USN-1236-1: Linux kernel vulnerabilities
20 October 2011
Multiple kernel flaws have been fixed.
Releases
Packages
- linux - Linux kernel
Details
It was discovered that the Auerswald usb driver incorrectly handled lengths
of the USB string descriptors. A local attacker with physical access could
insert a specially crafted USB device and gain root privileges.
(CVE-2009-4067)
It was discovered that the Stream Control Transmission Protocol (SCTP)
implementation incorrectly calculated lengths. If the net.sctp.addip_enable
variable was turned on, a remote attacker could send specially crafted
traffic to crash the system. (CVE-2011-1573)
Vasiliy Kulikov discovered that taskstats did not enforce access
restrictions. A local attacker could exploit this to read certain
information, leading to a loss of privacy. (CVE-2011-2494)
Vasiliy Kulikov discovered that /proc/PID/io did not enforce access
restrictions. A local attacker could exploit this to read certain
information, leading to a loss of privacy. (CVE-2011-2495)
Dan Kaminsky discovered that the kernel incorrectly handled random sequence
number generation. An attacker could use this flaw to possibly predict
sequence numbers and inject packets. (CVE-2011-3188)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 8.04
-
linux-image-2.6.24-29-sparc64
-
2.6.24-29.95
-
linux-image-2.6.24-29-rt
-
2.6.24-29.95
-
linux-image-2.6.24-29-386
-
2.6.24-29.95
-
linux-image-2.6.24-29-itanium
-
2.6.24-29.95
-
linux-image-2.6.24-29-hppa32
-
2.6.24-29.95
-
linux-image-2.6.24-29-openvz
-
2.6.24-29.95
-
linux-image-2.6.24-29-generic
-
2.6.24-29.95
-
linux-image-2.6.24-29-xen
-
2.6.24-29.95
-
linux-image-2.6.24-29-powerpc
-
2.6.24-29.95
-
linux-image-2.6.24-29-powerpc-smp
-
2.6.24-29.95
-
linux-image-2.6.24-29-hppa64
-
2.6.24-29.95
-
linux-image-2.6.24-29-server
-
2.6.24-29.95
-
linux-image-2.6.24-29-powerpc64-smp
-
2.6.24-29.95
-
linux-image-2.6.24-29-lpia
-
2.6.24-29.95
-
linux-image-2.6.24-29-virtual
-
2.6.24-29.95
-
linux-image-2.6.24-29-mckinley
-
2.6.24-29.95
-
linux-image-2.6.24-29-sparc64-smp
-
2.6.24-29.95
-
linux-image-2.6.24-29-lpiacompat
-
2.6.24-29.95
After a standard system update you need to reboot your computer to make
all the necessary changes.
Related notices
- USN-1241-1: linux-image-2.6.31-611-imx51, linux-fsl-imx51
- USN-1243-1: linux-image-2.6.35-30-virtual, linux-image-2.6.35-30-powerpc-smp, linux-image-2.6.35-30-server, linux-image-2.6.35-30-versatile, linux, linux-image-2.6.35-30-omap, linux-image-2.6.35-30-powerpc64-smp, linux-image-2.6.35-30-powerpc, linux-image-2.6.35-30-generic, linux-image-2.6.35-30-generic-pae
- USN-1253-1: linux-image-2.6.32-35-386, linux-image-2.6.32-35-preempt, linux-image-2.6.32-35-versatile, linux-image-2.6.32-35-sparc64, linux, linux-image-2.6.32-35-powerpc64-smp, linux-image-2.6.32-35-generic-pae, linux-image-2.6.32-35-virtual, linux-image-2.6.32-35-generic, linux-image-2.6.32-35-server, linux-image-2.6.32-35-sparc64-smp, linux-image-2.6.32-35-ia64, linux-image-2.6.32-35-powerpc-smp, linux-image-2.6.32-35-powerpc, linux-image-2.6.32-35-lpia
- USN-1239-1: linux-ec2, linux-image-2.6.32-319-ec2
- USN-1281-1: linux-image-2.6.38-1209-omap4, linux-ti-omap4
- USN-1285-1: linux-image-2.6.38-13-powerpc-smp, linux-image-2.6.38-13-generic-pae, linux-image-2.6.38-13-versatile, linux, linux-image-2.6.38-13-powerpc64-smp, linux-image-2.6.38-13-server, linux-image-2.6.38-13-omap, linux-image-2.6.38-13-virtual, linux-image-2.6.38-13-generic, linux-image-2.6.38-13-powerpc
- USN-1279-1: linux-image-2.6.38-13-generic-pae, linux-image-2.6.38-13-server, linux-lts-backport-natty, linux-image-2.6.38-13-virtual, linux-image-2.6.38-13-generic
- USN-1244-1: linux-image-2.6.35-903-omap4, linux-ti-omap4
- USN-1240-1: linux-image-2.6.32-219-dove, linux-mvl-dove
- USN-1245-1: linux-image-2.6.32-419-dove, linux-mvl-dove
- USN-1242-1: linux-image-2.6.35-30-virtual, linux-lts-backport-maverick, linux-image-2.6.35-30-server, linux-image-2.6.35-30-generic, linux-image-2.6.35-30-generic-pae
- USN-1228-1: linux-image-2.6.38-1209-omap4, linux-ti-omap4
- USN-1246-1: linux-image-2.6.38-12-powerpc, linux-image-2.6.38-12-virtual, linux-image-2.6.38-12-powerpc-smp, linux-image-2.6.38-12-generic-pae, linux, linux-image-2.6.38-12-omap, linux-image-2.6.38-12-generic, linux-image-2.6.38-12-server, linux-image-2.6.38-12-powerpc64-smp, linux-image-2.6.38-12-versatile
- USN-1220-1: linux-image-2.6.35-903-omap4, linux-ti-omap4
- USN-1256-1: linux-image-2.6.38-12-virtual, linux-image-2.6.38-12-generic-pae, linux-image-2.6.38-12-generic, linux-lts-backport-natty, linux-image-2.6.38-12-server
- USN-1294-1: linux-image-3.0.0-13-virtual, linux-image-3.0.0-13-generic, linux-image-3.0.0-13-server, linux-image-3.0.0-13-generic-pae, linux-lts-backport-oneiric
- USN-1275-1: linux-image-3.0.0-13-powerpc, linux-image-3.0.0-13-omap, linux-image-3.0.0-13-powerpc-smp, linux, linux-image-3.0.0-13-virtual, linux-image-3.0.0-13-generic, linux-image-3.0.0-13-server, linux-image-3.0.0-13-generic-pae, linux-image-3.0.0-13-powerpc64-smp
- USN-1260-1: linux-ti-omap4, linux-image-3.0.0-1206-omap4
- USN-1141-1: linux-image-2.6.32-32-powerpc64-smp, linux-image-2.6.32-32-versatile, linux, linux-image-2.6.32-32-sparc64-smp, linux-image-2.6.32-32-virtual, linux-image-2.6.32-32-386, linux-image-2.6.32-32-generic, linux-image-2.6.32-32-ia64, linux-image-2.6.32-32-lpia, linux-image-2.6.32-32-preempt, linux-ec2, linux-image-2.6.32-32-generic-pae, linux-image-2.6.32-32-powerpc, linux-image-2.6.32-316-ec2, linux-image-2.6.32-32-server, linux-image-2.6.32-32-sparc64, linux-image-2.6.32-32-powerpc-smp
- USN-1162-1: linux-image-2.6.32-217-dove, linux-mvl-dove
- USN-1159-1: linux-image-2.6.32-417-dove, linux-mvl-dove