USN-1023-1: Linux kernel vulnerabilities

Ubuntu Security Notice USN-1023-1

29th November, 2010

linux, linux-{ec2,source-2.6.15} vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 10.10
Ubuntu 10.04 LTS
Ubuntu 9.10
Ubuntu 8.04 LTS
Ubuntu 6.06 LTS

Summary

The Linux kernel could be made to run unauthorized programs with administrator privileges.

Software description

linux - Linux kernel
linux-ec2 - Linux kernel for EC2
linux-source-2.6.15 - The Linux kernel

Details

Nelson Elhage discovered several problems with the Acorn Econet protocol
driver. A local user could cause a denial of service via a NULL pointer
dereference, escalate privileges by overflowing the kernel stack, and
assign Econet addresses to arbitrary interfaces. (CVE-2010-3848,
CVE-2010-3849, CVE-2010-3850)

Brad Spengler discovered that the wireless extensions did not correctly
validate certain request sizes. A local attacker could exploit this to read
portions of kernel memory, leading to a loss of privacy. (CVE-2010-2955)

Dan Rosenberg discovered that the VIA video driver did not correctly clear
kernel memory. A local attacker could exploit this to read kernel stack
memory, leading to a loss of privacy. (CVE-2010-4082)

A flaw was discovered in the Linux kernel's splice system call. A local
user could use this flaw to cause a denial of service (system crash).
(CVE-2013-2128)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 10.10:: linux-image-2.6.35-23-powerpc64-smp 2.6.35-23.41; linux-image-2.6.35-23-virtual 2.6.35-23.41; linux-image-2.6.35-23-versatile 2.6.35-23.41; linux-image-2.6.35-23-generic 2.6.35-23.41; linux-image-2.6.35-23-powerpc-smp 2.6.35-23.41; linux-image-2.6.35-23-powerpc 2.6.35-23.41; linux-image-2.6.35-23-omap 2.6.35-23.41; linux-image-2.6.35-23-generic-pae 2.6.35-23.41; linux-image-2.6.35-23-server 2.6.35-23.41
Ubuntu 10.04 LTS:: linux-image-2.6.32-26-generic 2.6.32-26.48; linux-image-2.6.32-26-sparc64-smp 2.6.32-26.48; linux-image-2.6.32-26-preempt 2.6.32-26.48; linux-image-2.6.32-26-powerpc-smp 2.6.32-26.48; linux-image-2.6.32-26-versatile 2.6.32-26.48; linux-image-2.6.32-26-powerpc64-smp 2.6.32-26.48; linux-image-2.6.32-26-virtual 2.6.32-26.48; linux-image-2.6.32-26-generic-pae 2.6.32-26.48; linux-image-2.6.32-26-lpia 2.6.32-26.48; linux-image-2.6.32-26-powerpc 2.6.32-26.48; linux-image-2.6.32-310-ec2 2.6.32-310.21; linux-image-2.6.32-26-sparc64 2.6.32-26.48; linux-image-2.6.32-26-server 2.6.32-26.48; linux-image-2.6.32-26-ia64 2.6.32-26.48; linux-image-2.6.32-26-386 2.6.32-26.48
Ubuntu 9.10:: linux-image-2.6.31-22-server 2.6.31-22.69; linux-image-2.6.31-22-ia64 2.6.31-22.69; linux-image-2.6.31-307-ec2 2.6.31-307.22; linux-image-2.6.31-22-generic-pae 2.6.31-22.69; linux-image-2.6.31-22-386 2.6.31-22.69; linux-image-2.6.31-22-powerpc 2.6.31-22.69; linux-image-2.6.31-22-sparc64 2.6.31-22.69; linux-image-2.6.31-22-sparc64-smp 2.6.31-22.69; linux-image-2.6.31-22-powerpc-smp 2.6.31-22.69; linux-image-2.6.31-22-virtual 2.6.31-22.69; linux-image-2.6.31-22-powerpc64-smp 2.6.31-22.69; linux-image-2.6.31-22-generic 2.6.31-22.69; linux-image-2.6.31-22-lpia 2.6.31-22.69
Ubuntu 8.04 LTS:: linux-image-2.6.24-28-powerpc64-smp 2.6.24-28.81; linux-image-2.6.24-28-hppa32 2.6.24-28.81; linux-image-2.6.24-28-generic 2.6.24-28.81; linux-image-2.6.24-28-powerpc 2.6.24-28.81; linux-image-2.6.24-28-sparc64-smp 2.6.24-28.81; linux-image-2.6.24-28-itanium 2.6.24-28.81; linux-image-2.6.24-28-openvz 2.6.24-28.81; linux-image-2.6.24-28-virtual 2.6.24-28.81; linux-image-2.6.24-28-rt 2.6.24-28.81; linux-image-2.6.24-28-lpia 2.6.24-28.81; linux-image-2.6.24-28-hppa64 2.6.24-28.81; linux-image-2.6.24-28-mckinley 2.6.24-28.81; linux-image-2.6.24-28-server 2.6.24-28.81; linux-image-2.6.24-28-powerpc-smp 2.6.24-28.81; linux-image-2.6.24-28-386 2.6.24-28.81; linux-image-2.6.24-28-lpiacompat 2.6.24-28.81; linux-image-2.6.24-28-sparc64 2.6.24-28.81; linux-image-2.6.24-28-xen 2.6.24-28.81
Ubuntu 6.06 LTS:: linux-image-2.6.15-55-hppa64 2.6.15-55.90; linux-image-2.6.15-55-mckinley 2.6.15-55.90; linux-image-2.6.15-55-powerpc-smp 2.6.15-55.90; linux-image-2.6.15-55-hppa32-smp 2.6.15-55.90; linux-image-2.6.15-55-686 2.6.15-55.90; linux-image-2.6.15-55-amd64-k8 2.6.15-55.90; linux-image-2.6.15-55-amd64-server 2.6.15-55.90; linux-image-2.6.15-55-386 2.6.15-55.90; linux-image-2.6.15-55-sparc64-smp 2.6.15-55.90; linux-image-2.6.15-55-k7 2.6.15-55.90; linux-image-2.6.15-55-sparc64 2.6.15-55.90; linux-image-2.6.15-55-server 2.6.15-55.90; linux-image-2.6.15-55-powerpc64-smp 2.6.15-55.90; linux-image-2.6.15-55-hppa32 2.6.15-55.90; linux-image-2.6.15-55-mckinley-smp 2.6.15-55.90; linux-image-2.6.15-55-server-bigiron 2.6.15-55.90; linux-image-2.6.15-55-itanium-smp 2.6.15-55.90; linux-image-2.6.15-55-amd64-xeon 2.6.15-55.90; linux-image-2.6.15-55-powerpc 2.6.15-55.90; linux-image-2.6.15-55-amd64-generic 2.6.15-55.90; linux-image-2.6.15-55-hppa64-smp 2.6.15-55.90; linux-image-2.6.15-55-itanium 2.6.15-55.90

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2010-2955, CVE-2010-3848, CVE-2010-3849, CVE-2010-3850, CVE-2010-4082, CVE-2013-2128