Tuesday, December 3, 2013

USN-2036-1: Linux kernel vulnerabilities

Ubuntu Security Notice USN-2036-1


3rd December, 2013


linux vulnerabilities


A security issue affects these releases of Ubuntu and its derivatives:



  • Ubuntu 10.04 LTS


Summary


Several security issues were fixed in the kernel.


Software description



  • linux - Linux kernel


Details


A flaw was discovered in the Linux kernel's KVM (kernel virtual machine).

An administrative user in the guest OS could leverage this flaw to cause a

denial of service in the host OS. (CVE-2012-2121)


Multiple integer overflow flaws where discovered in the Alchemy LCD frame-

buffer drivers in the Linux kernel. An unprivileged local user could

exploit this flaw to gain administrative privileges. (CVE-2013-4511)


Update instructions


The problem can be corrected by updating your system to the following package version:



Ubuntu 10.04 LTS:

linux-image-2.6.32-54-preempt 2.6.32-54.116

linux-image-2.6.32-54-powerpc-smp 2.6.32-54.116

linux-image-2.6.32-54-ia64 2.6.32-54.116

linux-image-2.6.32-54-generic-pae 2.6.32-54.116

linux-image-2.6.32-54-generic 2.6.32-54.116

linux-image-2.6.32-54-virtual 2.6.32-54.116

linux-image-2.6.32-54-lpia 2.6.32-54.116

linux-image-2.6.32-54-386 2.6.32-54.116

linux-image-2.6.32-54-sparc64-smp 2.6.32-54.116

linux-image-2.6.32-54-sparc64 2.6.32-54.116

linux-image-2.6.32-54-powerpc 2.6.32-54.116

linux-image-2.6.32-54-powerpc64-smp 2.6.32-54.116

linux-image-2.6.32-54-server 2.6.32-54.116

linux-image-2.6.32-54-versatile 2.6.32-54.116


To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.


After a standard system update you need to reboot your computer to make

all the necessary changes.


ATTENTION: Due to an unavoidable ABI change the kernel updates have

been given a new version number, which requires you to recompile and

reinstall all third party kernel modules you might have installed. If

you use linux-restricted-modules, you have to update that package as

well to get modules which work with the new kernel version. Unless you

manually uninstalled the standard kernel metapackages (e.g. linux-generic,

linux-server, linux-powerpc), a standard system upgrade will automatically

perform this as well.


References


CVE-2012-2121, CVE-2013-4511






via Ubuntu Security Notices http://www.ubuntu.com/usn/usn-2036-1/
Posted by at
Labels: ,

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)