[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20110308235329.GL1681@outflux.net>
Date: Tue, 8 Mar 2011 15:53:29 -0800
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [USN-1086-1] Linux kernel (EC2) vulnerabilities
===========================================================
Ubuntu Security Notice USN-1086-1 March 08, 2011
linux-ec2 vulnerabilities
CVE-2010-4076, CVE-2010-4077, CVE-2010-4158, CVE-2010-4163,
CVE-2010-4175
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 10.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 10.04 LTS:
linux-image-2.6.32-314-ec2 2.6.32-314.27
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
Details follow:
Dan Rosenberg discovered that multiple terminal ioctls did not correctly
initialize structure memory. A local attacker could exploit this to
read portions of kernel stack memory, leading to a loss of privacy.
(CVE-2010-4076, CVE-2010-4077)
Dan Rosenberg discovered that the socket filters did not correctly
initialize structure memory. A local attacker could create malicious
filters to read portions of kernel stack memory, leading to a loss of
privacy. (CVE-2010-4158)
Dan Rosenberg discovered that the SCSI subsystem did not correctly
validate iov segments. A local attacker with access to a SCSI device
could send specially crafted requests to crash the system, leading to
a denial of service. (CVE-2010-4163)
Dan Rosenberg discovered that the RDS protocol did not correctly check
ioctl arguments. A local attacker could exploit this to crash the system,
leading to a denial of service. (CVE-2010-4175)
Updated packages for Ubuntu 10.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-ec2_2.6.32-314.27.diff.gz
Size/MD5: 9075603 3b5ed62eef9ba6d5e63ca59a308035c8
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-ec2_2.6.32-314.27.dsc
Size/MD5: 2104 71e44d7e3a2422e18abc0039f50f5002
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-ec2_2.6.32.orig.tar.gz
Size/MD5: 81900940 4b1f6f6fac43a23e783079db589fc7e2
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-ec2-doc_2.6.32-314.27_all.deb
Size/MD5: 6434392 09281aaccdce3fe2c4d70a0913ec5e49
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-ec2-source-2.6.32_2.6.32-314.27_all.deb
Size/MD5: 68171196 7048f33fb28bc4a5f7634b12499b492d
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-headers-2.6.32-314_2.6.32-314.27_all.deb
Size/MD5: 10046624 a385860922eb209c56960edbd4874134
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-headers-2.6.32-314-ec2_2.6.32-314.27_amd64.deb
Size/MD5: 693912 7528587b27dbfe734761131cb0efb493
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-image-2.6.32-314-ec2_2.6.32-314.27_amd64.deb
Size/MD5: 20035640 bcc35c559c339452498c0b90a5e240bc
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-headers-2.6.32-314-ec2_2.6.32-314.27_i386.deb
Size/MD5: 659440 a75036c9ba32e477f202074a0b02f606
http://security.ubuntu.com/ubuntu/pool/main/l/linux-ec2/linux-image-2.6.32-314-ec2_2.6.32-314.27_i386.deb
Size/MD5: 19234330 cd15dca40624901035313331878edf98
Download attachment "signature.asc" of type "application/pgp-signature" (875 bytes)
Powered by blists - more mailing lists