Articles / Ubuntu: New Linux packages ...

Ubuntu: New Linux packages fix security vulnerabilities

Patrick Lenz @scoop 21 Feb 2012 07:53 0

Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service. A flaw was found in KVM’s Programmable Interval Timer (PIT). When a virtual interrupt control is not available a local user could use this to cause a denial of service by starting a timer. A flaw was discovered in the XFS filesystem. If a local user mounts a specially crafted XFS image it could potential execute arbitrary code on the system.

Chen Haogang discovered an integer overflow that could result in memory corruption. A local unprivileged user could use this to crash the system.

Updated packages are available from security.ubuntu.com.

==========================================================================
Ubuntu Security Notice USN-1361-1
February 13, 2012

linux vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 10.10

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux: Linux kernel

Details:

Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user
who can mount a FUSE file system could cause a denial of service.
(CVE-2011-3353)

A flaw was found in KVM's Programmable Interval Timer (PIT). When a virtual
interrupt control is not available a local user could use this to cause a
denial of service by starting a timer. (CVE-2011-4622)

A flaw was discovered in the XFS filesystem. If a local user mounts a
specially crafted XFS image it could potential execute arbitrary code on
the system. (CVE-2012-0038)

Chen Haogang discovered an integer overflow that could result in memory
corruption. A local unprivileged user could use this to crash the system.
(CVE-2012-0044)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.10:
 linux-image-2.6.35-32-generic   2.6.35-32.65
 linux-image-2.6.35-32-generic-pae  2.6.35-32.65
 linux-image-2.6.35-32-omap      2.6.35-32.65
 linux-image-2.6.35-32-powerpc   2.6.35-32.65
 linux-image-2.6.35-32-powerpc-smp  2.6.35-32.65
 linux-image-2.6.35-32-powerpc64-smp  2.6.35-32.65
 linux-image-2.6.35-32-server    2.6.35-32.65
 linux-image-2.6.35-32-versatile  2.6.35-32.65
 linux-image-2.6.35-32-virtual   2.6.35-32.65

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
 http://www.ubuntu.com/usn/usn-1361-1
 CVE-2011-3353, CVE-2011-4622, CVE-2012-0038, CVE-2012-0044

Package Information:
 https://launchpad.net/ubuntu/+source/linux/2.6.35-32.65

Related projects

Screenshot

Project Spotlight

Java Gearman Service

An application framework that farms work out to machines better suited to do the work.

Screenshot

Project Spotlight

GoogleSitesAnt

An Ant task for manipulating Google Sites pages.