USN-1236-1: Linux kernel vulnerabilities

20 October 2011

Multiple kernel flaws have been fixed.

Releases

Packages

Details

It was discovered that the Auerswald usb driver incorrectly handled lengths
of the USB string descriptors. A local attacker with physical access could
insert a specially crafted USB device and gain root privileges.
(CVE-2009-4067)

It was discovered that the Stream Control Transmission Protocol (SCTP)
implementation incorrectly calculated lengths. If the net.sctp.addip_enable
variable was turned on, a remote attacker could send specially crafted
traffic to crash the system. (CVE-2011-1573)

Vasiliy Kulikov discovered that taskstats did not enforce access
restrictions. A local attacker could exploit this to read certain
information, leading to a loss of privacy. (CVE-2011-2494)

Vasiliy Kulikov discovered that /proc/PID/io did not enforce access
restrictions. A local attacker could exploit this to read certain
information, leading to a loss of privacy. (CVE-2011-2495)

Dan Kaminsky discovered that the kernel incorrectly handled random sequence
number generation. An attacker could use this flaw to possibly predict
sequence numbers and inject packets. (CVE-2011-3188)

Related notices

  • USN-1243-1: linux-image-2.6.35-30-virtual, linux-image-2.6.35-30-powerpc-smp, linux-image-2.6.35-30-generic, linux-image-2.6.35-30-powerpc, linux-image-2.6.35-30-server, linux-image-2.6.35-30-omap, linux-image-2.6.35-30-generic-pae, linux, linux-image-2.6.35-30-powerpc64-smp, linux-image-2.6.35-30-versatile
  • USN-1241-1: linux-fsl-imx51, linux-image-2.6.31-611-imx51
  • USN-1275-1: linux-image-3.0.0-13-omap, linux-image-3.0.0-13-powerpc64-smp, linux-image-3.0.0-13-virtual, linux-image-3.0.0-13-powerpc, linux-image-3.0.0-13-server, linux, linux-image-3.0.0-13-generic, linux-image-3.0.0-13-powerpc-smp, linux-image-3.0.0-13-generic-pae
  • USN-1246-1: linux-image-2.6.38-12-virtual, linux-image-2.6.38-12-generic, linux-image-2.6.38-12-server, linux-image-2.6.38-12-versatile, linux-image-2.6.38-12-powerpc64-smp, linux-image-2.6.38-12-omap, linux-image-2.6.38-12-powerpc, linux-image-2.6.38-12-generic-pae, linux-image-2.6.38-12-powerpc-smp, linux
  • USN-1244-1: linux-ti-omap4, linux-image-2.6.35-903-omap4
  • USN-1240-1: linux-mvl-dove, linux-image-2.6.32-219-dove
  • USN-1245-1: linux-image-2.6.32-419-dove, linux-mvl-dove
  • USN-1228-1: linux-ti-omap4, linux-image-2.6.38-1209-omap4
  • USN-1220-1: linux-ti-omap4, linux-image-2.6.35-903-omap4
  • USN-1285-1: linux-image-2.6.38-13-generic-pae, linux-image-2.6.38-13-server, linux-image-2.6.38-13-powerpc-smp, linux-image-2.6.38-13-powerpc64-smp, linux-image-2.6.38-13-versatile, linux-image-2.6.38-13-generic, linux-image-2.6.38-13-virtual, linux, linux-image-2.6.38-13-powerpc, linux-image-2.6.38-13-omap
  • USN-1141-1: linux-image-2.6.32-32-386, linux-image-2.6.32-32-versatile, linux-image-2.6.32-32-lpia, linux-image-2.6.32-316-ec2, linux-image-2.6.32-32-generic-pae, linux-image-2.6.32-32-preempt, linux-image-2.6.32-32-powerpc-smp, linux-image-2.6.32-32-sparc64-smp, linux-image-2.6.32-32-generic, linux-image-2.6.32-32-ia64, linux-ec2, linux-image-2.6.32-32-powerpc64-smp, linux-image-2.6.32-32-server, linux-image-2.6.32-32-virtual, linux-image-2.6.32-32-powerpc, linux, linux-image-2.6.32-32-sparc64
  • USN-1159-1: linux-image-2.6.32-417-dove, linux-mvl-dove
  • USN-1242-1: linux-image-2.6.35-30-virtual, linux-image-2.6.35-30-generic, linux-image-2.6.35-30-server, linux-lts-backport-maverick, linux-image-2.6.35-30-generic-pae
  • USN-1260-1: linux-ti-omap4, linux-image-3.0.0-1206-omap4
  • USN-1253-1: linux-image-2.6.32-35-powerpc-smp, linux-image-2.6.32-35-sparc64, linux-image-2.6.32-35-generic-pae, linux-image-2.6.32-35-ia64, linux-image-2.6.32-35-sparc64-smp, linux-image-2.6.32-35-virtual, linux-image-2.6.32-35-versatile, linux-image-2.6.32-35-preempt, linux-image-2.6.32-35-386, linux-image-2.6.32-35-powerpc64-smp, linux-image-2.6.32-35-lpia, linux, linux-image-2.6.32-35-server, linux-image-2.6.32-35-generic, linux-image-2.6.32-35-powerpc
  • USN-1256-1: linux-image-2.6.38-12-virtual, linux-image-2.6.38-12-generic, linux-image-2.6.38-12-server, linux-lts-backport-natty, linux-image-2.6.38-12-generic-pae
  • USN-1281-1: linux-ti-omap4, linux-image-2.6.38-1209-omap4
  • USN-1294-1: linux-image-3.0.0-13-virtual, linux-image-3.0.0-13-server, linux-image-3.0.0-13-generic, linux-image-3.0.0-13-generic-pae, linux-lts-backport-oneiric
  • USN-1162-1: linux-mvl-dove, linux-image-2.6.32-217-dove
  • USN-1239-1: linux-ec2, linux-image-2.6.32-319-ec2
  • USN-1279-1: linux-image-2.6.38-13-generic-pae, linux-lts-backport-natty, linux-image-2.6.38-13-generic, linux-image-2.6.38-13-virtual, linux-image-2.6.38-13-server