Ubuntu 10.04 LTS : linux regression (USN-947-2)

Ubuntu Security Notice (C) 2010-2013 Canonical, Inc. / NASL script (C) 2010-2013 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related patches.

Description :

USN-947-1 fixed vulnerabilities in the Linux kernel. Fixes for
CVE-2010-0419 caused failures when using KVM in certain situations.
This update reverts that fix until a better solution can be found.

We apologize for the inconvenience.

It was discovered that the Linux kernel did not correctly handle
memory protection of the Virtual Dynamic Shared Object page when
running a 32-bit application on a 64-bit kernel. A local attacker
could exploit this to cause a denial of service. (Only affected Ubuntu
6.06 LTS.) (CVE-2009-4271)

It was discovered that the r8169 network driver did not
correctly check the size of Ethernet frames. A remote
attacker could send specially crafted traffic to crash the
system, leading to a denial of service. (CVE-2009-4537)

Wei Yongjun discovered that SCTP did not correctly validate
certain chunks. A remote attacker could send specially
crafted traffic to monopolize CPU resources, leading to a
denial of service. (Only affected Ubuntu 6.06 LTS.)
(CVE-2010-0008)

It was discovered that KVM did not correctly limit certain
privileged IO accesses on x86. Processes in the guest OS
with access to IO regions could gain further privileges
within the guest OS. (Did not affect Ubuntu 6.06 LTS.)
(CVE-2010-0298, CVE-2010-0306, CVE-2010-0419)

Evgeniy Polyakov discovered that IPv6 did not correctly
handle certain TUN packets. A remote attacker could exploit
this to crash the system, leading to a denial of service.
(Only affected Ubuntu 8.04 LTS.) (CVE-2010-0437)

Sachin Prabhu discovered that GFS2 did not correctly handle
certain locks. A local attacker with write access to a GFS2
filesystem could exploit this to crash the system, leading
to a denial of service. (CVE-2010-0727)

Jamie Strandboge discovered that network virtio in KVM did
not correctly handle certain high-traffic conditions. A
remote attacker could exploit this by sending specially
crafted traffic to a guest OS, causing the guest to crash,
leading to a denial of service. (Only affected Ubuntu 8.04
LTS.) (CVE-2010-0741)

Marcus Meissner discovered that the USB subsystem did not
correctly handle certain error conditions. A local attacker
with access to a USB device could exploit this to read
recently used kernel memory, leading to a loss of privacy
and potentially root privilege escalation. (CVE-2010-1083)

Neil Brown discovered that the Bluetooth subsystem did not
correctly handle large amounts of traffic. A physically
proximate remote attacker could exploit this by sending
specially crafted traffic that would consume all available
system memory, leading to a denial of service. (Ubuntu 6.06
LTS and 10.04 LTS were not affected.) (CVE-2010-1084)

Jody Bruchon discovered that the sound driver for the
AMD780V did not correctly handle certain conditions. A local
attacker with access to this hardward could exploit the flaw
to cause a system crash, leading to a denial of service.
(CVE-2010-1085)

Ang Way Chuang discovered that the DVB driver did not
correctly handle certain MPEG2-TS frames. An attacker could
exploit this by delivering specially crafted frames to
monopolize CPU resources, leading to a denial of service.
(Ubuntu 10.04 LTS was not affected.) (CVE-2010-1086)

Trond Myklebust discovered that NFS did not correctly handle
truncation under certain conditions. A local attacker with
write access to an NFS share could exploit this to crash the
system, leading to a denial of service. (Ubuntu 10.04 LTS
was not affected.) (CVE-2010-1087)

Al Viro discovered that automount of NFS did not correctly
handle symlinks under certain conditions. A local attacker
could exploit this to crash the system, leading to a denial
of service. (Ubuntu 6.06 LTS and Ubuntu 10.04 LTS were not
affected.) (CVE-2010-1088)

Matt McCutchen discovered that ReiserFS did not correctly
protect xattr files in the .reiserfs_priv directory. A local
attacker could exploit this to gain root privileges or crash
the system, leading to a denial of service. (CVE-2010-1146)

Eugene Teo discovered that CIFS did not correctly validate
arguments when creating new files. A local attacker could
exploit this to crash the system, leading to a denial of
service, or possibly gain root privileges if mmap_min_addr
was not set. (CVE-2010-1148)

Catalin Marinas and Tetsuo Handa discovered that the TTY
layer did not correctly release process IDs. A local
attacker could exploit this to consume kernel resources,
leading to a denial of service. (CVE-2010-1162)

Neil Horman discovered that TIPC did not correctly check its
internal state. A local attacker could send specially
crafted packets via AF_TIPC that would cause the system to
crash, leading to a denial of service. (Ubuntu 6.06 LTS was
not affected.) (CVE-2010-1187)

Masayuki Nakagawa discovered that IPv6 did not correctly
handle certain settings when listening. If a socket were
listening with the IPV6_RECVPKTINFO flag, a remote attacker
could send specially crafted traffic that would cause the
system to crash, leading to a denial of service. (Only
Ubuntu 6.06 LTS was affected.) (CVE-2010-1188)

Oleg Nesterov discovered that the Out-Of-Memory handler did
not correctly handle certain arrangements of processes. A
local attacker could exploit this to crash the system,
leading to a denial of service. (CVE-2010-1488).

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)