USN-1168-1: Linux kernel vulnerabilities

15 July 2011

Multiple kernel flaws have been fixed.

Releases

Packages

Details

Timo Warns discovered that the LDM disk partition handling code did not
correctly handle certain values. By inserting a specially crafted disk
device, a local attacker could exploit this to gain root privileges.
(CVE-2011-1017)

Neil Horman discovered that NFSv4 did not correctly handle certain orders
of operation with ACL data. A remote attacker with access to an NFSv4 mount
could exploit this to crash the system, leading to a denial of service.
(CVE-2011-1090)

Timo Warns discovered that OSF partition parsing routines did not correctly
clear memory. A local attacker with physical access could plug in a
specially crafted block device to read kernel memory, leading to a loss of
privacy. (CVE-2011-1163)

Dan Rosenberg discovered that MPT devices did not correctly validate
certain values in ioctl calls. If these drivers were loaded, a local
attacker could exploit this to read arbitrary kernel memory, leading to a
loss of privacy. (CVE-2011-1494, CVE-2011-1495)

Tavis Ormandy discovered that the pidmap function did not correctly handle
large requests. A local attacker could exploit this to crash the system,
leading to a denial of service. (CVE-2011-1593)

Oliver Hartkopp and Dave Jones discovered that the CAN network driver did
not correctly validate certain socket structures. If this driver was
loaded, a local attacker could crash the system, leading to a denial of
service. (CVE-2011-1598, CVE-2011-1748)

Vasiliy Kulikov discovered that the AGP driver did not check certain ioctl
values. A local attacker with access to the video subsystem could exploit
this to crash the system, leading to a denial of service, or possibly gain
root privileges. (CVE-2011-1745, CVE-2011-2022)

Vasiliy Kulikov discovered that the AGP driver did not check the size of
certain memory allocations. A local attacker with access to the video
subsystem could exploit this to run the system out of memory, leading to a
denial of service. (CVE-2011-1746)

Dan Rosenberg reported an error in the old ABI compatibility layer of ARM
kernels. A local attacker could exploit this flaw to cause a denial of
service or gain root privileges. (CVE-2011-1759)

Dan Rosenberg discovered that the DCCP stack did not correctly handle
certain packet structures. A remote attacker could exploit this to crash
the system, leading to a denial of service. (CVE-2011-1770)

Timo Warns discovered that the EFI GUID partition table was not correctly
parsed. A physically local attacker that could insert mountable devices
could exploit this to crash the system or possibly gain root privileges.
(CVE-2011-1776)

Yogesh Sharma discovered that CIFS did not correctly handle UNCs that had
no prefixpaths. A local attacker with access to a CIFS partition could
exploit this to crash the system, leading to a denial of service.
(CVE-2011-3363)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 10.04

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

Related notices

  • USN-1111-1: linux-image-2.6.15-57-hppa32, linux-image-2.6.15-57-k7, linux-image-2.6.15-57-amd64-server, linux-image-2.6.15-57-powerpc64-smp, linux-image-2.6.15-57-powerpc-smp, linux-image-2.6.15-57-hppa64-smp, linux-image-2.6.15-57-686, linux-image-2.6.15-57-itanium-smp, linux-image-2.6.15-57-sparc64-smp, linux-image-2.6.15-57-amd64-k8, linux-image-2.6.15-57-amd64-generic, linux-image-2.6.15-57-386, linux-image-2.6.15-57-amd64-xeon, linux-image-2.6.15-57-server, linux-image-2.6.15-57-hppa64, linux-image-2.6.15-57-mckinley, linux-image-2.6.15-57-itanium, linux-image-2.6.15-57-hppa32-smp, linux-image-2.6.15-57-powerpc, linux-image-2.6.15-57-mckinley-smp, linux-image-2.6.15-57-server-bigiron, linux-source-2.6.15, linux-image-2.6.15-57-sparc64
  • USN-1146-1: linux-image-2.6.24-29-hppa64, linux-image-2.6.24-29-openvz, linux-image-2.6.24-29-powerpc64-smp, linux-image-2.6.24-29-sparc64, linux-image-2.6.24-29-lpiacompat, linux-image-2.6.24-29-server, linux-image-2.6.24-29-itanium, linux-image-2.6.24-29-sparc64-smp, linux-image-2.6.24-29-virtual, linux-image-2.6.24-29-powerpc-smp, linux-image-2.6.24-29-lpia, linux-image-2.6.24-29-mckinley, linux-image-2.6.24-29-hppa32, linux-image-2.6.24-29-generic, linux-image-2.6.24-29-xen, linux-image-2.6.24-29-386, linux-image-2.6.24-29-rt, linux, linux-image-2.6.24-29-powerpc
  • USN-1159-1: linux-image-2.6.32-417-dove, linux-mvl-dove
  • USN-1160-1: linux-image-2.6.35-30-generic-pae, linux-image-2.6.35-30-virtual, linux-image-2.6.35-30-versatile, linux-image-2.6.35-30-server, linux-image-2.6.35-30-powerpc64-smp, linux-image-2.6.35-30-powerpc, linux, linux-image-2.6.35-30-omap, linux-image-2.6.35-30-generic, linux-image-2.6.35-30-powerpc-smp
  • USN-1161-1: linux-image-2.6.32-317-ec2, linux-ec2
  • USN-1162-1: linux-image-2.6.32-217-dove, linux-mvl-dove
  • USN-1164-1: linux-image-2.6.31-609-imx51, linux-fsl-imx51
  • USN-1167-1: linux-image-2.6.38-10-server, linux-image-2.6.38-10-virtual, linux-image-2.6.38-10-generic-pae, linux-image-2.6.38-10-powerpc, linux-image-2.6.38-10-versatile, linux, linux-image-2.6.38-10-powerpc-smp, linux-image-2.6.38-10-generic, linux-image-2.6.38-10-powerpc64-smp, linux-image-2.6.38-10-omap
  • USN-1170-1: linux-image-2.6.24-29-hppa64, linux-image-2.6.24-29-openvz, linux-image-2.6.24-29-powerpc64-smp, linux-image-2.6.24-29-sparc64, linux-image-2.6.24-29-lpiacompat, linux-image-2.6.24-29-server, linux-image-2.6.24-29-itanium, linux-image-2.6.24-29-sparc64-smp, linux-image-2.6.24-29-virtual, linux-image-2.6.24-29-powerpc-smp, linux-image-2.6.24-29-lpia, linux-image-2.6.24-29-mckinley, linux-image-2.6.24-29-hppa32, linux-image-2.6.24-29-generic, linux-image-2.6.24-29-xen, linux-image-2.6.24-29-386, linux-image-2.6.24-29-rt, linux, linux-image-2.6.24-29-powerpc
  • USN-1183-1: linux-image-2.6.35-30-generic-pae, linux-image-2.6.35-30-virtual, linux-image-2.6.35-30-versatile, linux-image-2.6.35-30-server, linux-image-2.6.35-30-powerpc64-smp, linux-image-2.6.35-30-powerpc, linux, linux-image-2.6.35-30-omap, linux-image-2.6.35-30-generic, linux-image-2.6.35-30-powerpc-smp
  • USN-1186-1: linux-image-2.6.24-29-hppa64, linux-image-2.6.24-29-openvz, linux-image-2.6.24-29-powerpc64-smp, linux-image-2.6.24-29-sparc64, linux-image-2.6.24-29-lpiacompat, linux-image-2.6.24-29-server, linux-image-2.6.24-29-itanium, linux-image-2.6.24-29-sparc64-smp, linux-image-2.6.24-29-virtual, linux-image-2.6.24-29-powerpc-smp, linux-image-2.6.24-29-lpia, linux-image-2.6.24-29-mckinley, linux-image-2.6.24-29-hppa32, linux-image-2.6.24-29-generic, linux-image-2.6.24-29-xen, linux-image-2.6.24-29-386, linux-image-2.6.24-29-rt, linux, linux-image-2.6.24-29-powerpc
  • USN-1187-1: linux-image-2.6.35-30-generic-pae, linux-image-2.6.35-30-virtual, linux-image-2.6.35-30-server, linux-lts-backport-maverick, linux-image-2.6.35-30-generic
  • USN-1201-1: linux-image-2.6.35-30-generic-pae, linux-image-2.6.35-30-virtual, linux-image-2.6.35-30-versatile, linux-image-2.6.35-30-server, linux-image-2.6.35-30-powerpc64-smp, linux-image-2.6.35-30-powerpc, linux, linux-image-2.6.35-30-omap, linux-image-2.6.35-30-generic, linux-image-2.6.35-30-powerpc-smp
  • USN-1202-1: linux-ti-omap4, linux-image-2.6.35-903-omap4
  • USN-1204-1: linux-fsl-imx51, linux-image-2.6.31-610-imx51
  • USN-1205-1: linux-image-2.6.35-30-generic-pae, linux-image-2.6.35-30-virtual, linux-image-2.6.35-30-server, linux-lts-backport-maverick, linux-image-2.6.35-30-generic
  • USN-1212-1: linux-ti-omap4, linux-image-2.6.38-1209-omap4
  • USN-1219-1: linux-image-2.6.35-30-generic-pae, linux-image-2.6.35-30-virtual, linux-image-2.6.35-30-server, linux-lts-backport-maverick, linux-image-2.6.35-30-generic
  • USN-1220-1: linux-ti-omap4, linux-image-2.6.35-903-omap4
  • USN-1225-1: linux-image-2.6.24-29-hppa64, linux-image-2.6.24-29-openvz, linux-image-2.6.24-29-powerpc64-smp, linux-image-2.6.24-29-sparc64, linux-image-2.6.24-29-lpiacompat, linux-image-2.6.24-29-server, linux-image-2.6.24-29-itanium, linux-image-2.6.24-29-sparc64-smp, linux-image-2.6.24-29-virtual, linux-image-2.6.24-29-powerpc-smp, linux-image-2.6.24-29-lpia, linux-image-2.6.24-29-mckinley, linux-image-2.6.24-29-hppa32, linux-image-2.6.24-29-generic, linux-image-2.6.24-29-xen, linux-image-2.6.24-29-386, linux-image-2.6.24-29-rt, linux, linux-image-2.6.24-29-powerpc
  • USN-1227-1: linux-image-2.6.35-30-generic-pae, linux-image-2.6.35-30-virtual, linux-image-2.6.35-30-versatile, linux-image-2.6.35-30-server, linux-image-2.6.35-30-powerpc64-smp, linux-image-2.6.35-30-powerpc, linux, linux-image-2.6.35-30-omap, linux-image-2.6.35-30-generic, linux-image-2.6.35-30-powerpc-smp
  • USN-1228-1: linux-ti-omap4, linux-image-2.6.38-1209-omap4
  • USN-1241-1: linux-fsl-imx51, linux-image-2.6.31-611-imx51
  • USN-1242-1: linux-image-2.6.35-30-generic-pae, linux-image-2.6.35-30-virtual, linux-image-2.6.35-30-server, linux-lts-backport-maverick, linux-image-2.6.35-30-generic
  • USN-1243-1: linux-image-2.6.35-30-generic-pae, linux-image-2.6.35-30-virtual, linux-image-2.6.35-30-versatile, linux-image-2.6.35-30-server, linux-image-2.6.35-30-powerpc64-smp, linux-image-2.6.35-30-powerpc, linux, linux-image-2.6.35-30-omap, linux-image-2.6.35-30-generic, linux-image-2.6.35-30-powerpc-smp
  • USN-1244-1: linux-ti-omap4, linux-image-2.6.35-903-omap4
  • USN-1256-1: linux-image-2.6.38-12-generic, linux-image-2.6.38-12-server, linux-lts-backport-natty, linux-image-2.6.38-12-generic-pae, linux-image-2.6.38-12-virtual
  • USN-1281-1: linux-ti-omap4, linux-image-2.6.38-1209-omap4
  • USN-1332-1: linux-image-2.6.35-32-server, linux-lts-backport-maverick, linux-image-2.6.35-32-generic-pae, linux-image-2.6.35-32-generic, linux-image-2.6.35-32-virtual
  • USN-1341-1: linux-image-2.6.35-32-server, linux-image-2.6.35-32-omap, linux-image-2.6.35-32-versatile, linux-image-2.6.35-32-powerpc-smp, linux-image-2.6.35-32-generic-pae, linux, linux-image-2.6.35-32-generic, linux-image-2.6.35-32-virtual, linux-image-2.6.35-32-powerpc, linux-image-2.6.35-32-powerpc64-smp
  • USN-1383-1: linux-ti-omap4, linux-image-2.6.38-1209-omap4
  • USN-1394-1: linux-ti-omap4, linux-image-2.6.35-903-omap4