Articles / Ubuntu: New Linux kernel pa...

Ubuntu: New Linux kernel packages fix security vulnerabilities

Patrick Lenz @scoop 28 Jan 2012 12:20 0

Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system.

Updated packages are available from security.ubuntu.com.

==========================================================================
Ubuntu Security Notice USN-1345-1
January 24, 2012

linux vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.04

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux: Linux kernel

Details:

Peter Huewe discovered an information leak in the handling of reading
security-related TPM data. A local, unprivileged user could read the
results of a previous TPM command. (CVE-2011-1162)

Clement Lecigne discovered a bug in the HFS filesystem. A local attacker
could exploit this to cause a kernel oops. (CVE-2011-2203)

A flaw was found in how the Linux kernel handles user-defined key types. An
unprivileged local user could exploit this to crash the system.
(CVE-2011-4110)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.04:
 linux-image-2.6.38-13-generic   2.6.38-13.54
 linux-image-2.6.38-13-generic-pae  2.6.38-13.54
 linux-image-2.6.38-13-omap      2.6.38-13.54
 linux-image-2.6.38-13-powerpc   2.6.38-13.54
 linux-image-2.6.38-13-powerpc-smp  2.6.38-13.54
 linux-image-2.6.38-13-powerpc64-smp  2.6.38-13.54
 linux-image-2.6.38-13-server    2.6.38-13.54
 linux-image-2.6.38-13-versatile  2.6.38-13.54
 linux-image-2.6.38-13-virtual   2.6.38-13.54

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
 http://www.ubuntu.com/usn/usn-1345-1
 CVE-2011-1162, CVE-2011-2203, CVE-2011-4110

Package Information:
 https://launchpad.net/ubuntu/+source/linux/2.6.38-13.54

Related projects

Screenshot

Project Spotlight

Java Gearman Service

An application framework that farms work out to machines better suited to do the work.

Screenshot

Project Spotlight

GoogleSitesAnt

An Ant task for manipulating Google Sites pages.