USN-914-1: Linux kernel vulnerabilities

17 March 2010

Linux kernel vulnerabilities

Releases

Packages

  • linux -
  • linux-ec2 -
  • linux-fsl-imx51 -
  • linux-mvl-dove -
  • linux-source-2.6.15 -

Details

Mathias Krause discovered that the Linux kernel did not correctly handle
missing ELF interpreters. A local attacker could exploit this to cause the
system to crash, leading to a denial of service. (CVE-2010-0307)

Marcelo Tosatti discovered that the Linux kernel's hardware virtualization
did not correctly handle reading the /dev/port special device. A local
attacker in a guest operating system could issue a specific read that
would cause the host system to crash, leading to a denial of service.
(CVE-2010-0309)

Sebastian Krahmer discovered that the Linux kernel did not correctly
handle netlink connector messages. A local attacker could exploit this
to consume kernel memory, leading to a denial of service. (CVE-2010-0410)

Ramon de Carvalho Valle discovered that the Linux kernel did not correctly
validate certain memory migration calls. A local attacker could exploit
this to read arbitrary kernel memory or cause a system crash, leading
to a denial of service. (CVE-2010-0415)

Jermome Marchand and Mikael Pettersson discovered that the Linux kernel
did not correctly handle certain futex operations. A local attacker could
exploit this to cause a system crash, leading to a denial of service.
(CVE-2010-0622, CVE-2010-0623)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 9.10
Ubuntu 9.04
Ubuntu 8.10
Ubuntu 8.04
Ubuntu 6.06

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.