Ubuntu Security Notice - linux vulnerabilities (USN-1756-1)
Ubuntu Security Notice USN-1756-1
March 06, 2013

linux vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.10


Several security issues were fixed in the kernel.

Software Description:
- linux: Linux kernel


A failure to validate input was discovered in the Linux kernel's Xen
netback (network backend) driver. A user in a guest OS may exploit this
flaw to cause a denial of service to the guest OS and other guest domains.

A memory leak was discovered in the Linux kernel's Xen netback (network
backend) driver. A user in a guest OS could trigger this flaw to cause a
denial of service on the system. (CVE-2013-0217)

Andrew Jones discovered a flaw with the xen_iret function in Linux kernel's
Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged
guest OS user could exploit this flaw to cause a denial of service (crash
the system) or gain guest OS privilege. (CVE-2013-0228)

A flaw was reported in the permission checks done by the Linux kernel for
/dev/cpu/*/msr. A local root user with all capabilities dropped could
exploit this flaw to execute code with full root capabilities.

A flaw was discovered in the Linux kernel's vhost driver used to accelerate
guest networking in KVM based virtual machines. A privileged guest user
could exploit this flaw to crash the host system. (CVE-2013-0311)

An information leak was discovered in the Linux kernel's Bluetooth stack
when HIDP (Human Interface Device Protocol) support is enabled. A local
unprivileged user could exploit this flaw to cause an information leak from
the kernel. (CVE-2013-0349)

A flaw was discovered on the Linux kernel's VFAT filesystem driver when a
disk is mounted with the utf8 option (this is the default on Ubuntu). On a
system where disks/images can be auto-mounted or a FAT filesystem is
mounted an unprivileged user can exploit the flaw to gain root privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.10:
  linux-image-3.0.0-32-generic    3.0.0-32.50
  linux-image-3.0.0-32-generic-pae  3.0.0-32.50
  linux-image-3.0.0-32-omap       3.0.0-32.50
  linux-image-3.0.0-32-powerpc    3.0.0-32.50
  linux-image-3.0.0-32-powerpc-smp  3.0.0-32.50
  linux-image-3.0.0-32-powerpc64-smp  3.0.0-32.50
  linux-image-3.0.0-32-server     3.0.0-32.50
  linux-image-3.0.0-32-virtual    3.0.0-32.50

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

  CVE-2013-0216, CVE-2013-0217, CVE-2013-0228, CVE-2013-0268,
  CVE-2013-0311, CVE-2013-0349, CVE-2013-1773

Package Information:


Analytics services are tracking users via Chrome extensions

It's quite possible that, despite your belief that the Google Chrome is the safest browser there is and your use of extensions that prevent tracking, your online movements are still being tracked.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Nov 24th