Ubuntu 12.04 LTS : linux-lts-quantal vulnerabilities (USN-1812-1)

Ubuntu Security Notice (C) 2013-2016 Canonical, Inc. / NASL script (C) 2013-2016 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

Mathias Krause discovered an information leak in the Linux kernel's
UDF file system implementation. A local user could exploit this flaw
to examine some of the kernel's heap memory. (CVE-2012-6548)

Mathias Krause discovered an information leak in the Linux kernel's
ISO 9660 CDROM file system driver. A local user could exploit this
flaw to examine some of the kernel's heap memory. (CVE-2012-6549)

An integer overflow was discovered in the Direct Rendering Manager
(DRM) subsystem for the i915 video driver in the Linux kernel. A local
user could exploit this flaw to cause a denial of service (crash) or
potentially escalate privileges. (CVE-2013-0913)

Andrew Honig discovered a flaw in guest OS time updates in the Linux
kernel's KVM (Kernel-based Virtual Machine). A privileged guest user
could exploit this flaw to cause a denial of service (crash host
system) or potentially escalate privilege to the host kernel level.
(CVE-2013-1796)

Andrew Honig discovered a use after free error in guest OS time
updates in the Linux kernel's KVM (Kernel-based Virtual Machine). A
privileged guest user could exploit this flaw to escalate privilege to
the host kernel level. (CVE-2013-1797)

Andrew Honig reported a flaw in the way KVM (Kernel-based Virtual
Machine) emulated the IOAPIC. A privileged guest user could exploit
this flaw to read host memory or cause a denial of service (crash the
host). (CVE-2013-1798)

A format-string bug was discovered in the Linux kernel's ext3
filesystem driver. A local user could exploit this flaw to possibly
escalate privileges on the system. (CVE-2013-1848)

A buffer overflow was discovered in the Linux Kernel's USB subsystem
for devices reporting the cdc-wdm class. A specially crafted USB
device when plugged-in could cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2013-1860)

An information leak in the Linux kernel's dcb netlink interface was
discovered. A local user could obtain sensitive information by
examining kernel stack memory. (CVE-2013-2634)

A kernel stack information leak was discovered in the RTNETLINK
component of the Linux kernel. A local user could read sensitive
information from the kernel stack. (CVE-2013-2635).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected linux-image-3.5.0-28-generic package.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)