Risks
Advisories
Browse
or
or
Ubuntu Security Notice - linux vulnerabilities (USN-1878-1)
==========================================================================
Ubuntu Security Notice USN-1878-1
June 14, 2013

linux vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux: Linux kernel

Details:

An information leak was discovered in the Linux kernel when inotify is used
to monitor the /dev/ptmx device. A local user could exploit this flaw to
discover keystroke timing and potentially discover sensitive information
like password length. (CVE-2013-0160)

An information leak was discovered in the Linux kernel's llc (Logical Link
Layer 2) support. A local user could exploit this flaw to examine
potentially sensitive information from the kernel's stack memory.
(CVE-2013-3231)

An information leak was discovered in the Linux kernel's receive message
handling for the netrom address family. A local user could exploit this
flaw to obtain sensitive information from the kernel's stack memory.
(CVE-2013-3232)

An information leak was discovered in the Linux kernel's Rose X.25 protocol
layer. A local user could exploit this flaw to examine potentially
sensitive information from the kernel's stack memory. (CVE-2013-3234)

An information leak was discovered in the Linux kernel's TIPC (Transparent
Inter Process Communication) protocol implementation. A local user could
exploit this flaw to examine potentially sensitive information from the
kernel's stack memory. (CVE-2013-3235)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
  linux-image-3.2.0-48-generic    3.2.0-48.74
  linux-image-3.2.0-48-generic-pae  3.2.0-48.74
  linux-image-3.2.0-48-highbank   3.2.0-48.74
  linux-image-3.2.0-48-omap       3.2.0-48.74
  linux-image-3.2.0-48-powerpc-smp  3.2.0-48.74
  linux-image-3.2.0-48-powerpc64-smp  3.2.0-48.74
  linux-image-3.2.0-48-virtual    3.2.0-48.74

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
  http://www.ubuntu.com/usn/usn-1878-1
  CVE-2013-0160, CVE-2013-2146, CVE-2013-3076, CVE-2013-3222,
  CVE-2013-3223, CVE-2013-3224, CVE-2013-3225, CVE-2013-3227,
  CVE-2013-3228, CVE-2013-3229, CVE-2013-3231, CVE-2013-3232,
  CVE-2013-3234, CVE-2013-3235

Package Information:
  https://launchpad.net/ubuntu/+source/linux/3.2.0-48.74




Spotlight

Using Hollywood to improve your security program

Posted on 29 July 2014.  |  Tripwire CTO Dwayne Melancon spends a lot of time on airplanes, and ends up watching a lot of movies. Some of his favorite movies are adventures, spy stuff, and cunning heist movies. A lot of these movies provide great lessons that we can apply to information security.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Jul 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //