Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1808-1)

Ubuntu Security Notice (C) 2013-2014 Canonical, Inc. / NASL script (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

Mathias Krause discovered an information leak in the Linux kernel's
getsockname implementation for Logical Link Layer (llc) sockets. A
local user could exploit this flaw to examine some of the kernel's
stack memory. (CVE-2012-6542)

Mathias Krause discovered information leaks in the Linux kernel's
Bluetooth Logical Link Control and Adaptation Protocol (L2CAP)
implementation. A local user could exploit these flaws to examine some
of the kernel's stack memory. (CVE-2012-6544)

Mathias Krause discovered information leaks in the Linux kernel's
Bluetooth RFCOMM protocol implementation. A local user could exploit
these flaws to examine parts of kernel memory. (CVE-2012-6545)

Mathias Krause discovered information leaks in the Linux kernel's
Asynchronous Transfer Mode (ATM) networking stack. A local user could
exploit these flaws to examine some parts of kernel memory.
(CVE-2012-6546)

Mathias Krause discovered an information leak in the Linux kernel's
UDF file system implementation. A local user could exploit this flaw
to examine some of the kernel's heap memory. (CVE-2012-6548)

Andrew Jones discovered a flaw with the xen_iret function in Linux
kernel's Xen virtualizeation. In the 32-bit Xen paravirt platform an
unprivileged guest OS user could exploit this flaw to cause a denial
of service (crash the system) or gain guest OS privilege.
(CVE-2013-0228)

An information leak was discovered in the Linux kernel's Bluetooth
stack when HIDP (Human Interface Device Protocol) support is enabled.
A local unprivileged user could exploit this flaw to cause an
information leak from the kernel. (CVE-2013-0349)

A flaw was discovered in the Edgeort USB serial converter driver when
the device is disconnected while it is in use. A local user could
exploit this flaw to cause a denial of service (system crash).
(CVE-2013-1774)

Andrew Honig discovered a flaw in guest OS time updates in the Linux
kernel's KVM (Kernel-based Virtual Machine). A privileged guest user
could exploit this flaw to cause a denial of service (crash host
system) or potential escalate privilege to the host kernel level.
(CVE-2013-1796).

Solution :

Update the affected linux-image-2.6.32-351-ec2 package.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:A/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:ND)
Public Exploit Available : false