-418-dove
  • USN-1256-1: linux-image-2.6.38-12-generic-pae, linux-image-2.6.38-12-generic, linux-image-2.6.38-12-virtual, linux-image-2.6.38-12-server, linux-lts-backport-natty
  • USN-1201-1: linux-image-2.6.35-30-generic, linux-image-2.6.35-30-powerpc, linux-image-2.6.35-30-server, linux, linux-image-2.6.35-30-versatile, linux-image-2.6.35-30-virtual, linux-image-2.6.35-30-generic-pae, linux-image-2.6.35-30-omap, linux-image-2.6.35-30-powerpc-smp, linux-image-2.6.35-30-powerpc64-smp
  • USN-1212-1: linux-ti-omap4, linux-image-2.6.38-1209-omap4
  • USN-1216-1: linux-ec2, linux-image-2.6.32-318-ec2
  • USN-1219-1: linux-image-2.6.35-30-generic, linux-image-2.6.35-30-server, linux-image-2.6.35-30-virtual, linux-image-2.6.35-30-generic-pae, linux-lts-backport-maverick
  • USN-1253-1: linux-image-2.6.32-35-preempt, linux-image-2.6.32-35-sparc64-smp, linux, linux-image-2.6.32-35-powerpc, linux-image-2.6.32-35-powerpc64-smp, linux-image-2.6.32-35-generic, linux-image-2.6.32-35-ia64, linux-image-2.6.32-35-server, linux-image-2.6.32-35-sparc64, linux-image-2.6.32-35-virtual, linux-image-2.6.32-35-versatile, linux-image-2.6.32-35-lpia, linux-image-2.6.32-35-generic-pae, linux-image-2.6.32-35-powerpc-smp, linux-image-2.6.32-35-386
  • USN-1239-1: linux-ec2, linux-image-2.6.32-319-ec2
  • USN-1188-1: ecryptfs-utils
  • USN-1227-1: linux-image-2.6.35-30-generic, linux-image-2.6.35-30-powerpc, linux-image-2.6.35-30-server, linux, linux-image-2.6.35-30-versatile, linux-image-2.6.35-30-virtual, linux-image-2.6.35-30-generic-pae, linux-image-2.6.35-30-omap, linux-image-2.6.35-30-powerpc-smp, linux-image-2.6.35-30-powerpc64-smp
  • USN-1240-1: linux-image-2.6.32-219-dove, linux-mvl-dove
  • USN-1245-1: linux-mvl-dove, linux-image-2.6.32-419-dove
  • USN-1225-1: linux-image-2.6.24-29-rt, linux-image-2.6.24-29-powerpc, linux-image-2.6.24-29-386, linux-image-2.6.24-29-mckinley, linux-image-2.6.24-29-virtual, linux-image-2.6.24-29-hppa32, linux-image-2.6.24-29-server, linux-image-2.6.24-29-openvz, linux-image-2.6.24-29-hppa64, linux-image-2.6.24-29-xen, linux-image-2.6.24-29-lpia, linux-image-2.6.24-29-sparc64, linux-image-2.6.24-29-sparc64-smp, linux-image-2.6.24-29-itanium, linux-image-2.6.24-29-lpiacompat, linux, linux-image-2.6.24-29-powerpc-smp, linux-image-2.6.24-29-generic, linux-image-2.6.24-29-powerpc64-smp