LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 21st, 2014
Linux Security Week: November 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: 1074-2: Linux kernel vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu USN-1074-1 fixed vulnerabilities in linux-fsl-imx51 in Ubuntu 9.10. Thisupdate provides the corresponding updates for Ubuntu 10.04. [More...]
===========================================================
Ubuntu Security Notice USN-1074-2         February 28, 2011
linux-fsl-imx51 vulnerabilities
CVE-2009-4895, CVE-2010-2066, CVE-2010-2226, CVE-2010-2248,
CVE-2010-2478, CVE-2010-2495, CVE-2010-2521, CVE-2010-2524,
CVE-2010-2538, CVE-2010-2798, CVE-2010-2942, CVE-2010-2943,
CVE-2010-2946, CVE-2010-2954, CVE-2010-2955, CVE-2010-2962,
CVE-2010-2963, CVE-2010-3015, CVE-2010-3067, CVE-2010-3078,
CVE-2010-3079, CVE-2010-3080, CVE-2010-3081, CVE-2010-3084,
CVE-2010-3296, CVE-2010-3297, CVE-2010-3298, CVE-2010-3301,
CVE-2010-3310, CVE-2010-3432, CVE-2010-3437, CVE-2010-3442,
CVE-2010-3448, CVE-2010-3477, CVE-2010-3698, CVE-2010-3705,
CVE-2010-3848, CVE-2010-3849, CVE-2010-3850, CVE-2010-3858,
CVE-2010-3861, CVE-2010-3904, CVE-2010-4072, CVE-2010-4073,
CVE-2010-4074, CVE-2010-4078, CVE-2010-4079, CVE-2010-4165,
CVE-2010-4169, CVE-2010-4249
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 10.04 LTS:
  linux-image-2.6.31-608-imx51    2.6.31-608.22

After a standard system update you need to reboot your computer to make
all the necessary changes.

Details follow:

USN-1074-1 fixed vulnerabilities in linux-fsl-imx51 in Ubuntu 9.10. This
update provides the corresponding updates for Ubuntu 10.04.

Original advisory details:

 Al Viro discovered a race condition in the TTY driver. A local attacker
 could exploit this to crash the system, leading to a denial of service.
 (CVE-2009-4895)
 
 Dan Rosenberg discovered that the MOVE_EXT ext4 ioctl did not correctly
 check file permissions. A local attacker could overwrite append-only files,
 leading to potential data loss. (CVE-2010-2066)
 
 Dan Rosenberg discovered that the swapexit xfs ioctl did not correctly
 check file permissions. A local attacker could exploit this to read from
 write-only files, leading to a loss of privacy. (CVE-2010-2226)
 
 Gael Delalleu, Rafal Wojtczuk, and Brad Spengler discovered that the memory
 manager did not properly handle when applications grow stacks into adjacent
 memory regions. A local attacker could exploit this to gain control of
 certain applications, potentially leading to privilege escalation, as
 demonstrated in attacks against the X server. (CVE-2010-2240)
 
 Suresh Jayaraman discovered that CIFS did not correctly validate certain
 response packats. A remote attacker could send specially crafted traffic
 that would crash the system, leading to a denial of service.
 (CVE-2010-2248)
 
 Ben Hutchings discovered that the ethtool interface did not correctly check
 certain sizes. A local attacker could perform malicious ioctl calls that
 could crash the system, leading to a denial of service. (CVE-2010-2478,
 CVE-2010-3084)
 
 James Chapman discovered that L2TP did not correctly evaluate checksum
 capabilities. If an attacker could make malicious routing changes, they
 could crash the system, leading to a denial of service. (CVE-2010-2495)
 
 Neil Brown discovered that NFSv4 did not correctly check certain write
 requests. A remote attacker could send specially crafted traffic that could
 crash the system or possibly gain root privileges. (CVE-2010-2521)
 
 David Howells discovered that DNS resolution in CIFS could be spoofed. A
 local attacker could exploit this to control DNS replies, leading to a loss
 of privacy and possible privilege escalation. (CVE-2010-2524)
 
 Dan Rosenberg discovered that the btrfs filesystem did not correctly
 validate permissions when using the clone function. A local attacker could
 overwrite the contents of file handles that were opened for append-only, or
 potentially read arbitrary contents, leading to a loss of privacy. Only
 Ubuntu 9.10 was affected. (CVE-2010-2538)
 
 Bob Peterson discovered that GFS2 rename operations did not correctly
 validate certain sizes. A local attacker could exploit this to crash the
 system, leading to a denial of service. (CVE-2010-2798)
 
 Kees Cook discovered that under certain situations the ioctl subsystem for
 DRM did not properly sanitize its arguments. A local attacker could exploit
 this to read previously freed kernel memory, leading to a loss of privacy.
 (CVE-2010-2803)
 
 Eric Dumazet discovered that many network functions could leak kernel stack
 contents. A local attacker could exploit this to read portions of kernel
 memory, leading to a loss of privacy. (CVE-2010-2942, CVE-2010-3477)
 
 Dave Chinner discovered that the XFS filesystem did not correctly order
 inode lookups when exported by NFS. A remote attacker could exploit this to
 read or write disk blocks that had changed file assignment or had become
 unlinked, leading to a loss of privacy. (CVE-2010-2943)
 
 Sergey Vlasov discovered that JFS did not correctly handle certain extended
 attributes. A local attacker could bypass namespace access rules, leading
 to a loss of privacy. (CVE-2010-2946)
 
 Tavis Ormandy discovered that the IRDA subsystem did not correctly shut
 down. A local attacker could exploit this to cause the system to crash or
 possibly gain root privileges. (CVE-2010-2954)
 
 Brad Spengler discovered that the wireless extensions did not correctly
 validate certain request sizes. A local attacker could exploit this to read
 portions of kernel memory, leading to a loss of privacy. (CVE-2010-2955)
 
 Ben Hawkes discovered an integer overflow in the Controller Area Network
 (CVE-2010-2959)
 
 Kees Cook discovered that the Intel i915 graphics driver did not correctly
 validate memory regions. A local attacker with access to the video card
 could read and write arbitrary kernel memory to gain root privileges.
 Ubuntu 10.10 was not affected. (CVE-2010-2962)
 
 Kees Cook discovered that the V4L1 32bit compat interface did not correctly
 validate certain parameters. A local attacker on a 64bit system with access
 to a video device could exploit this to gain root privileges.
 (CVE-2010-2963)
 
 Toshiyuki Okajima discovered that ext4 did not correctly check certain
 parameters. A local attacker could exploit this to crash the system or
 overwrite the last block of large files. (CVE-2010-3015)
 
 Tavis Ormandy discovered that the AIO subsystem did not correctly validate
 certain parameters. A local attacker could exploit this to crash the system
 or possibly gain root privileges. (CVE-2010-3067)
 
 Dan Rosenberg discovered that certain XFS ioctls leaked kernel stack
 contents. A local attacker could exploit this to read portions of kernel
 memory, leading to a loss of privacy. (CVE-2010-3078)
 
 Robert Swiecki discovered that ftrace did not correctly handle mutexes. A
 local attacker could exploit this to crash the kernel, leading to a denial
 of service. (CVE-2010-3079)
 
 Tavis Ormandy discovered that the OSS sequencer device did not correctly
 shut down. A local attacker could exploit this to crash the system or
 possibly gain root privileges. (CVE-2010-3080)
 
 Ben Hawkes discovered that the Linux kernel did not correctly validate
 memory ranges on 64bit kernels when allocating memory on behalf of 32bit
 system calls. On a 64bit system, a local attacker could perform malicious
 multicast getsockopt calls to gain root privileges. (CVE-2010-3081)
 
 Dan Rosenberg discovered that several network ioctls did not clear kernel
 memory correctly. A local user could exploit this to read kernel stack
 memory, leading to a loss of privacy. (CVE-2010-3296, CVE-2010-3297,
 CVE-2010-3298)
 
 Ben Hawkes discovered that the Linux kernel did not correctly filter
 registers on 64bit kernels when performing 32bit system calls. On a 64bit
 system, a local attacker could manipulate 32bit system calls to gain root
 privileges. (CVE-2010-3301)
 
 Dan Rosenberg discovered that the ROSE driver did not correctly check
 parameters. A local attacker with access to a ROSE network device could
 exploit this to crash the system or possibly gain root privileges.
 (CVE-2010-3310)
 
 Thomas Dreibholz discovered that SCTP did not correctly handle appending
 packet chunks. A remote attacker could send specially crafted traffic to
 crash the system, leading to a denial of service. (CVE-2010-3432)
 
 Dan Rosenberg discovered that the CD driver did not correctly check
 parameters. A local attacker could exploit this to read arbitrary kernel
 memory, leading to a loss of privacy. (CVE-2010-3437)
 
 Dan Rosenberg discovered that the Sound subsystem did not correctly
 validate parameters. A local attacker could exploit this to crash the
 system, leading to a denial of service. (CVE-2010-3442)
 
 Dan Jacobson discovered that ThinkPad video output was not correctly access
 controlled. A local attacker could exploit this to hang the system, leading
 to a denial of service. (CVE-2010-3448)
 
 It was discovered that KVM did not correctly initialize certain CPU
 registers. A local attacker could exploit this to crash the system, leading
 to a denial of service. (CVE-2010-3698)
 
 Dan Rosenberg discovered that SCTP did not correctly handle HMAC
 calculations. A remote attacker could send specially crafted traffic that
 would crash the system, leading to a denial of service. (CVE-2010-3705)
 
 Nelson Elhage discovered several problems with the Acorn Econet protocol
 driver. A local user could cause a denial of service via a NULL pointer
 dereference, escalate privileges by overflowing the kernel stack, and
 assign Econet addresses to arbitrary interfaces. (CVE-2010-3848,
 CVE-2010-3849, CVE-2010-3850)
 
 Brad Spengler discovered that stack memory for new a process was not
 correctly calculated. A local attacker could exploit this to crash the
 system, leading to a denial of service. (CVE-2010-3858)
 
 Kees Cook discovered that the ethtool interface did not correctly clear
 kernel memory. A local attacker could read kernel heap memory, leading to a
 loss of privacy. (CVE-2010-3861)
 
 Dan Rosenberg discovered that the RDS network protocol did not correctly
 check certain parameters. A local attacker could exploit this gain root
 privileges. (CVE-2010-3904)
 
 Kees Cook and Vasiliy Kulikov discovered that the shm interface did not
 clear kernel memory correctly. A local attacker could exploit this to read
 kernel stack memory, leading to a loss of privacy. (CVE-2010-4072)
 
 Dan Rosenberg discovered that IPC structures were not correctly initialized
 on 64bit systems. A local attacker could exploit this to read kernel stack
 memory, leading to a loss of privacy. (CVE-2010-4073)
 
 Dan Rosenberg discovered that the USB subsystem did not correctly
 initialize certian structures. A local attacker could exploit this to read
 kernel stack memory, leading to a loss of privacy. (CVE-2010-4074)
 
 Dan Rosenberg discovered that the SiS video driver did not correctly clear
 kernel memory. A local attacker could exploit this to read kernel stack
 memory, leading to a loss of privacy. (CVE-2010-4078)
 
 Dan Rosenberg discovered that the ivtv V4L driver did not correctly
 initialize certian structures. A local attacker could exploit this to read
 kernel stack memory, leading to a loss of privacy. (CVE-2010-4079)
 
 Steve Chen discovered that setsockopt did not correctly check MSS values. A
 local attacker could make a specially crafted socket call to crash the
 system, leading to a denial of service. (CVE-2010-4165)
 
 Dave Jones discovered that the mprotect system call did not correctly
 handle merged VMAs. A local attacker could exploit this to crash the
 system, leading to a denial of service. (CVE-2010-4169)
 
 Vegard Nossum discovered that memory garbage collection was not handled
 correctly for active sockets. A local attacker could exploit this to
 allocate all available kernel memory, leading to a denial of service.
 (CVE-2010-4249)


Updated packages for Ubuntu 10.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/l/linux-fsl-imx51/linux-fsl-imx51_2.6.31-608.22.diff.gz
      Size/MD5:  5419607 706cf2a475317d4d90b1d00dcc307d91
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-fsl-imx51/linux-fsl-imx51_2.6.31-608.22.dsc
      Size/MD5:     2142 50a300a2181dd8bc5911d2a5ecfa5ecc
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-fsl-imx51/linux-fsl-imx51_2.6.31.orig.tar.gz
      Size/MD5: 78278595 16c0355d3612806ef87addf7c9f8c9f9

  armel architecture (ARM Architecture):

    http://ports.ubuntu.com/pool/main/l/linux-fsl-imx51/block-modules-2.6.31-608-imx51-di_2.6.31-608.22_armel.udeb
      Size/MD5:    97042 e2710f0635d8e4dac1c530c28d35c74d
    http://ports.ubuntu.com/pool/main/l/linux-fsl-imx51/crypto-modules-2.6.31-608-imx51-di_2.6.31-608.22_armel.udeb
      Size/MD5:    63554 655a51657347f8ea9aa70a304ea3027c
    http://ports.ubuntu.com/pool/main/l/linux-fsl-imx51/fat-modules-2.6.31-608-imx51-di_2.6.31-608.22_armel.udeb
      Size/MD5:     4506 e2de8ca0607335a7b6ea3614d888a5c0
    http://ports.ubuntu.com/pool/main/l/linux-fsl-imx51/fs-core-modules-2.6.31-608-imx51-di_2.6.31-608.22_armel.udeb
      Size/MD5:   549104 e175b3263d98623311a54dbea44c79b1
    http://ports.ubuntu.com/pool/main/l/linux-fsl-imx51/fs-secondary-modules-2.6.31-608-imx51-di_2.6.31-608.22_armel.udeb
      Size/MD5:   138172 96eeb5beda4443885ef36e71d7eb1b7b
    http://ports.ubuntu.com/pool/main/l/linux-fsl-imx51/input-modules-2.6.31-608-imx51-di_2.6.31-608.22_armel.udeb
      Size/MD5:    49920 3370ca2a9f576ccfd960881308ab1a26
    http://ports.ubuntu.com/pool/main/l/linux-fsl-imx51/irda-modules-2.6.31-608-imx51-di_2.6.31-608.22_armel.udeb
      Size/MD5:   211190 e53d6f947d367d210cad9cb2e4977851
    http://ports.ubuntu.com/pool/main/l/linux-fsl-imx51/kernel-image-2.6.31-608-imx51-di_2.6.31-608.22_armel.udeb
      Size/MD5:  3452834 4da6835c6b2cb80865efac16eef82ef9
    http://ports.ubuntu.com/pool/main/l/linux-fsl-imx51/linux-headers-2.6.31-608-imx51_2.6.31-608.22_armel.deb
      Size/MD5: 10662412 7bef7f93be2a55ddea53b912e1ea89a8
    http://ports.ubuntu.com/pool/main/l/linux-fsl-imx51/linux-image-2.6.31-608-imx51_2.6.31-608.22_armel.deb
      Size/MD5: 14581812 859cdc5d565181ae0ae5ecbc47d54d1b
    http://ports.ubuntu.com/pool/main/l/linux-fsl-imx51/md-modules-2.6.31-608-imx51-di_2.6.31-608.22_armel.udeb
      Size/MD5:   162252 dcde6ebcc11bb2902c5b7eff79c8a525
    http://ports.ubuntu.com/pool/main/l/linux-fsl-imx51/mouse-modules-2.6.31-608-imx51-di_2.6.31-608.22_armel.udeb
      Size/MD5:    24560 7d1fd91549950b8fb83c12e37c2031a9
    http://ports.ubuntu.com/pool/main/l/linux-fsl-imx51/nfs-modules-2.6.31-608-imx51-di_2.6.31-608.22_armel.udeb
      Size/MD5:   293432 4e0e461748f5422ffaf82a2ff94dd7fd
    http://ports.ubuntu.com/pool/main/l/linux-fsl-imx51/nic-modules-2.6.31-608-imx51-di_2.6.31-608.22_armel.udeb
      Size/MD5:   235466 702891f1bd2d2b554ae42429eedc865f
    http://ports.ubuntu.com/pool/main/l/linux-fsl-imx51/nic-shared-modules-2.6.31-608-imx51-di_2.6.31-608.22_armel.udeb
      Size/MD5:   184606 c95c2795f78020033df040dcef488262
    http://ports.ubuntu.com/pool/main/l/linux-fsl-imx51/nic-usb-modules-2.6.31-608-imx51-di_2.6.31-608.22_armel.udeb
      Size/MD5:   114276 30950c6036803696ebdc6dc127b00391
    http://ports.ubuntu.com/pool/main/l/linux-fsl-imx51/parport-modules-2.6.31-608-imx51-di_2.6.31-608.22_armel.udeb
      Size/MD5:    28206 2113950557647c58c7206c04343ea6e2
    http://ports.ubuntu.com/pool/main/l/linux-fsl-imx51/plip-modules-2.6.31-608-imx51-di_2.6.31-608.22_armel.udeb
      Size/MD5:     8230 baa53c8ee320a280b71326cba9b24ba9
    http://ports.ubuntu.com/pool/main/l/linux-fsl-imx51/ppp-modules-2.6.31-608-imx51-di_2.6.31-608.22_armel.udeb
      Size/MD5:    36158 fabaf847be6aa6d171e1ee69d72c958e
    http://ports.ubuntu.com/pool/main/l/linux-fsl-imx51/sata-modules-2.6.31-608-imx51-di_2.6.31-608.22_armel.udeb
      Size/MD5:    15604 d5dbbe7373865189facadc77631972b3
    http://ports.ubuntu.com/pool/main/l/linux-fsl-imx51/scsi-modules-2.6.31-608-imx51-di_2.6.31-608.22_armel.udeb
      Size/MD5:   190128 690d8cb90598dc713ec8f2a8af6a28e4
    http://ports.ubuntu.com/pool/main/l/linux-fsl-imx51/serial-modules-2.6.31-608-imx51-di_2.6.31-608.22_armel.udeb
      Size/MD5:    93842 17b01bdb419a2c743996c358db7f9b6c
    http://ports.ubuntu.com/pool/main/l/linux-fsl-imx51/storage-core-modules-2.6.31-608-imx51-di_2.6.31-608.22_armel.udeb
      Size/MD5:    21374 12a4687c68eee5729580895f9f96839a
    http://ports.ubuntu.com/pool/main/l/linux-fsl-imx51/usb-modules-2.6.31-608-imx51-di_2.6.31-608.22_armel.udeb
      Size/MD5:   115520 e6defcf60e47c050224a16a0ba15f8de


 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
Google Releases Open Source Tool for Testing Web App Security Scanners
Most Targeted Attacks Exploit Privileged Accounts
NotCompable sets new standards for mobile botnet sophistication
Hands on with Caine Linux: Pentesting and UEFI compatible
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.