Ubuntu alert USN-1236-1 (linux)
| From: | Marc Deslauriers <marc.deslauriers@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-1236-1] Linux kernel vulnerabilities | |
| Date: | Thu, 20 Oct 2011 16:41:06 -0400 | |
| Message-ID: | <1319143266.22929.21.camel@mdlinux> |
========================================================================== Ubuntu Security Notice USN-1236-1 October 20, 2011 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 8.04 LTS Summary: Multiple kernel flaws have been fixed. Software Description: - linux: Linux kernel Details: It was discovered that the Auerswald usb driver incorrectly handled lengths of the USB string descriptors. A local attacker with physical access could insert a specially crafted USB device and gain root privileges. (CVE-2009-4067) It was discovered that the Stream Control Transmission Protocol (SCTP) implementation incorrectly calculated lengths. If the net.sctp.addip_enable variable was turned on, a remote attacker could send specially crafted traffic to crash the system. (CVE-2011-1573) Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2494) Vasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2495) Dan Kaminsky discovered that the kernel incorrectly handled random sequence number generation. An attacker could use this flaw to possibly predict sequence numbers and inject packets. (CVE-2011-3188) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 8.04 LTS: linux-image-2.6.24-29-386 2.6.24-29.95 linux-image-2.6.24-29-generic 2.6.24-29.95 linux-image-2.6.24-29-hppa32 2.6.24-29.95 linux-image-2.6.24-29-hppa64 2.6.24-29.95 linux-image-2.6.24-29-itanium 2.6.24-29.95 linux-image-2.6.24-29-lpia 2.6.24-29.95 linux-image-2.6.24-29-lpiacompat 2.6.24-29.95 linux-image-2.6.24-29-mckinley 2.6.24-29.95 linux-image-2.6.24-29-openvz 2.6.24-29.95 linux-image-2.6.24-29-powerpc 2.6.24-29.95 linux-image-2.6.24-29-powerpc-smp 2.6.24-29.95 linux-image-2.6.24-29-powerpc64-smp 2.6.24-29.95 linux-image-2.6.24-29-rt 2.6.24-29.95 linux-image-2.6.24-29-server 2.6.24-29.95 linux-image-2.6.24-29-sparc64 2.6.24-29.95 linux-image-2.6.24-29-sparc64-smp 2.6.24-29.95 linux-image-2.6.24-29-virtual 2.6.24-29.95 linux-image-2.6.24-29-xen 2.6.24-29.95 After a standard system update you need to reboot your computer to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1236-1 CVE-2009-4067, CVE-2011-1573, CVE-2011-2494, CVE-2011-2495, CVE-2011-3188 Package Information: https://launchpad.net/ubuntu/+source/linux/2.6.24-29.95 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security...