USN-1023-1: Linux kernel vulnerabilities

30 November 2010

The Linux kernel could be made to run unauthorized programs with administrator privileges.

Releases

Packages

Details

Nelson Elhage discovered several problems with the Acorn Econet protocol
driver. A local user could cause a denial of service via a NULL pointer
dereference, escalate privileges by overflowing the kernel stack, and
assign Econet addresses to arbitrary interfaces. (CVE-2010-3848,
CVE-2010-3849, CVE-2010-3850)

Brad Spengler discovered that the wireless extensions did not correctly
validate certain request sizes. A local attacker could exploit this to read
portions of kernel memory, leading to a loss of privacy. (CVE-2010-2955)

Dan Rosenberg discovered that the VIA video driver did not correctly clear
kernel memory. A local attacker could exploit this to read kernel stack
memory, leading to a loss of privacy. (CVE-2010-4082)

A flaw was discovered in the Linux kernel's splice system call. A local
user could use this flaw to cause a denial of service (system crash).
(CVE-2013-2128)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 9.10
Ubuntu 8.04
Ubuntu 6.06
Ubuntu 10.10
Ubuntu 10.04

After a standard system update you need to reboot your computer to make
all the necessary changes.

Related notices

  • USN-1119-1: linux-ti-omap4, linux-image-2.6.35-903-omap4
  • USN-1074-2: linux-image-2.6.31-608-imx51, linux-fsl-imx51
  • USN-1073-1: linux-image-2.6.31-22-powerpc, linux-image-2.6.31-22-powerpc64-smp, linux-image-2.6.31-307-ec2, linux-image-2.6.31-22-lpia, linux-image-2.6.31-22-sparc64-smp, linux-image-2.6.31-22-virtual, linux-image-2.6.31-22-386, linux-image-2.6.31-22-ia64, linux-image-2.6.31-22-sparc64, linux-image-2.6.31-22-powerpc-smp, linux-ec2, linux, linux-image-2.6.31-22-server, linux-image-2.6.31-22-generic, linux-image-2.6.31-22-generic-pae
  • USN-1074-1: linux-image-2.6.31-112-imx51, linux-fsl-imx51
  • USN-1083-1: linux-lts-backport-maverick, linux-image-2.6.35-25-generic-pae, linux-image-2.6.35-25-server, linux-image-2.6.35-25-generic, linux-image-2.6.35-25-virtual
  • USN-1093-1: linux-mvl-dove, linux-image-2.6.32-416-dove, linux-image-2.6.32-216-dove
  • USN-1202-1: linux-ti-omap4, linux-image-2.6.35-903-omap4
  • USN-1164-1: linux-fsl-imx51, linux-image-2.6.31-609-imx51