1. Ubuntu Security Notices
  2. USN-1189-1

USN-1189-1: Linux kernel vulnerabilities

Publication date

19 August 2011

Overview

Multiple kernel flaws were fixed.

Releases

Packages

Details

It was discovered that the /proc filesystem did not correctly handle
permission changes when programs executed. A local attacker could hold open
files to examine details about programs running with higher privileges,
potentially increasing the chances of exploiting additional
vulnerabilities. (CVE-2011-1020)

Vasiliy Kulikov discovered that the Bluetooth stack did not correctly clear
memory. A local attacker could exploit this to read kernel stack memory,
leading to a loss of privacy. (CVE-2011-1078)

Vasiliy Kulikov discovered that the Bluetooth stack did not correctly check
that device name strings were NULL terminated. A local attacker could
exploit this to crash the system, leading to a denial of service, or leak
contents of kernel stack memory, leading to a loss of privacy.
(CVE-2011-1079)

Vasiliy...

It was discovered that the /proc filesystem did not correctly handle
permission changes when programs executed. A local attacker could hold open
files to examine details about programs running with higher privileges,
potentially increasing the chances of exploiting additional
vulnerabilities. (CVE-2011-1020)

Vasiliy Kulikov discovered that the Bluetooth stack did not correctly clear
memory. A local attacker could exploit this to read kernel stack memory,
leading to a loss of privacy. (CVE-2011-1078)

Vasiliy Kulikov discovered that the Bluetooth stack did not correctly check
that device name strings were NULL terminated. A local attacker could
exploit this to crash the system, leading to a denial of service, or leak
contents of kernel stack memory, leading to a loss of privacy.
(CVE-2011-1079)

Vasiliy Kulikov discovered that bridge network filtering did not check that
name fields were NULL terminated. A local attacker could exploit this to
leak contents of kernel stack memory, leading to a loss of privacy.
(CVE-2011-1080)

Johan Hovold discovered that the DCCP network stack did not correctly
handle certain packet combinations. A remote attacker could send specially
crafted network traffic that would crash the system, leading to a denial of
service. (CVE-2011-1093)

Peter Huewe discovered that the TPM device did not correctly initialize
memory. A local attacker could exploit this to read kernel heap memory
contents, leading to a loss of privacy. (CVE-2011-1160)

Dan Rosenberg discovered that the IRDA subsystem did not correctly check
certain field sizes. If a system was using IRDA, a remote attacker could
send specially crafted traffic to crash the system or gain root privileges.
(CVE-2011-1180)

Dan Rosenberg discovered that the X.25 Rose network stack did not correctly
handle certain fields. If a system was running with Rose enabled, a remote
attacker could send specially crafted traffic to gain root privileges.
(CVE-2011-1493)

It was discovered that Bluetooth l2cap and rfcomm did not correctly
initialize structures. A local attacker could exploit this to read portions
of the kernel stack, leading to a loss of privacy. (CVE-2011-2492)

Dan Rosenberg discovered flaws in the linux Rose (X.25 PLP) layer used by
amateur radio. A local user or a remote user on an X.25 network could
exploit these flaws to execute arbitrary code as root. (CVE-2011-4913)

Ben Hutchings discovered several flaws in the Linux Rose (X.25 PLP) layer.
A local user or a remote user on an X.25 network could exploit these flaws
to execute arbitrary code as root. (CVE-2011-4914)

Update instructions

After a standard system update you need to reboot your computer to make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
8.04 hardy linux-image-2.6.24-29-sparc64 –  2.6.24-29.93
linux-image-2.6.24-29-rt –  2.6.24-29.93
linux-image-2.6.24-29-386 –  2.6.24-29.93
linux-image-2.6.24-29-itanium –  2.6.24-29.93
linux-image-2.6.24-29-hppa32 –  2.6.24-29.93
linux-image-2.6.24-29-openvz –  2.6.24-29.93
linux-image-2.6.24-29-generic –  2.6.24-29.93
linux-image-2.6.24-29-xen –  2.6.24-29.93
linux-image-2.6.24-29-powerpc –  2.6.24-29.93
linux-image-2.6.24-29-powerpc-smp –  2.6.24-29.93
linux-image-2.6.24-29-hppa64 –  2.6.24-29.93
linux-image-2.6.24-29-server –  2.6.24-29.93
linux-image-2.6.24-29-powerpc64-smp –  2.6.24-29.93
linux-image-2.6.24-29-lpia –  2.6.24-29.93
linux-image-2.6.24-29-virtual –  2.6.24-29.93
linux-image-2.6.24-29-mckinley –  2.6.24-29.93
linux-image-2.6.24-29-sparc64-smp –  2.6.24-29.93
linux-image-2.6.24-29-lpiacompat –  2.6.24-29.93

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›