USN-1023-1: Linux kernel vulnerabilities
30 November 2010
linux, linux-{ec2,source-2.6.15} vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 9.10
- Ubuntu 8.04 LTS
- Ubuntu 6.06 LTS
Summary
The Linux kernel could be made to run unauthorized programs with administrator privileges.
Software Description
- linux - Linux kernel
- linux-ec2 - Linux kernel for EC2
- linux-source-2.6.15 - The Linux kernel
Details
Nelson Elhage discovered several problems with the Acorn Econet protocol driver. A local user could cause a denial of service via a NULL pointer dereference, escalate privileges by overflowing the kernel stack, and assign Econet addresses to arbitrary interfaces. (CVE-2010-3848, CVE-2010-3849, CVE-2010-3850)
Brad Spengler discovered that the wireless extensions did not correctly validate certain request sizes. A local attacker could exploit this to read portions of kernel memory, leading to a loss of privacy. (CVE-2010-2955)
Dan Rosenberg discovered that the VIA video driver did not correctly clear kernel memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2010-4082)
A flaw was discovered in the Linux kernel’s splice system call. A local user could use this flaw to cause a denial of service (system crash). (CVE-2013-2128)
Update instructions
The problem can be corrected by updating your system to the following package versions:
- Ubuntu 10.10
- linux-image-2.6.35-23-generic - 2.6.35-23.41
- linux-image-2.6.35-23-generic-pae - 2.6.35-23.41
- linux-image-2.6.35-23-omap - 2.6.35-23.41
- linux-image-2.6.35-23-powerpc - 2.6.35-23.41
- linux-image-2.6.35-23-powerpc-smp - 2.6.35-23.41
- linux-image-2.6.35-23-powerpc64-smp - 2.6.35-23.41
- linux-image-2.6.35-23-server - 2.6.35-23.41
- linux-image-2.6.35-23-versatile - 2.6.35-23.41
- linux-image-2.6.35-23-virtual - 2.6.35-23.41
- Ubuntu 10.04 LTS
- linux-image-2.6.32-26-386 - 2.6.32-26.48
- linux-image-2.6.32-26-generic - 2.6.32-26.48
- linux-image-2.6.32-26-generic-pae - 2.6.32-26.48
- linux-image-2.6.32-26-ia64 - 2.6.32-26.48
- linux-image-2.6.32-26-lpia - 2.6.32-26.48
- linux-image-2.6.32-26-powerpc - 2.6.32-26.48
- linux-image-2.6.32-26-powerpc-smp - 2.6.32-26.48
- linux-image-2.6.32-26-powerpc64-smp - 2.6.32-26.48
- linux-image-2.6.32-26-preempt - 2.6.32-26.48
- linux-image-2.6.32-26-server - 2.6.32-26.48
- linux-image-2.6.32-26-sparc64 - 2.6.32-26.48
- linux-image-2.6.32-26-sparc64-smp - 2.6.32-26.48
- linux-image-2.6.32-26-versatile - 2.6.32-26.48
- linux-image-2.6.32-26-virtual - 2.6.32-26.48
- linux-image-2.6.32-310-ec2 - 2.6.32-310.21
- Ubuntu 9.10
- linux-image-2.6.31-22-386 - 2.6.31-22.69
- linux-image-2.6.31-22-generic - 2.6.31-22.69
- linux-image-2.6.31-22-generic-pae - 2.6.31-22.69
- linux-image-2.6.31-22-ia64 - 2.6.31-22.69
- linux-image-2.6.31-22-lpia - 2.6.31-22.69
- linux-image-2.6.31-22-powerpc - 2.6.31-22.69
- linux-image-2.6.31-22-powerpc-smp - 2.6.31-22.69
- linux-image-2.6.31-22-powerpc64-smp - 2.6.31-22.69
- linux-image-2.6.31-22-server - 2.6.31-22.69
- linux-image-2.6.31-22-sparc64 - 2.6.31-22.69
- linux-image-2.6.31-22-sparc64-smp - 2.6.31-22.69
- linux-image-2.6.31-22-virtual - 2.6.31-22.69
- linux-image-2.6.31-307-ec2 - 2.6.31-307.22
- Ubuntu 8.04 LTS
- linux-image-2.6.24-28-386 - 2.6.24-28.81
- linux-image-2.6.24-28-generic - 2.6.24-28.81
- linux-image-2.6.24-28-hppa32 - 2.6.24-28.81
- linux-image-2.6.24-28-hppa64 - 2.6.24-28.81
- linux-image-2.6.24-28-itanium - 2.6.24-28.81
- linux-image-2.6.24-28-lpia - 2.6.24-28.81
- linux-image-2.6.24-28-lpiacompat - 2.6.24-28.81
- linux-image-2.6.24-28-mckinley - 2.6.24-28.81
- linux-image-2.6.24-28-openvz - 2.6.24-28.81
- linux-image-2.6.24-28-powerpc - 2.6.24-28.81
- linux-image-2.6.24-28-powerpc-smp - 2.6.24-28.81
- linux-image-2.6.24-28-powerpc64-smp - 2.6.24-28.81
- linux-image-2.6.24-28-rt - 2.6.24-28.81
- linux-image-2.6.24-28-server - 2.6.24-28.81
- linux-image-2.6.24-28-sparc64 - 2.6.24-28.81
- linux-image-2.6.24-28-sparc64-smp - 2.6.24-28.81
- linux-image-2.6.24-28-virtual - 2.6.24-28.81
- linux-image-2.6.24-28-xen - 2.6.24-28.81
- Ubuntu 6.06 LTS
- linux-image-2.6.15-55-386 - 2.6.15-55.90
- linux-image-2.6.15-55-686 - 2.6.15-55.90
- linux-image-2.6.15-55-amd64-generic - 2.6.15-55.90
- linux-image-2.6.15-55-amd64-k8 - 2.6.15-55.90
- linux-image-2.6.15-55-amd64-server - 2.6.15-55.90
- linux-image-2.6.15-55-amd64-xeon - 2.6.15-55.90
- linux-image-2.6.15-55-hppa32 - 2.6.15-55.90
- linux-image-2.6.15-55-hppa32-smp - 2.6.15-55.90
- linux-image-2.6.15-55-hppa64 - 2.6.15-55.90
- linux-image-2.6.15-55-hppa64-smp - 2.6.15-55.90
- linux-image-2.6.15-55-itanium - 2.6.15-55.90
- linux-image-2.6.15-55-itanium-smp - 2.6.15-55.90
- linux-image-2.6.15-55-k7 - 2.6.15-55.90
- linux-image-2.6.15-55-mckinley - 2.6.15-55.90
- linux-image-2.6.15-55-mckinley-smp - 2.6.15-55.90
- linux-image-2.6.15-55-powerpc - 2.6.15-55.90
- linux-image-2.6.15-55-powerpc-smp - 2.6.15-55.90
- linux-image-2.6.15-55-powerpc64-smp - 2.6.15-55.90
- linux-image-2.6.15-55-server - 2.6.15-55.90
- linux-image-2.6.15-55-server-bigiron - 2.6.15-55.90
- linux-image-2.6.15-55-sparc64 - 2.6.15-55.90
- linux-image-2.6.15-55-sparc64-smp - 2.6.15-55.90
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make all the necessary changes.