Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1573-1)

Ubuntu Security Notice (C) 2012-2016 Canonical, Inc. / NASL script (C) 2012-2016 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

Ben Hutchings reported a flaw in the Linux kernel with some network
drivers that support TSO (TCP segment offload). A local or peer user
could exploit this flaw to to cause a denial of service.
(CVE-2012-3412)

Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel
implementation of RDS sockets. A local unprivileged user could
potentially use this flaw to read privileged information from the
kernel. (CVE-2012-3430)

A flaw was discovered in the madvise feature of the Linux kernel's
memory subsystem. An unprivileged local use could exploit the flaw to
cause a denial of service (crash the system). (CVE-2012-3511).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected linux-image-2.6.32-348-ec2 package.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 62200 ()

Bugtraq ID:

CVE ID: CVE-2012-3412
CVE-2012-3430
CVE-2012-3511