USN-1236-1: Linux kernel vulnerabilities
20 October 2011
Multiple kernel flaws have been fixed.
Releases
Packages
- linux - Linux kernel
Details
It was discovered that the Auerswald usb driver incorrectly handled lengths
of the USB string descriptors. A local attacker with physical access could
insert a specially crafted USB device and gain root privileges.
(CVE-2009-4067)
It was discovered that the Stream Control Transmission Protocol (SCTP)
implementation incorrectly calculated lengths. If the net.sctp.addip_enable
variable was turned on, a remote attacker could send specially crafted
traffic to crash the system. (CVE-2011-1573)
Vasiliy Kulikov discovered that taskstats did not enforce access
restrictions. A local attacker could exploit this to read certain
information, leading to a loss of privacy. (CVE-2011-2494)
Vasiliy Kulikov discovered that /proc/PID/io did not enforce access
restrictions. A local attacker could exploit this to read certain
information, leading to a loss of privacy. (CVE-2011-2495)
Dan Kaminsky discovered that the kernel incorrectly handled random sequence
number generation. An attacker could use this flaw to possibly predict
sequence numbers and inject packets. (CVE-2011-3188)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 8.04
-
linux-image-2.6.24-29-sparc64
-
2.6.24-29.95
-
linux-image-2.6.24-29-rt
-
2.6.24-29.95
-
linux-image-2.6.24-29-386
-
2.6.24-29.95
-
linux-image-2.6.24-29-itanium
-
2.6.24-29.95
-
linux-image-2.6.24-29-hppa32
-
2.6.24-29.95
-
linux-image-2.6.24-29-openvz
-
2.6.24-29.95
-
linux-image-2.6.24-29-generic
-
2.6.24-29.95
-
linux-image-2.6.24-29-xen
-
2.6.24-29.95
-
linux-image-2.6.24-29-powerpc
-
2.6.24-29.95
-
linux-image-2.6.24-29-powerpc-smp
-
2.6.24-29.95
-
linux-image-2.6.24-29-hppa64
-
2.6.24-29.95
-
linux-image-2.6.24-29-server
-
2.6.24-29.95
-
linux-image-2.6.24-29-powerpc64-smp
-
2.6.24-29.95
-
linux-image-2.6.24-29-lpia
-
2.6.24-29.95
-
linux-image-2.6.24-29-virtual
-
2.6.24-29.95
-
linux-image-2.6.24-29-mckinley
-
2.6.24-29.95
-
linux-image-2.6.24-29-sparc64-smp
-
2.6.24-29.95
-
linux-image-2.6.24-29-lpiacompat
-
2.6.24-29.95
After a standard system update you need to reboot your computer to make
all the necessary changes.